GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-12-11 16:22:40 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKS-07V0A0 rev.05.01D05 Running: o1b8qm2n.exe; Driver: C:\Users\3117\AppData\Local\Temp\awlcqaod.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E5A3C9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E93D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ? System32\drivers\vyibbpq.sys System nie może odnaleźć określonej ścieżki. ! ---- User code sections - GMER 1.0.15 ---- ? C:\Windows\system32\services.exe[516] C:\Windows\system32\smss.exe image checksum mismatch; time/date stamp mismatch; unknown module: mswsock.dllunknown module: MSWSOCK.dll ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFreeHeap] 51EC8B55 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFreeUnicodeString] 8B565351 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!DbgPrintEx] FF560875 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUpcaseUnicodeChar] 6851A415 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtClose] 85D88B00 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetInformationFile] C2840FDB IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenFile] 57000000 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryInformationFile] [0068406A] C:\Windows\system32\smss.exe (Menedżer sesji systemu Windows/Microsoft Corporation) IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCompareUnicodeString] FF000010 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAppendUnicodeStringToString] 006A5073 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAllocateHeap] 506415FF IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnicodeStringToInteger] F88B0068 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreatePagingFile] 85FC7D89 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!_alldiv] 9E840FFF IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQuerySystemInformation] 8B000000 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!_allmul] A4F3544B IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtFlushKey] 1443B70F IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDeleteValueKey] 0653B70F IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetValueKey] 1818448D IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateKey] 8B0CC083 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCompareMemory] 08758B08 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDeviceIoControlFile] 03FC7D8B IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitUnicodeStringEx] 8BF903F1 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlExtendedIntegerMultiply] C083FC48 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryVolumeInformationFile] A4F34A28 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryInformationProcess] 758BE975 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAppendUnicodeToString] 9C3D8BFC IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitUnicodeString] 2B006851 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetSystemInformation] 458D0875 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDosPathNameToNtPathName_U] 056A50F8 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlExpandEnvironmentStrings_U] 75FF016A IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryValueKey] 85D7FFFC IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateFile] EB2574C0 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenKey] 04488B1D IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!_vsnwprintf] 56F84D29 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!EtwEventWrite] 8B08508D IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!EtwEventEnabled] FC450300 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetSecurityObject] 52F8C183 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetOwnerSecurityDescriptor] 5051E9D1 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetDaclSecurityDescriptor] 519815FF IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAddAccessAllowedAce] 7D830068 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateAcl] DD7500F8 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateSecurityDescriptor] 50F8458D IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAllocateAndInitializeSid] 016A016A IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateUnicodeString] FFFC75FF IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtReadFile] 74C085D7 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!_chkstk] 0C488D20 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtMakeTemporaryObject] C085018B IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateSymbolicLinkObject] F18B1774 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenDirectoryObject] 03FC4D8B IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAnsiStringToUnicodeString] 15FF50C1 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitAnsiString] [0068506C] C:\Windows\system32\smss.exe (Menedżer sesji systemu Windows/Microsoft Corporation) IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!_stricmp] 8B14C683 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!qsort] 75C08506 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlRandomEx] FC458BEB IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!LdrVerifyImageMatchesChecksumEx] C95B5E5F IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateDirectoryObject] 560004C2 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlEqualUnicodeString] 8210BF57 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!memcpy] 8B570068 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!_wcsicmp] 6815FFF1 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetEnvironmentVariable] 6A006850 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!iswspace] 3C83580F IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlQueryEnvironmentVariable_U] 68822885 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFindSetBits] 09740000 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInterlockedSetBitRun] 8548C88B IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlTestBit] EBEF75C9 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnlockBootStatusData] 85348907 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlGetSetBootStatusData] [00688228] C:\Windows\system32\smss.exe (Menedżer sesji systemu Windows/Microsoft Corporation) IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlLockBootStatusData] 6015FF57 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetSaclSecurityDescriptor] 5F006850 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAddMandatoryAce] 5756C35E IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlLengthSid] 688210BF IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlGetAce] F18B5700 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlPrefixUnicodeString] 506815FF IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQuerySymbolicLinkObject] 0F6A0068 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenSymbolicLinkObject] 85343958 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryDirectoryObject] [00688228] C:\Windows\system32\smss.exe (Menedżer sesji systemu Windows/Microsoft Corporation) IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlTimeToTimeFields] C88B0974 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSerializeBoot] [75C98548] C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!memset] 8308EBF0 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtMapViewOfSection] 82288524 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateSection] 57000068 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlQueryRegistryValues] 506015FF IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDosSearchPath_U] 5E5F0068 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtResumeThread] 800068C3 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtWaitForSingleObject] 006A0000 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtTerminateProcess] 5C15FF51 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDestroyProcessParameters] 50006850 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateUserProcess] 519415FF IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateProcessParametersEx] 55C30068 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDisplayString] 5351EC8B IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtWriteFile] 35FF5756 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!