GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-07-27 07:07:10 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0000 298,09GB Running: e2kchsjh.exe; Driver: C:\Users\DANUSI~1\AppData\Local\Temp\pxldapow.sys ---- System - GMER 2.1 ---- SSDT 8EF7CD70 ZwAlertResumeThread SSDT 8EF7CE08 ZwAlertThread SSDT 8EFE3678 ZwAllocateVirtualMemory SSDT 8EBDE090 ZwAlpcConnectPort SSDT 8EF7C7E8 ZwAssignProcessToJobObject SSDT 8EF7CB98 ZwCreateMutant SSDT 8EF7C5E0 ZwCreateSymbolicLinkObject SSDT 8EFE39D0 ZwCreateThread SSDT 8EF7C880 ZwDebugActiveProcess SSDT 8EFE37B8 ZwDuplicateObject SSDT 8EFE3508 ZwFreeVirtualMemory SSDT 8EF7CC40 ZwImpersonateAnonymousToken SSDT 8EF7CCD8 ZwImpersonateThread SSDT 8EB3DE50 ZwLoadDriver SSDT 8EFE3450 ZwMapViewOfSection SSDT 8EF7CB00 ZwOpenEvent SSDT 8EFE3908 ZwOpenProcess SSDT 8EFE3720 ZwOpenProcessToken SSDT 8EF7C9D0 ZwOpenSection SSDT 8EFE3860 ZwOpenThread SSDT 8EF7C740 ZwProtectVirtualMemory SSDT 8EF7C538 ZwQueueApcThread SSDT 8EF7C490 ZwReadVirtualMemory SSDT 8EF7CEA0 ZwResumeThread SSDT 8EFE3278 ZwSetContextThread SSDT 8EFE3310 ZwSetInformationProcess SSDT 8EF7C918 ZwSetSystemInformation SSDT 8EF7CA68 ZwSuspendProcess SSDT 8EF7CF38 ZwSuspendThread SSDT 8EF7A268 ZwTerminateProcess SSDT 8EF7CFD0 ZwTerminateThread SSDT 8EFE33B8 ZwUnmapViewOfSection SSDT 8EFE35B0 ZwWriteVirtualMemory SSDT 8EF7C688 ZwCreateThreadEx ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!KeInsertQueue + 30D 87C87814 8 Bytes [70, CD, F7, 8E, 08, CE, F7, ...] .text ntoskrnl.exe!KeInsertQueue + 321 87C87828 4 Bytes [78, 36, FE, 8E] .text ntoskrnl.exe!KeInsertQueue + 32D 87C87834 4 Bytes [90, E0, BD, 8E] .text ntoskrnl.exe!KeInsertQueue + 381 87C87888 4 Bytes [E8, C7, F7, 8E] .text ntoskrnl.exe!KeInsertQueue + 3E5 87C878EC 4 Bytes [98, CB, F7, 8E] .text ... .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x95402320, 0x3EEB57, 0xE8000020] .text C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl section is writeable [0xAA4F9000, 0x2892, 0xE8000020] .vmp2 C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl entry point in ".vmp2" section [0xAA51C050] ? C:\Users\DANUSI~1\AppData\Local\Temp\cpuz136\cpuz136_x32.sys Nazwa pliku, nazwa katalogu lub składnia etykiety woluminu jest niepoprawna. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[828] ntdll.dll!RtlExitUserThread 778C1C5F 5 Bytes JMP 6E66F258 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[828] kernel32.dll!TerminateThread 77A344DB 5 Bytes JMP 6E66F271 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[828] kernel32.dll!CreateThread 77A3CBEE 5 Bytes JMP 6E4D743B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[828] ole32.dll!OleLoadFromStream 76EB1E78 5 Bytes JMP 6E66F434 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[828] USER32.dll!SetWindowsHookExW 772E87AD 5 Bytes JMP 6E5128A8 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[828] USER32.dll!CallNextHookEx 772E8E3B 5 Bytes JMP 6E537C0F C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[828] USER32.dll!UnhookWindowsHookEx 772E98DB 5 Bytes JMP 6E55E170 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[828] USER32.dll!EnableWindow 772ECD8B 5 Bytes JMP 6E51A1CC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[828] USER32.dll!DefWindowProcA 772EDB88 7 Bytes JMP 6E4D966D C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[828] USER32.dll!CreateWindowExA 772EDC2A 5 Bytes JMP 6E4E3483 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[828] USER32.dll!CreateWindowExW 772F1305 5 Bytes JMP 6E53FF9B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[828] USER32.dll!DefWindowProcW 773003B4 7 Bytes JMP 6E537C72 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[828] USER32.dll!DialogBoxParamW 773110B0 5 Bytes JMP 6E471883 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[828] USER32.dll!DialogBoxIndirectParamW 77312EF5 5 Bytes JMP 6E66EC0A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[828] USER32.dll!DialogBoxParamA 77328152 5 Bytes JMP 6E66EBA5 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[828] USER32.dll!DialogBoxIndirectParamA 7732847D 5 Bytes JMP 6E66EC6F C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[828] USER32.dll!MessageBoxIndirectA 7733D4D9 5 Bytes JMP 6E66EB2C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[828] USER32.dll!MessageBoxIndirectW 7733D5D3 5 Bytes JMP 6E66EAB3 