GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-06-27 08:02:20 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e Hitachi_HTS542516K9SA00 rev.BBCOC31P 149,05GB Running: gmer.exe; Driver: C:\TMP\pgtdapow.sys ---- System - GMER 2.1 ---- SSDT 85970C90 ZwAssignProcessToJobObject SSDT sptd.sys ZwCreateKey [0xF73D30D0] SSDT 85971200 ZwDebugActiveProcess SSDT 859712F0 ZwDuplicateObject SSDT sptd.sys ZwEnumerateKey [0xF73D8FB2] SSDT sptd.sys ZwEnumerateValueKey [0xF73D9340] SSDT sptd.sys ZwOpenKey [0xF73D30B0] SSDT 85970590 ZwOpenProcess SSDT 85970800 ZwOpenThread SSDT 85970FD0 ZwProtectVirtualMemory SSDT sptd.sys ZwQueryKey [0xF73D9418] SSDT sptd.sys ZwQueryValueKey [0xF73D9298] SSDT 859710E0 ZwQueueApcThread SSDT 85970EC0 ZwSetContextThread SSDT 85970D90 ZwSetInformationThread SSDT 8596DDA0 ZwSetSecurityObject SSDT sptd.sys ZwSetValueKey [0xF73D94AA] SSDT 85970B90 ZwSuspendProcess SSDT 85970A80 ZwSuspendThread SSDT 859706E0 ZwTerminateProcess SSDT 85970A50 ZwTerminateThread SSDT 859716D0 ZwWriteVirtualMemory INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys F510A16D INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys F5109FC2 ---- Kernel code sections - GMER 2.1 ---- ? C:\WINDOWS\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF64E9ABF] .text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xA9864400, 0x87EE2, 0xE8000020] .protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xA9908620] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xA9908620] .protect˙˙˙˙hardlockunknown last code section [0xA9908400, 0x5126, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xA9908400, 0x5126, 0xE0000020] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\hkcmd.exe[224] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 015D008D .text C:\WINDOWS\system32\hkcmd.exe[224] ws2_32.dll!connect 71A54A07 5 Bytes JMP 015D002D .text C:\WINDOWS\system32\hkcmd.exe[224] ws2_32.dll!getpeername 71A60B68 5 Bytes JMP 015D00BD .text C:\WINDOWS\system32\hkcmd.exe[224] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 015D005D .text C:\WINDOWS\system32\igfxpers.exe[264] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 0195008D .text C:\WINDOWS\system32\igfxpers.exe[264] ws2_32.dll!connect 71A54A07 5 Bytes JMP 0195002D .text C:\WINDOWS\system32\igfxpers.exe[264] ws2_32.dll!getpeername 71A60B68 5 Bytes JMP 019500BD .text C:\WINDOWS\system32\igfxpers.exe[264] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 0195005D .text C:\Program Files\ESET\ESET Smart Security\egui.exe[272] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 0133008D .text C:\Program Files\ESET\ESET Smart Security\egui.exe[272] ws2_32.dll!connect 71A54A07 5 Bytes JMP 0133002D .text C:\Program Files\ESET\ESET Smart Security\egui.exe[272] ws2_32.dll!getpeername 71A60B68 5 Bytes JMP 013300BD .text C:\Program Files\ESET\ESET Smart Security\egui.exe[272] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 0133005D .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[352] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 0176008D .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[352] ws2_32.dll!connect 71A54A07 5 Bytes JMP 0176002D .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[352] ws2_32.dll!getpeername 71A60B68 5 Bytes JMP 017600BD .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[352] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 0176005D .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[488] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 02AC008D .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[488] ws2_32.dll!connect 71A54A07 5 Bytes JMP 02AC002D .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[488] ws2_32.dll!getpeername 71A60B68 5 Bytes JMP 02AC00BD .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[488] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 02AC005D .text C:\Program Files\LClock\lclock.exe[600] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 00E7008D .text C:\Program Files\LClock\lclock.exe[600] ws2_32.dll!connect 71A54A07 5 Bytes JMP 00E7002D .text C:\Program Files\LClock\lclock.exe[600] ws2_32.dll!getpeername 71A60B68 5 Bytes JMP 00E700BD .text C:\Program Files\LClock\lclock.exe[600] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 00E7005D .text C:\Program Files\RocketDock\RocketDock.exe[656] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 01F3008D .text C:\Program Files\RocketDock\RocketDock.exe[656] ws2_32.dll!connect 71A54A07 5 Bytes JMP 01F3002D .text C:\Program Files\RocketDock\RocketDock.exe[656] ws2_32.dll!getpeername 71A60B68 5 Bytes JMP 01F300BD .text C:\Program Files\RocketDock\RocketDock.exe[656] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 01F3005D .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[700] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 0490008D .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[700] ws2_32.dll!connect 71A54A07 5 Bytes JMP 0490002D .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[700] ws2_32.dll!getpeername 71A60B68 5 Bytes JMP 049000BD .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[700] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 0490005D .text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[708] WS2_32.dll!getsockname 71A53D10 5 Bytes JMP 022C008D .text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[708] WS2_32.dll!connect 71A54A07 5 Bytes JMP 022C002D .text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[708] WS2_32.dll!getpeername 71A60B68 5 Bytes JMP 022C00BD .text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[708] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 022C005D .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[892] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 0149008D .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[892] ws2_32.dll!connect 71A54A07 5 Bytes JMP 0149002D .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[892] ws2_32.dll!getpeername 71A60B68 5 Bytes JMP 014900BD .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[892] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 0149005D .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 74, F8, 00] {SUB [EAX+EDI*8+0x0], DH} .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 77, F8, 00] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 74, F8, 00] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 75, F8, 00] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91CE8E .