GMER 1.0.15.15640 - http://www.gmer.net Rootkit scan 2011-06-01 19:24:26 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\iaStor0 ST925031 rev.0001 Running: 4vexblvn.exe; Driver: C:\Users\Kaja\AppData\Local\Temp\aftcaaog.sys ---- System - GMER 1.0.15 ---- Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x92B8152A] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x92B8134E] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x92B81488] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ZwSaveKeyEx + 13B1 8307B8A9 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8309B2F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} PAGE ntoskrnl.exe!ZwLoadDriver 831E7126 7 Bytes JMP 92B8148C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntoskrnl.exe!ObMakeTemporaryObject 83227E01 5 Bytes JMP 92B7D4E6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntoskrnl.exe!RtlCompareUnicodeStrings + 50C 8324F52A 5 Bytes JMP 92B7EA04 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntoskrnl.exe!NtCreateSection 832992A9 7 Bytes JMP 92B81352 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntoskrnl.exe!ZwCreateProcessEx 83317C3C 7 Bytes JMP 92B8152E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ? System32\Drivers\spoq.sys System nie może odnaleźć określonej ścieżki. ! ? system32\drivers\pavboot.sys System nie może odnaleźć określonej ścieżki. ! .text USBPORT.SYS!DllUnload 94240D18 5 Bytes JMP 870591D8 ---- User code sections - GMER 1.0.15 ---- .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtCreateFile + 6 76F64876 4 Bytes [28, 00, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtCreateFile + B 76F6487B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtMapViewOfSection + 6 76F64ED6 1 Byte [28] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtMapViewOfSection + 6 76F64ED6 4 Bytes [28, 03, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtMapViewOfSection + B 76F64EDB 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenFile + 6 76F64F86 4 Bytes [68, 00, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenFile + B 76F64F8B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenProcess + 6 76F65036 4 Bytes [A8, 01, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenProcess + B 76F6503B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenProcessToken + 6 76F65046 4 Bytes CALL 75F6574C C:\windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenProcessToken + B 76F6504B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenProcessTokenEx + 6 76F65056 4 Bytes [A8, 02, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenProcessTokenEx + B 76F6505B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenThread + 6 76F650B6 4 Bytes [68, 01, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenThread + B 76F650BB 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenThreadToken + 6 76F650C6 4 Bytes [68, 02, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenThreadToken + B 76F650CB 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenThreadTokenEx + 6 76F650D6 4 Bytes CALL 75F657DD C:\windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenThreadTokenEx + B 76F650DB 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtQueryAttributesFile + 6 76F651E6 4 Bytes [A8, 00, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtQueryAttributesFile + B 76F651EB 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtQueryFullAttributesFile + 6 76F65296 4 Bytes CALL 75F6599B C:\windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtQueryFullAttributesFile + B 76F6529B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtSetInformationFile + 6 76F658E6 4 Bytes [28, 01, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtSetInformationFile + B 76F658EB 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtSetInformationThread + 6 76F65946 4 Bytes [28, 02, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtSetInformationThread + B 76F6594B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtUnmapViewOfSection + 6 76F65C66 1 Byte [68] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtUnmapViewOfSection + 6 76F65C66 4 Bytes [68, 03, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtUnmapViewOfSection + B 76F65C6B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtCreateFile + 6 76F64876 4 Bytes [28, 00, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtCreateFile + B 76F6487B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtMapViewOfSection + 6 76F64ED6 1 Byte [28] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtMapViewOfSection + 6 76F64ED6 4 Bytes [28, 03, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtMapViewOfSection + B 76F64EDB 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenFile + 6 76F64F86 4 Bytes [68, 00, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenFile + B 76F64F8B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenProcess + 6 76F65036 4 Bytes [A8, 01, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenProcess + B 76F6503B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenProcessToken + 6 76F65046 4 Bytes CALL 75F6574C C:\windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenProcessToken + B 76F6504B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenProcessTokenEx + 6 76F65056 4 Bytes [A8, 02, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenProcessTokenEx + B 76F6505B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenThread + 6 76F650B6 4 Bytes [68, 01, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenThread + B 76F650BB 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenThreadToken + 6 76F650C6 4 Bytes [68, 02, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenThreadToken + B 76F650CB 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenThreadTokenEx + 6 76F650D6 4 Bytes CALL 75F657DD C:\windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenThreadTokenEx + B 76F650DB 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtQueryAttributesFile + 6 76F651E6 4 Bytes [A8, 00, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtQueryAttributesFile + B 76F651EB 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtQueryFullAttributesFile + 6 76F65296 4 Bytes CALL 75F6599B C:\windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtQueryFullAttributesFile + B 76F6529B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtSetInformationFile + 6 76F658E6 4 Bytes [28, 01, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtSetInformationFile + B 76F658EB 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtSetInformationThread + 6 76F65946 4 Bytes [28, 02, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtSetInformationThread + B 76F6594B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtUnmapViewOfSection + 6 76F65C66 1 Byte [68] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtUnmapViewOfSection + 6 76F65C66 4 Bytes [68, 03, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtUnmapViewOfSection + B 76F65C6B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtCreateFile + 6 76F64876 4 Bytes [28, 00, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtCreateFile + B 76F6487B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtMapViewOfSection + 6 76F64ED6 1 Byte [28] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtMapViewOfSection + 6 76F64ED6 4 Bytes [28, 03, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtMapViewOfSection + B 76F64EDB 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenFile + 6 76F64F86 4 Bytes [68, 00, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenFile + B 76F64F8B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenProcess + 6 76F65036 4 Bytes [A8, 01, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenProcess + B 76F6503B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenProcessToken + 6 76F65046 4 Bytes CALL 75F6574C C:\windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenProcessToken + B 76F6504B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenProcessTokenEx + 6 76F65056 4 Bytes [A8, 02, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenProcessTokenEx + B 76F6505B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenThread + 6 76F650B6 4 Bytes [68, 01, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenThread + B 76F650BB 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenThreadToken + 6 76F650C6 4 Bytes [68, 02, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenThreadToken + B 76F650CB 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenThreadTokenEx + 6 76F650D6 4 Bytes CALL 75F657DD C:\windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenThreadTokenEx + B 76F650DB 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtQueryAttributesFile + 6 76F651E6 4 Bytes [A8, 00, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtQueryAttributesFile + B 76F651EB 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtQueryFullAttributesFile + 6 76F65296 4 Bytes CALL 75F6599B C:\windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtQueryFullAttributesFile + B 76F6529B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtSetInformationFile + 6 76F658E6 4 Bytes [28, 01, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtSetInformationFile + B 76F658EB 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtSetInformationThread + 6 76F65946 4 Bytes [28, 02, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtSetInformationThread + B 76F6594B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtUnmapViewOfSection + 6 76F65C66 1 Byte [68] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtUnmapViewOfSection + 6 76F65C66 4 Bytes [68, 03, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtUnmapViewOfSection + B 76F65C6B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtCreateFile + 6 76F64876 4 Bytes [28, 00, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtCreateFile + B 76F6487B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtMapViewOfSection + 6 76F64ED6 1 Byte [28] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtMapViewOfSection + 6 76F64ED6 4 Bytes [28, 03, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtMapViewOfSection + B 76F64EDB 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtOpenFile + 6 76F64F86 4 Bytes [68, 00, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtOpenFile + B 76F64F8B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtOpenProcess + 6 76F65036 4 Bytes [A8, 01, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtOpenProcess + B 76F6503B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtOpenProcessToken + 6 76F65046 4 Bytes CALL 75F6574C C:\windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtOpenProcessToken + B 76F6504B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtOpenProcessTokenEx + 6 76F65056 4 Bytes [A8, 02, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtOpenProcessTokenEx + B 76F6505B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtOpenThread + 6 76F650B6 4 Bytes [68, 01, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtOpenThread + B 76F650BB 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtOpenThreadToken + 6 76F650C6 4 Bytes [68, 02, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtOpenThreadToken + B 76F650CB 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtOpenThreadTokenEx + 6 76F650D6 4 Bytes CALL 75F657DD C:\windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtOpenThreadTokenEx + B 76F650DB 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtQueryAttributesFile + 6 76F651E6 4 Bytes [A8, 00, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtQueryAttributesFile + B 76F651EB 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtQueryFullAttributesFile + 6 76F65296 4 Bytes CALL 75F6599B C:\windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtQueryFullAttributesFile + B 76F6529B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtSetInformationFile + 6 76F658E6 4 Bytes [28, 01, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtSetInformationFile + B 76F658EB 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtSetInformationThread + 6 76F65946 4 Bytes [28, 02, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtSetInformationThread + B 76F6594B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtUnmapViewOfSection + 6 76F65C66 1 Byte [68] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtUnmapViewOfSection + 6 76F65C66 4 Bytes [68, 03, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtUnmapViewOfSection + B 76F65C6B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtCreateFile + 6 76F64876 4 Bytes [28, 00, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtCreateFile + B 76F6487B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtMapViewOfSection + 6 76F64ED6 1 Byte [28] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtMapViewOfSection + 6 76F64ED6 4 Bytes [28, 03, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtMapViewOfSection + B 76F64EDB 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenFile + 6 76F64F86 4 Bytes [68, 00, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenFile + B 76F64F8B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenProcess + 6 76F65036 4 Bytes [A8, 01, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenProcess + B 76F6503B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenProcessToken + 6 76F65046 4 Bytes CALL 75F6574C C:\windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenProcessToken + B 76F6504B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenProcessTokenEx + 6 76F65056 4 Bytes [A8, 02, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenProcessTokenEx + B 76F6505B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenThread + 6 76F650B6 4 Bytes [68, 01, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenThread + B 76F650BB 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenThreadToken + 6 76F650C6 4 Bytes [68, 02, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenThreadToken + B 76F650CB 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenThreadTokenEx + 6 76F650D6 4 Bytes CALL 75F657DD