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[828] USER32.dll!MessageBoxExA 7733D639 5 Bytes JMP 6E66EA4F C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[828] USER32.dll!MessageBoxExW 7733D65D 5 Bytes JMP 6E66E9EB C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1356] USER32.dll!EnableWindow 772ECD8B 5 Bytes JMP 6E51A1CC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1356] USER32.dll!DialogBoxParamW 773110B0 5 Bytes JMP 6E471883 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1356] USER32.dll!DialogBoxIndirectParamW 77312EF5 5 Bytes JMP 6E66EC0A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1356] USER32.dll!DialogBoxParamA 77328152 5 Bytes JMP 6E66EBA5 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1356] USER32.dll!DialogBoxIndirectParamA 7732847D 5 Bytes JMP 6E66EC6F C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1356] USER32.dll!MessageBoxIndirectA 7733D4D9 5 Bytes JMP 6E66EB2C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1356] USER32.dll!MessageBoxIndirectW 7733D5D3 5 Bytes JMP 6E66EAB3 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1356] USER32.dll!MessageBoxExA 7733D639 5 Bytes JMP 6E66EA4F C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1356] USER32.dll!MessageBoxExW 7733D65D 5 Bytes JMP 6E66E9EB C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1744] ntdll.dll!RtlExitUserThread 778C1C5F 5 Bytes JMP 6E66F258 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1744] kernel32.dll!TerminateThread 77A344DB 5 Bytes JMP 6E66F271 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1744] kernel32.dll!CreateThread 77A3CBEE 5 Bytes JMP 6E4D743B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1744] ole32.dll!OleLoadFromStream 76EB1E78 5 Bytes JMP 6E66F434 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!SetWindowsHookExW 772E87AD 5 Bytes JMP 6E5128A8 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!CallNextHookEx 772E8E3B 5 Bytes JMP 6E537C0F C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!UnhookWindowsHookEx 772E98DB 5 Bytes JMP 6E55E170 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!EnableWindow 772ECD8B 5 Bytes JMP 6E51A1CC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!DefWindowProcA 772EDB88 7 Bytes JMP 6E4D966D C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!CreateWindowExA 772EDC2A 5 Bytes JMP 6E4E3483 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!CreateWindowExW 772F1305 5 Bytes JMP 6E53FF9B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!DefWindowProcW 773003B4 7 Bytes JMP 6E537C72 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!DialogBoxParamW 773110B0 5 Bytes JMP 6E471883 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!DialogBoxIndirectParamW 77312EF5 5 Bytes JMP 6E66EC0A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!DialogBoxParamA 77328152 5 Bytes JMP 6E66EBA5 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!DialogBoxIndirectParamA 7732847D 5 Bytes JMP 6E66EC6F C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!MessageBoxIndirectA 7733D4D9 5 Bytes JMP 6E66EB2C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!MessageBoxIndirectW 7733D5D3 5 Bytes JMP 6E66EAB3 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!MessageBoxExA 7733D639 5 Bytes JMP 6E66EA4F C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!MessageBoxExW 7733D65D 5 Bytes JMP 6E66E9EB C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2948] ntdll.dll!RtlExitUserThread 778C1C5F 5 Bytes JMP 6E66F258 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2948] kernel32.dll!TerminateThread 77A344DB 5 Bytes JMP 6E66F271 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2948] kernel32.dll!CreateThread 77A3CBEE 5 Bytes JMP 6E4D743B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2948] ole32.dll!OleLoadFromStream 76EB1E78 5 Bytes JMP 6E66F434 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2948] USER32.dll!SetWindowsHookExW 772E87AD 5 Bytes JMP 6E5128A8 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2948] USER32.dll!CallNextHookEx 772E8E3B 5 Bytes JMP 6E537C0F C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2948] USER32.dll!UnhookWindowsHookEx 772E98DB 5 Bytes JMP 6E55E170 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2948] USER32.dll!EnableWindow 772ECD8B 5 Bytes JMP 6E51A1CC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2948] USER32.dll!DefWindowProcA 