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 76, F8, 00] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 75, F8, 00] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 76, F8, 00] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91CEFF .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 74, F8, 00] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91D02D .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 75, F8, 00] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 76, F8, 00] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 77, F8, 00] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\TMP\Rar$EX83.944\gmer.exe[1364] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 00B8008D .text C:\TMP\Rar$EX83.944\gmer.exe[1364] ws2_32.dll!connect 71A54A07 5 Bytes JMP 00B8002D .text C:\TMP\Rar$EX83.944\gmer.exe[1364] ws2_32.dll!getpeername 71A60B68 5 Bytes JMP 00B800BD .text C:\TMP\Rar$EX83.944\gmer.exe[1364] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 00B8005D .text C:\WINDOWS\Explorer.EXE[1668] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 0342008D .text C:\WINDOWS\Explorer.EXE[1668] ws2_32.dll!connect 71A54A07 5 Bytes JMP 0342002D .text C:\WINDOWS\Explorer.EXE[1668] ws2_32.dll!getpeername 71A60B68 5 Bytes JMP 034200BD .text C:\WINDOWS\Explorer.EXE[1668] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 0342005D .text C:\WINDOWS\system32\wuauclt.exe[1696] WS2_32.dll!getsockname 71A53D10 5 Bytes JMP 01DA008D .text C:\WINDOWS\system32\wuauclt.exe[1696] WS2_32.dll!connect 71A54A07 5 Bytes JMP 01DA002D .text C:\WINDOWS\system32\wuauclt.exe[1696] WS2_32.dll!getpeername 71A60B68 5 Bytes JMP 01DA00BD .text C:\WINDOWS\system32\wuauclt.exe[1696] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 01DA005D .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1800] kernel32.dll!SetUnhandledExceptionFilter 7C844935 4 Bytes [C2, 04, 00, 00] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 50, 3C, 00] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 53, 3C, 00] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 50, 3C, 00] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 51, 3C, 00] {TEST AL, 0x51; CMP AL, 0x0} .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91126A .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 52, 3C, 00] {TEST AL, 0x52; CMP AL, 0x0} .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 51, 3C, 00] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 52, 3C, 00] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9112DB .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 50, 3C, 00] {TEST AL, 0x50; CMP AL, 0x0} .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B911409 .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 51, 3C, 00] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 52, 3C, 00] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 53, 3C, 00] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, D4, EC, 00] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, D7, EC, 00] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, D4, EC, 00] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, D5, EC, 00] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91C2EE .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, D6, EC, 00] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, D5, EC, 00] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, D6, EC, 00] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91C35F .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, D4, EC, 00] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91C48D .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, D5, EC, 00] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, D6, EC, 00] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, D7, EC, 00] .text C:\D & S\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 865641E8 AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys Device \FileSystem\Fastfat \FatCdrom 85893790 AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys Device \Driver\usbuhci \Device\USBPDO-0 8636D790 Device \Driver\usbuhci \Device\USBPDO-1 8636D790 Device \Driver\dmio \Device\DmControl\DmIoDaemon 865D11E8 Device \Driver\dmio \Device\DmControl\DmConfig 865D11E8 Device \Driver\dmio \Device\DmControl\DmPnP 865D11E8 Device \Driver\dmio \Device\DmControl\DmInfo 865D11E8 Device \Driver\usbehci \Device\USBPDO-2 863481E8 Device \Driver\usbehci \Device\USBPDO-3 863481E8 Device \Driver\usbuhci \Device\USBPDO-4 8636D790 AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys Device \Driver\usbuhci \Device\USBPDO-5 8636D790 Device \Driver\usbuhci \Device\USBPDO-6 8636D790 Device \Driver\Ftdisk \Device\HarddiskVolume1 865661E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 865661E8 Device \Driver\Cdrom \Device\CdRom0 8624C1E8 Device \Driver\Ftdisk \Device\HarddiskVolume3 865661E8 Device \Driver\atapi \Device\Ide\IdePort0 [F7308B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7308B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F7308B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [F7308B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [F7308B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e [F7308B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBt_Wins_Export 8603D790 Device \Driver\NetBT \Device\NetbiosSmb 8603D790 AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys Device \Driver\usbuhci \Device\USBFDO-0 8636D790 Device \Driver\usbuhci \Device\USBFDO-1 8636D790 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 861035F8 Device \Driver\usbehci \Device\USBFDO-2 863481E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{ED9B0741-405E-412D-9BC5-EF63B01DF70B} 8603D790 Device \FileSystem\MRxSmb \Device\LanmanRedirector 861035F8 Device \Driver\usbuhci \Device\USBFDO-3 8636D790 Device \Driver\NetBT \Device\NetBT_Tcpip_{583CFE39-1DB1-4209-942F-1A7854301783} 8603D790 Device \Driver\usbuhci \Device\USBFDO-4 8636D790 Device \Driver\Ftdisk \Device\FtControl 865661E8 Device \Driver\usbuhci \Device\USBFDO-5 8636D790 Device \Driver\usbehci \Device\USBFDO-6 863481E8 Device \FileSystem\Fastfat \Fat 85893790 AttachedDevice \FileSystem\Fastfat \Fat eamon.sys Device \FileSystem\Cdfs \Cdfs 860895E8 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x865868ac]<< 865868ac Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864efab8] 864efab8 Trace 3 CLASSPNP.SYS[f761dfd7] -> nt!IofCallDriver -> \Device\00000084[0x864b5030] 864b5030 Trace 5 ACPI.sys[f7391620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8644c4d0] 8644c4d0 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\ ---- EOF - GMER 2.1 ----