C:\windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenThreadTokenEx + B 76F650DB 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtQueryAttributesFile + 6 76F651E6 4 Bytes [A8, 00, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtQueryAttributesFile + B 76F651EB 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtQueryFullAttributesFile + 6 76F65296 4 Bytes CALL 75F6599B C:\windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtQueryFullAttributesFile + B 76F6529B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtSetInformationFile + 6 76F658E6 4 Bytes [28, 01, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtSetInformationFile + B 76F658EB 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtSetInformationThread + 6 76F65946 4 Bytes [28, 02, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtSetInformationThread + B 76F6594B 1 Byte [E2] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtUnmapViewOfSection + 6 76F65C66 1 Byte [68] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtUnmapViewOfSection + 6 76F65C66 4 Bytes [68, 03, 07, 00] .text C:\Users\Kaja\AppData\Local\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtUnmapViewOfSection + B 76F65C6B 1 Byte [E2] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\pci.sys[ntoskrnl.exe!IoDetachDevice] [8BA44DDC] \SystemRoot\System32\Drivers\spoq.sys IAT \SystemRoot\system32\DRIVERS\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [8BA44E30] \SystemRoot\System32\Drivers\spoq.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8BA1A042] \SystemRoot\System32\Drivers\spoq.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8BA1A6D6] \SystemRoot\System32\Drivers\spoq.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8BA1A800] \SystemRoot\System32\Drivers\spoq.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8BA1A13E] \SystemRoot\System32\Drivers\spoq.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\windows\Explorer.EXE[2912] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73B22494] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2912] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73B05624] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2912] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73B056E2] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2912] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree] [73B2250F] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2912] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73B18573] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2912] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73B14D27] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2912] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73B150CE] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2912] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73B151A3] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2912] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73B166D0] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2912] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73B182CA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2912] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73B18819] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2912] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73B1907A] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2912] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73B1E21D] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2912] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73B14C59] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\system32\rundll32.exe[5800] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74FC5E25] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\system32\rundll32.exe[5800] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74FC5E25] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\system32\rundll32.exe[5800] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74FC5E25] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\system32\rundll32.exe[5800] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74FC5E25] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\system32\rundll32.exe[5800] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74FC5E25] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\system32\rundll32.exe[5800] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74FC5E25] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software) Device \FileSystem\Ntfs \Ntfs 856211F8 Device \FileSystem\fastfat \FatCdrom 85F271F8 AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) Device \Driver\volmgr \Device\VolMgrControl 8561B1F8 Device \Driver\usbuhci \Device\USBPDO-0 8707A1F8 Device \Driver\usbuhci \Device\USBPDO-1 8707A1F8 Device \Driver\usbuhci \Device\USBPDO-2 8707A1F8 Device \Driver\usbehci \Device\USBPDO-3 87041500 Device \Driver\usbuhci \Device\USBPDO-4 8707A1F8 AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\usbuhci \Device\USBPDO-5 8707A1F8 Device \Driver\usbuhci \Device\USBPDO-6 8707A1F8 Device \Driver\volmgr \Device\HarddiskVolume1 8561B1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\usbehci \Device\USBPDO-7 87041500 Device \Driver\ACPI_HAL \Device\00000058 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume2 8561B1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom0 86EA71F8 Device \Driver\volmgr \Device\HarddiskVolume3 8561B1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\iaStor \Device\Ide\iaStor0 [8BCB8360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8BCB8360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [8BCB8360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\volmgr \Device\HarddiskVolume4 8561B1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\NetBT \Device\NetBt_Wins_Export 86F621F8 AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\usbuhci \Device\USBFDO-0 8707A1F8 Device \Driver\usbuhci \Device\USBFDO-1 8707A1F8 Device \Driver\usbuhci \Device\USBFDO-2 8707A1F8 Device \Driver\usbehci \Device\USBFDO-3 87041500 Device \Driver\usbuhci \Device\USBFDO-4 8707A1F8 Device \Driver\usbuhci \Device\USBFDO-5 8707A1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{372A2E5D-97FA-4135-A5E3-1A86F3FED572} 86F621F8 Device \Driver\usbuhci \Device\USBFDO-6 8707A1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{FE5938E0-6721-468A-BA23-E869E183A1FF} 86F621F8 Device \Driver\usbehci \Device\USBFDO-7 87041500 Device \FileSystem\fastfat \Fat 85F271F8 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x93 0xC2 0x1E 0x5A ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF7 0x52 0x99 0xFA ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x68 0x98 0xE6 0x25 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x93 0xC2 0x1E 0x5A ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF7 0x52 0x99 0xFA ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x68 0x98 0xE6 0x25 ... ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 MBR read error Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0 ---- EOF - GMER 1.0.15 ----