772EDB88 7 Bytes JMP 6E4D966D C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2948] USER32.dll!CreateWindowExA 772EDC2A 5 Bytes JMP 6E4E3483 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2948] USER32.dll!CreateWindowExW 772F1305 5 Bytes JMP 6E53FF9B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2948] USER32.dll!DefWindowProcW 773003B4 7 Bytes JMP 6E537C72 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2948] USER32.dll!DialogBoxParamW 773110B0 5 Bytes JMP 6E471883 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2948] USER32.dll!DialogBoxIndirectParamW 77312EF5 5 Bytes JMP 6E66EC0A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2948] USER32.dll!DialogBoxParamA 77328152 5 Bytes JMP 6E66EBA5 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2948] USER32.dll!DialogBoxIndirectParamA 7732847D 5 Bytes JMP 6E66EC6F C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2948] USER32.dll!MessageBoxIndirectA 7733D4D9 5 Bytes JMP 6E66EB2C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2948] USER32.dll!MessageBoxIndirectW 7733D5D3 5 Bytes JMP 6E66EAB3 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2948] USER32.dll!MessageBoxExA 7733D639 5 Bytes JMP 6E66EA4F C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2948] USER32.dll!MessageBoxExW 7733D65D 5 Bytes JMP 6E66E9EB C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3704] ntdll.dll!RtlExitUserThread 778C1C5F 5 Bytes JMP 6E66F258 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3704] kernel32.dll!TerminateThread 77A344DB 5 Bytes JMP 6E66F271 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3704] kernel32.dll!CreateThread 77A3CBEE 5 Bytes JMP 6E4D743B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3704] ole32.dll!OleLoadFromStream 76EB1E78 5 Bytes JMP 6E66F434 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!SetWindowsHookExW 772E87AD 5 Bytes JMP 6E5128A8 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!CallNextHookEx 772E8E3B 5 Bytes JMP 6E537C0F C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!UnhookWindowsHookEx 772E98DB 5 Bytes JMP 6E55E170 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!EnableWindow 772ECD8B 5 Bytes JMP 6E51A1CC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!DefWindowProcA 772EDB88 7 Bytes JMP 6E4D966D C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!CreateWindowExA 772EDC2A 5 Bytes JMP 6E4E3483 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!CreateWindowExW 772F1305 5 Bytes JMP 6E53FF9B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!DefWindowProcW 773003B4 7 Bytes JMP 6E537C72 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!DialogBoxParamW 773110B0 5 Bytes JMP 6E471883 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!DialogBoxIndirectParamW 77312EF5 5 Bytes JMP 6E66EC0A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!DialogBoxParamA 77328152 5 Bytes JMP 6E66EBA5 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!DialogBoxIndirectParamA 7732847D 5 Bytes JMP 6E66EC6F C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!MessageBoxIndirectA 7733D4D9 5 Bytes JMP 6E66EB2C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!MessageBoxIndirectW 7733D5D3 5 Bytes JMP 6E66EAB3 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!MessageBoxExA 7733D639 5 Bytes JMP 6E66EA4F C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!MessageBoxExW 7733D65D 5 Bytes JMP 6E66E9EB C:\Windows\system32\IEFRAME.dll .text C:\Users\Danusia i Dominik\Desktop\Nowy folder (2)\e2kchsjh.exe[6108] ntdll.dll!NtTerminateThread 778E5200 5 Bytes JMP 00020050 .text C:\Users\Danusia i Dominik\Desktop\Nowy folder (2)\e2kchsjh.exe[6108] ADVAPI32.dll!OpenSCManagerA + 125 75FE2E68 7 Bytes JMP 00190768 .text C:\Users\Danusia i Dominik\Desktop\Nowy folder (2)\e2kchsjh.exe[6108] ADVAPI32.dll!CloseServiceHandle + AA 75FE82F7 7 Bytes JMP 00190210 .text C:\Users\Danusia i Dominik\Desktop\Nowy folder (2)\e2kchsjh.exe[6108] ADVAPI32.dll!AreAllAccessesGranted + 3FD 76009E7F 7 Bytes JMP 001905A0 .text C:\Users\Danusia i Dominik\Desktop\Nowy folder (2)\e2kchsjh.exe[6108] ADVAPI32.dll!CreateServiceW + FF 76009F83 7 Bytes JMP 0019012C .text C:\Users\Danusia i Dominik\Desktop\Nowy folder (2)\e2kchsjh.exe[6108] ADVAPI32.dll!ControlService + C1 7600A049 7 Bytes JMP 0019084C .text C:\Users\Danusia i Dominik\Desktop\Nowy