GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2010-11-12 18:35:18 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e Hitachi_HTS543232L9A300 rev.FB4OC40C Running: 9md9m0d7.exe; Driver: C:\DOCUME~1\KRZY~1\USTAWI~1\Temp\pxtdqpoc.sys ---- System - GMER 1.0.15 ---- SSDT F7B22106 ZwCreateKey SSDT F7B220FC ZwCreateThread SSDT F7B2210B ZwDeleteKey SSDT F7B22115 ZwDeleteValueKey SSDT spwp.sys ZwEnumerateKey [0xF72ACDA4] SSDT spwp.sys ZwEnumerateValueKey [0xF72AD132] SSDT F7B22133 ZwLoadDriver SSDT F7B2211A ZwLoadKey SSDT spwp.sys ZwOpenKey [0xF72940C0] SSDT F7B220E8 ZwOpenProcess SSDT F7B220ED ZwOpenThread SSDT spwp.sys ZwQueryKey [0xF72AD20A] SSDT spwp.sys ZwQueryValueKey [0xF72AD08A] SSDT F7B22124 ZwReplaceKey SSDT F7B2211F ZwRestoreKey SSDT F7B22138 ZwSetSystemInformation SSDT F7B22110 ZwSetValueKey SSDT F7B220F7 ZwTerminateProcess SSDT F7B220F2 ZwWriteVirtualMemory INT 0x62 ? 89E06BF8 INT 0x63 ? 89B9CBF8 INT 0x83 ? 89E06BF8 INT 0x94 ? 89B9CBF8 INT 0xB1 ? 89E78BF8 INT 0xB1 ? 89E78BF8 INT 0xB4 ? 89B9CBF8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2D1C 8050391C 4 Bytes CALL 9147EB41 ? spwp.sys Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6BB4000, 0x189F82, 0xE8000020] .text USBPORT.SYS!DllUnload F6B7162C 5 Bytes JMP 89B9C1D8 .text auejz48g.SYS F69BD386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text auejz48g.SYS F69BD3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text auejz48g.SYS F69BD3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH} .text auejz48g.SYS F69BD3C9 1 Byte [2E] .text auejz48g.SYS F69BD3C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...] .text ... .text aqfi201b.SYS F6819386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text aqfi201b.SYS F68193AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text aqfi201b.SYS F68193C4 3 Bytes [00, 80, 02] .text aqfi201b.SYS F68193C9 1 Byte [30] .text aqfi201b.SYS F68193C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL} .text ... ---- User code sections - GMER 1.0.15 ---- .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F39C .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F430 .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F5BD .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F39C .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F430 .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F5BD .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F39C .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F430 .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F5BD .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F39C .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F430 .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F5BD .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F39C .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F430 .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F5BD .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7295042] spwp.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F729513E] spwp.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72950C0] spwp.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7295800] spwp.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72956D6] spwp.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F72A4B90] spwp.sys IAT \SystemRoot\System32\Drivers\auejz48g.SYS[HAL.dll!KfAcquireSpinLock] 001C9C96 IAT \SystemRoot\System32\Drivers\auejz48g.SYS[HAL.dll!READ_PORT_UCHAR] C6168B00 IAT \SystemRoot\System32\Drivers\auejz48g.SYS[HAL.dll!KeGetCurrentIrql] 001CB986 IAT \SystemRoot\System32\Drivers\auejz48g.SYS[HAL.dll!KfRaiseIrql] 428A0A00 IAT \SystemRoot\System32\Drivers\auejz48g.SYS[HAL.dll!KfLowerIrql] BA86880C IAT \SystemRoot\System32\Drivers\auejz48g.SYS[HAL.dll!HalGetInterruptVector] 8B00001C IAT \SystemRoot\System32\Drivers\auejz48g.SYS[HAL.dll!HalTranslateBusAddress] 24A48DFA IAT \SystemRoot\System32\Drivers\auejz48g.SYS[HAL.dll!KeStallExecutionProcessor] 00000000 IAT \SystemRoot\System32\Drivers\auejz48g.SYS[HAL.dll!KfReleaseSpinLock] 4B8BDF8B IAT \SystemRoot\System32\Drivers\auejz48g.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D3F0304 IAT \SystemRoot\System32\Drivers\auejz48g.SYS[HAL.dll!READ_PORT_USHORT] CB033043 IAT \SystemRoot\System32\Drivers\auejz48g.