_wcsupr] [00688268] C:\Windows\system32\smss.exe (Menedżer sesji systemu Windows/Microsoft Corporation) IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAdjustPrivilege] 519015FF IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtInitializeRegistry] 8D590068 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!TpReleaseWork] E8400044 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!TpPostWork] 000031BC IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!TpAllocWork] 75FFFC8B IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetEvent] FC7D8908 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetCurrentEnvironment] 826835FF IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateEnvironment] 60680068 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenEvent] 57006868 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetBits] 518C15FF IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlClearAllBits] DB330068 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitializeBitMap] 3910C483 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcCreatePort] 6E7D085D IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetInformationProcess] FFF63357 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateTagHeap] 68505815 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlReleaseSRWLockExclusive] 85F88B00 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAcquireSRWLockExclusive] 8D3774FF IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetInformationThread] 6A500845 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryInformationToken] FF575602 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenThreadToken] 68518815 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcImpersonateClientOfPort] 7CC08500 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlReleaseSRWLockShared] FF556A25 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAcquireSRWLockShared] 15FFFC75 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!TpSetPoolMinThreads] [00685184] C:\Windows\system32\smss.exe (Menedżer sesji systemu Windows/Microsoft Corporation) IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcDisconnectPort] C9335959 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitializeSRWLock] 08896657 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtConnectPort] FFFE1FE8 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!AlpcGetMessageAttribute] 85D88BFF IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcAcceptConnectPort] 8B0774DB IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcOpenSenderProcess] F72B0875 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcCancelMessage] FF57F303 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcSendWaitReceivePort] 68505415 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!AlpcInitializeMessageAttribute] [74F68500] C:\Windows\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetThreadIsCritical] FC4D8B53 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtRequestWaitReplyPort] 688100BA IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDuplicateObject] 85D6FF00 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateEvent] 684575C0 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlWakeConditionVariable] 00008000 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlClearBits] 15FF5350 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDeleteNoSplay] [0068505C] C:\Windows\system32\smss.exe (Menedżer sesji systemu Windows/Microsoft Corporation) IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtClearEvent] 5D3936EB IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSleepConditionVariableSRW] BB31740C IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlWakeAllConditionVariable] [00688210] C:\Windows\system32\smss.exe (Menedżer sesji systemu Windows/Microsoft Corporation) IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFindClearBits] 6815FF53 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFreeSid] BE006850 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtRaiseHardError] [00688264] C:\Windows\system32\smss.exe (Menedżer sesji systemu Windows/Microsoft Corporation) IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtWaitForMultipleObjects] C085068B IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!TpAllocAlpcCompletion] 4D8B0774 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!TpAllocPool] FFD78B08 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetProcessIsCritical] 83C68BD0 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!EtwEventRegister] 283D04EE IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetHeapInformation] 75006882 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitializeConditionVariable] 15FF53E7 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDelayExecution] [00685060] C:\Windows\system32\smss.exe (Menedżer sesji systemu Windows/Microsoft Corporation) IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnicodeStringToAnsiString] 5FF0658D IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryEvent] C2C95B5E IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlReleasePrivilege] 8B550008 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAcquirePrivilege] B8EC81EC IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!LdrQueryImageFileExecutionOptions] 53000008 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!wcstoul] 0B6A5756 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!_wcsnicmp] 6894BE59 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnhandledExceptionFilter] BD8D0068 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnwind] FFFFFF4C IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlNormalizeProcessParams] 526AA5F3 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlConnectToSm] 858DFF33 IAT C:\Windows\system32\services.exe[516] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSendMsgToSm] FFFFFF78 IAT C:\Program Files\ArcaBit\ArcaUpdate\update.exe[1684] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7569FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\ArcaBit\ArcaUpdate\update.exe[1684] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7569FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\ArcaBit\ArcaUpdate\update.exe[1684] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7569FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\ArcaBit\ArcaUpdate\update.exe[1684] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7569FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\ArcaBit\ArcaUpdate\update.exe[1684] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7569FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000048 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp ABTDI.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3956667040-3668985409-2283611985-1000@RefCount 7 ---- Files - GMER 1.0.15 ---- File C:\Users\3117\AppData\Local\Opera\Opera\vps\0001\adoc.bx-j 0 bytes File C:\Users\3117\AppData\Local\Opera\Opera\vps\0001\md.dat-j 0 bytes File C:\Users\3117\AppData\Local\Opera\Opera\vps\0001\url.axx-j 0 bytes File C:\Users\3117\AppData\Local\Opera\Opera\vps\0001\w.axx-j 0 bytes File C:\Users\3117\AppData\Local\Opera\Opera\vps\0001\wb.vx-j 0 bytes ---- EOF - GMER 1.0.15 ----