folder (2)\e2kchsjh.exe[6108] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F 760466F1 7 Bytes JMP 001903D8 .text C:\Users\Danusia i Dominik\Desktop\Nowy folder (2)\e2kchsjh.exe[6108] ADVAPI32.dll!ControlServiceExA + 10E 76046804 7 Bytes JMP 00190048 .text C:\Users\Danusia i Dominik\Desktop\Nowy folder (2)\e2kchsjh.exe[6108] ADVAPI32.dll!SetServiceObjectSecurity + FB 76046E9C 7 Bytes JMP 00190684 .text C:\Users\Danusia i Dominik\Desktop\Nowy folder (2)\e2kchsjh.exe[6108] ADVAPI32.dll!ChangeServiceConfigA + 1A3 76047044 7 Bytes JMP 001904BC .text C:\Users\Danusia i Dominik\Desktop\Nowy folder (2)\e2kchsjh.exe[6108] ADVAPI32.dll!ChangeServiceConfig2W + BB 76047364 7 Bytes JMP 001902F4 .text C:\Users\Danusia i Dominik\Desktop\Nowy folder (2)\e2kchsjh.exe[6108] USER32.dll!FindWindowA + 1BF 772E9F35 7 Bytes JMP 00190A12 .text C:\Users\Danusia i Dominik\Desktop\Nowy folder (2)\e2kchsjh.exe[6108] USER32.dll!RecordShutdownReason + 36A 7732B7BE 7 Bytes JMP 00190930 .text C:\Users\Danusia i Dominik\Desktop\Nowy folder (2)\e2kchsjh.exe[6108] NETAPI32.dll!DsGetDcNameWithAccountW + 13BE 75C3CFE4 7 Bytes JMP 00190AF4 .text C:\Users\Danusia i Dominik\Desktop\Nowy folder (2)\e2kchsjh.exe[6108] NETAPI32.dll!I_NetNameValidate + 176 75C52FEA 7 Bytes JMP 00190BD8 .text C:\Users\Danusia i Dominik\Desktop\Nowy folder (2)\e2kchsjh.exe[6108] NETAPI32.dll!CredpValidateTargetName + 616 75C71A58 7 Bytes JMP 00190CBC ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73F47817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19386_none_9e58a098ca10907a\gdiplus.dll IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73F85B69] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19386_none_9e58a098ca10907a\gdiplus.dll IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73F4BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19386_none_9e58a098ca10907a\gdiplus.dll IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73F3F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19386_none_9e58a098ca10907a\gdiplus.dll IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73F475E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19386_none_9e58a098ca10907a\gdiplus.dll IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73F3E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19386_none_9e58a098ca10907a\gdiplus.dll IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73F98F4D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19386_none_9e58a098ca10907a\gdiplus.dll IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73F4DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19386_none_9e58a098ca10907a\gdiplus.dll IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73F3FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19386_none_9e58a098ca10907a\gdiplus.dll IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73F3FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19386_none_9e58a098ca10907a\gdiplus.dll IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73F371CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19386_none_9e58a098ca10907a\gdiplus.dll IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73FCCB6A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19386_none_9e58a098ca10907a\gdiplus.dll IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73F6C840] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19386_none_9e58a098ca10907a\gdiplus.dll IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73F3D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19386_none_9e58a098ca10907a\gdiplus.dll IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73F36853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19386_none_9e58a098ca10907a\gdiplus.dll IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73F3687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19386_none_9e58a098ca10907a\gdiplus.dll IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73F42AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19386_none_9e58a098ca10907a\gdiplus.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@MemoryCacheSize 326059804 Reg HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@LastBootPlanUserTime N, lip 26 15, 08:49:24????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@LastBootPlanTime 0xD3 0xC7 0xD0 0x01 ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code