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 0673C13B IAT \SystemRoot\System32\Drivers\auejz48g.SYS[HAL.dll!WRITE_PORT_UCHAR] C13B0003 IAT \SystemRoot\System32\Drivers\auejz48g.SYS[WMILIB.SYS!WmiSystemControl] 75000E7B IAT \SystemRoot\System32\Drivers\auejz48g.SYS[WMILIB.SYS!WmiCompleteRequest] 0B7D80E3 IAT \SystemRoot\System32\Drivers\aqfi201b.SYS[HAL.dll!KfAcquireSpinLock] 0C8D1C46 IAT \SystemRoot\System32\Drivers\aqfi201b.SYS[HAL.dll!READ_PORT_UCHAR] B48B8932 IAT \SystemRoot\System32\Drivers\aqfi201b.SYS[HAL.dll!KeGetCurrentIrql] 89000001 IAT \SystemRoot\System32\Drivers\aqfi201b.SYS[HAL.dll!KfRaiseIrql] 0001C083 IAT \SystemRoot\System32\Drivers\aqfi201b.SYS[HAL.dll!KfLowerIrql] 24468B00 IAT \SystemRoot\System32\Drivers\aqfi201b.SYS[HAL.dll!HalGetInterruptVector] 89820C8D IAT \SystemRoot\System32\Drivers\aqfi201b.SYS[HAL.dll!HalTranslateBusAddress] D18BF84D IAT \SystemRoot\System32\Drivers\aqfi201b.SYS[HAL.dll!KeStallExecutionProcessor] 860F1639 IAT \SystemRoot\System32\Drivers\aqfi201b.SYS[HAL.dll!KfReleaseSpinLock] 000000BD IAT \SystemRoot\System32\Drivers\aqfi201b.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 020CB389 IAT \SystemRoot\System32\Drivers\aqfi201b.SYS[HAL.dll!READ_PORT_USHORT] 83660000 IAT \SystemRoot\System32\Drivers\aqfi201b.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 7400067E IAT \SystemRoot\System32\Drivers\aqfi201b.SYS[HAL.dll!WRITE_PORT_UCHAR] 89D60320 IAT \SystemRoot\System32\Drivers\aqfi201b.SYS[WMILIB.SYS!WmiSystemControl] 8D168B00 IAT \SystemRoot\System32\Drivers\aqfi201b.SYS[WMILIB.SYS!WmiCompleteRequest] F0003284 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe[3936] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [1000F312] C:\Program Files\Ant.com\IE add-on\AntLog.dll (BugTrap dynamic link library/IntelleSoft) IAT C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe[3936] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [1000F312] C:\Program Files\Ant.com\IE add-on\AntLog.dll (BugTrap dynamic link library/IntelleSoft) IAT C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe[3936] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [1000F312] C:\Program Files\Ant.com\IE add-on\AntLog.dll (BugTrap dynamic link library/IntelleSoft) IAT C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe[3936] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [1000F312] C:\Program Files\Ant.com\IE add-on\AntLog.dll (BugTrap dynamic link library/IntelleSoft) IAT C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe[3936] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [1000F312] C:\Program Files\Ant.com\IE add-on\AntLog.dll (BugTrap dynamic link library/IntelleSoft) IAT C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe[3936] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [1000F312] C:\Program Files\Ant.com\IE add-on\AntLog.dll (BugTrap dynamic link library/IntelleSoft) IAT C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe[3936] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [1000F312] C:\Program Files\Ant.com\IE add-on\AntLog.dll (BugTrap dynamic link library/IntelleSoft) IAT C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe[3936] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [1000F312] C:\Program Files\Ant.com\IE add-on\AntLog.dll (BugTrap dynamic link library/IntelleSoft) IAT C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe[3936] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [1000F312] C:\Program Files\Ant.com\IE add-on\AntLog.dll (BugTrap dynamic link library/IntelleSoft) IAT C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe[3936] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [1000F312] C:\Program Files\Ant.com\IE add-on\AntLog.dll (BugTrap dynamic link library/IntelleSoft) IAT C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe[3936] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [1000F312] C:\Program Files\Ant.com\IE add-on\AntLog.dll (BugTrap dynamic link library/IntelleSoft) IAT C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe[3936] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [1000F312] C:\Program Files\Ant.com\IE add-on\AntLog.dll (BugTrap dynamic link library/IntelleSoft) IAT C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe[3936] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [1000F312] C:\Program Files\Ant.com\IE add-on\AntLog.dll (BugTrap dynamic link library/IntelleSoft) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 89E051F8 Device \FileSystem\Fastfat \FatCdrom 898D7500 Device \Driver\NetBT \Device\NetBT_Tcpip_{87401833-36B4-4476-940E-989270E7A1C0} 89A7A500 AttachedDevice \Driver\Tcpip \Device\Ip avfwot.sys (TDI filtering kernel driver/Avira GmbH) Device \Driver\sptd \Device\2602787470 spwp.sys Device \Driver\usbohci \Device\USBPDO-0 89AFA1F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 89E761F8 Device \Driver\dmio \Device\DmControl\DmConfig 89E761F8 Device \Driver\dmio \Device\DmControl\DmPnP 89E761F8 Device \Driver\dmio \Device\DmControl\DmInfo 89E761F8 Device \Driver\usbohci \Device\USBPDO-1 89AFA1F8 Device \Driver\usbehci \Device\USBPDO-2 89B901F8 AttachedDevice \Driver\Tcpip \Device\Tcp avfwot.sys (TDI filtering kernel driver/Avira GmbH) Device \Driver\Ftdisk \Device\HarddiskVolume1 89E071F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 89E071F8 Device \Driver\Cdrom \Device\CdRom0 89AFB1F8 Device \Driver\atapi \Device\Ide\IdePort0 89E061F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 89E061F8 Device \Driver\atapi \Device\Ide\IdePort1 89E061F8 Device \Driver\atapi \Device\Ide\IdePort2 89E061F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 89E061F8 Device \Driver\Ftdisk \Device\HarddiskVolume3 89E071F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{AFF7D317-D3E7-44D7-A8CD-6B7911B2F35A} 89A7A500 Device \Driver\Cdrom \Device\CdRom1 89AFB1F8 Device \Driver\Cdrom \Device\CdRom2 89AFB1F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 89A7A500 Device \Driver\NetBT \Device\NetbiosSmb 89A7A500 Device \Driver\sptd \Device\2602943720 spwp.sys Device \Driver\PCI_PNP9970 \Device\0000004d spwp.sys Device \Driver\PCI_PNP9970 \Device\0000004e spwp.sys AttachedDevice \Driver\Tcpip \Device\Udp avfwot.sys (TDI filtering kernel driver/Avira GmbH) AttachedDevice \Driver\Tcpip \Device\RawIp avfwot.sys (TDI filtering kernel driver/Avira GmbH) Device \Driver\usbohci \Device\USBFDO-0 89AFA1F8 Device \Driver\usbstor \Device\0000007a 89932500 Device \Driver\usbohci \Device\USBFDO-1 89AFA1F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 898DB500 Device \Driver\usbehci \Device\USBFDO-2 89B901F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 898DB500 Device \Driver\usbstor \Device\0000007d 89932500 Device \Driver\Ftdisk \Device\FtControl 89E071F8 Device \Driver\auejz48g \Device\Scsi\auejz48g1 89AE3500 Device \Driver\aqfi201b \Device\Scsi\aqfi201b1 89A4A1F8 Device \Driver\auejz48g \Device\Scsi\auejz48g1Port4Path0Target0Lun0 89AE3500 Device \Driver\aqfi201b \Device\Scsi\aqfi201b1Port3Path0Target0Lun0 89A4A1F8 Device \FileSystem\Fastfat \Fat 898D7500 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 89991500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCA 0x0E 0x6A 0x10 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xAE 0x01 0x98 0x4C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x90 0xC9 0x5F 0xE5 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA4 0xE2 0x44 0x23 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1D 0x62 0x00 0x29 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC8 0x78 0x94 0xF6 ... Reg HKLM\SYSTEM\ControlSet002\Services\ayqgayin@DisplayName Universal Shell Reg HKLM\SYSTEM\ControlSet002\Services\ayqgayin@Type 32 Reg HKLM\SYSTEM\ControlSet002\Services\ayqgayin@Start 2 Reg HKLM\SYSTEM\ControlSet002\Services\ayqgayin@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\Services\ayqgayin@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet002\Services\ayqgayin@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\Services\ayqgayin@Description Umo?liwia dzia?anie Centrum pomocy i obs?ugi technicznej na tym komputerze. Je?li ta us?uga zostanie zatrzymana, Centrum pomocy i obs?ugi technicznej b?dzie niedost?pne. Je?li ta us?uga zostanie wy??czona, wszelkie us?ugi jawnie od niej zale?ne przestan? si? uruchamia?. Reg HKLM\SYSTEM\ControlSet002\Services\ayqgayin\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\ayqgayin\Parameters@ServiceDll C:\WINDOWS\system32\pobtlr.dll Reg HKLM\SYSTEM\ControlSet002\Services\ksibmcxso@DisplayName Server Task Reg HKLM\SYSTEM\ControlSet002\Services\ksibmcxso@Type 32 Reg HKLM\SYSTEM\ControlSet002\Services\ksibmcxso@Start 2 Reg HKLM\SYSTEM\ControlSet002\Services\ksibmcxso@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\Services\ksibmcxso@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet002\Services\ksibmcxso@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\Services\ksibmcxso@Description Umo?liwia u?ytkownikowi konfigurowanie i planowanie automatycznych zada? na tym komputerze. Je?li ta us?uga zostanie zatrzymana, zadania te nie b?d? uruchamiane o wyznaczonej godzinie. Je?li ta us?uga zostanie wy??czona, wszelkie us?ugi jawnie od niej zale?ne przestan? si? uruchamia?. Reg HKLM\SYSTEM\ControlSet002\Services\ksibmcxso\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\ksibmcxso\Parameters@ServiceDll C:\Program Files\Movie Maker\pobtlr.dll Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCA 0x0E 0x6A 0x10 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xAE 0x01 0x98 0x4C ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x90 0xC9 0x5F 0xE5 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA4 0xE2 0x44 0x23 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1D 0x62 0x00 0x29 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC8 0x78 0x94 0xF6 ... ---- EOF - GMER 1.0.15 ----