GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-01-02 12:09:09 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.PB2O Running: yvdsjitn.exe; Driver: C:\Users\Maciej\AppData\Local\Temp\kwlorpog.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 81C5C599 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81C80F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ? System32\Drivers\spus.sys System nie może odnaleźć określonej ścieżki. ! .text USBPORT.SYS!DllUnload 883D9CA0 5 Bytes JMP 8584A4E0 ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[4084] USER32.dll!CharToOemA + 3A 7765B1DE 7 Bytes JMP 0025FDF0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[4084] USER32.dll!PostMessageW + 2CE 776664F3 7 Bytes JMP 0025FCA0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[4084] USER32.dll!SetDlgItemTextA + 25 77678FF6 7 Bytes JMP 0025FDD0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[4084] USER32.dll!MessageBoxIndirectA + F5 776AE9BE 7 Bytes JMP 0025FE40 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[4084] USER32.dll!MessageBoxIndirectW + 61 776AEA24 7 Bytes JMP 0025FF10 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[4084] USER32.dll!MessageBoxExA + 1F 776AEA48 7 Bytes JMP 0025FEC0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtCreateFile + 6 77864A36 4 Bytes [28, 00, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtCreateFile + B 77864A3B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtMapViewOfSection + 6 77865096 1 Byte [28] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtMapViewOfSection + 6 77865096 4 Bytes [28, 03, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtMapViewOfSection + B 7786509B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenFile + 6 77865146 4 Bytes [68, 00, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenFile + B 7786514B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenProcess + 6 778651F6 4 Bytes [A8, 01, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenProcess + B 778651FB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenProcessToken + B 7786520B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenProcessTokenEx + 6 77865216 4 Bytes [A8, 02, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenProcessTokenEx + B 7786521B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenThread + 6 77865276 4 Bytes [68, 01, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenThread + B 7786527B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenThreadToken + 6 77865286 4 Bytes [68, 02, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenThreadToken + B 7786528B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenThreadTokenEx + B 7786529B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtQueryAttributesFile + 6 778653A6 4 Bytes [A8, 00, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtQueryAttributesFile + B 778653AB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtQueryFullAttributesFile + B 7786545B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtSetInformationFile + 6 77865AA6 4 Bytes [28, 01, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtSetInformationFile + B 77865AAB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtSetInformationThread + 6 77865B06 4 Bytes [28, 02, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtSetInformationThread + B 77865B0B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtUnmapViewOfSection + 6 77865E26 1 Byte [68] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtUnmapViewOfSection + 6 77865E26 4 Bytes [68, 03, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtUnmapViewOfSection + B 77865E2B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5268] ntdll.dll!NtCreateFile + 6 77864A36 4 Bytes [28, 00, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5268] ntdll.dll!NtCreateFile + B 77864A3B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5268] ntdll.dll!NtMapViewOfSection + 6 77865096 1 Byte [28] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5268] ntdll.dll!NtMapViewOfSection + 6 77865096 4 Bytes [28, 03, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5268] ntdll.dll!NtMapViewOfSection + B 7786509B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5268] ntdll.dll!NtOpenFile + 6 77865146 4 Bytes [68, 00, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5268] ntdll.dll!NtOpenFile + B 7786514B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5268] ntdll.dll!NtOpenProcess + 6 778651F6 4 Bytes [A8, 01, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5268] ntdll.dll!NtOpenProcess + B 778651FB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5268] ntdll.dll!NtOpenProcessToken + B 7786520B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5268] ntdll.dll!NtOpenProcessTokenEx + 6 77865216 4 Bytes [A8, 02, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5268] ntdll.dll!NtOpenProcessTokenEx + B 7786521B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5268] ntdll.dll!NtOpenThread + 6 77865276 4 Bytes [68, 01, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5268] ntdll.dll!NtOpenThread + B 7786527B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5268] ntdll.dll!NtOpenThreadToken + 6 77865286 4 Bytes [68, 02, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5268] ntdll.dll!NtOpenThreadToken + B 7786528B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5268] ntdll.dll!NtOpenThreadTokenEx + B 7786529B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5268] ntdll.dll!NtQueryAttributesFile + 6 778653A6 4 Bytes [A8, 00, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5268] ntdll.dll!NtQueryAttributesFile + B 778653AB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5268] ntdll.dll!NtQueryFullAttributesFile + B 7786545B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5268] ntdll.dll!NtSetInformationFile + 6 77865AA6 4 Bytes [28, 01, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5268] ntdll.dll!NtSetInformationFile + B 77865AAB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5268] ntdll.dll!NtSetInformationThread + 6 77865B06 4 Bytes [28, 02, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5268] ntdll.dll!NtSetInformationThread + B 77865B0B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5268] ntdll.dll!NtUnmapViewOfSection + 6 77865E26 1 Byte [68] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5268] ntdll.dll!NtUnmapViewOfSection + 6 77865E26 4 Bytes [68, 03, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5268] ntdll.dll!NtUnmapViewOfSection + B 77865E2B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5452] ntdll.dll!NtCreateFile + 6 77864A36 4 Bytes [28, 00, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5452] ntdll.dll!NtCreateFile + B 77864A3B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5452] ntdll.dll!NtMapViewOfSection + 6 77865096 1 Byte [28] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5452] ntdll.dll!NtMapViewOfSection + 6 77865096 4 Bytes [28, 03, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5452] ntdll.dll!NtMapViewOfSection + B 7786509B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5452] ntdll.dll!NtOpenFile + 6 77865146 4 Bytes [68, 00, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5452] ntdll.dll!NtOpenFile + B 7786514B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5452] ntdll.dll!NtOpenProcess + 6 778651F6 4 Bytes [A8, 01, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5452] ntdll.dll!NtOpenProcess + B 778651FB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5452] ntdll.dll!NtOpenProcessToken + B 7786520B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5452] ntdll.dll!NtOpenProcessTokenEx + 6 77865216 4 Bytes [A8, 02, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5452] ntdll.dll!NtOpenProcessTokenEx + B 7786521B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5452] ntdll.dll!NtOpenThread + 6 77865276 4 Bytes [68, 01, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5452] ntdll.dll!NtOpenThread + B 7786527B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5452] ntdll.dll!NtOpenThreadToken + 6 77865286 4 Bytes [68, 02, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5452] ntdll.dll!NtOpenThreadToken + B 7786528B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5452] ntdll.dll!NtOpenThreadTokenEx + B 7786529B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5452] ntdll.dll!NtQueryAttributesFile + 6 778653A6 4 Bytes [A8, 00, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5452] ntdll.dll!NtQueryAttributesFile + B 778653AB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5452] ntdll.dll!NtQueryFullAttributesFile + B 7786545B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5452] ntdll.dll!NtSetInformationFile + 6 77865AA6 4 Bytes [28, 01, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5452] ntdll.dll!NtSetInformationFile + B 77865AAB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5452] ntdll.dll!NtSetInformationThread + 6 77865B06 4 Bytes [28, 02, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5452] ntdll.dll!NtSetInformationThread + B 77865B0B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5452] ntdll.dll!NtUnmapViewOfSection + 6 77865E26 1 Byte [68] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5452] ntdll.dll!NtUnmapViewOfSection + 6 77865E26 4 Bytes [68, 03, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5452] ntdll.dll!NtUnmapViewOfSection + B 77865E2B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtCreateFile + 6 77864A36 4 Bytes [28, 00, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtCreateFile + B 77864A3B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtMapViewOfSection + 6 77865096 1 Byte [28] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtMapViewOfSection + 6 77865096 4 Bytes [28, 03, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtMapViewOfSection + B 7786509B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenFile + 6 77865146 4 Bytes [68, 00, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenFile + B 7786514B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenProcess + 6 778651F6 4 Bytes [A8, 01, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenProcess + B 778651FB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenProcessToken + B 7786520B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenProcessTokenEx + 6 77865216 4 Bytes [A8, 02, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenProcessTokenEx + B 7786521B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenThread + 6 77865276 4 Bytes [68, 01, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenThread + B 7786527B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenThreadToken + 6 77865286 4 Bytes [68, 02, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenThreadToken + B 7786528B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenThreadTokenEx + B 7786529B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtQueryAttributesFile + 6 778653A6 4 Bytes [A8, 00, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtQueryAttributesFile + B 778653AB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtQueryFullAttributesFile + B 7786545B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtSetInformationFile + 6 77865AA6 4 Bytes [28, 01, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtSetInformationFile + B 77865AAB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtSetInformationThread + 6 77865B06 4 Bytes [28, 02, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtSetInformationThread + B 77865B0B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtUnmapViewOfSection + 6 77865E26 1 Byte [68] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtUnmapViewOfSection + 6 77865E26 4 Bytes [68, 03, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtUnmapViewOfSection + B 77865E2B 1 Byte [E2] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\windows\Explorer.EXE[1608] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [744B2494] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1608] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74495624] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1608] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [744956E2] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1608] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree] [744B250F] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1608] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [744A8573] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1608] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [744A4D27] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1608] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [744A50CE] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1608] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [744A51A3] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1608] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [744A66D0] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1608] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [744A82CA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1608] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [744A8819] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1608] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [744A907A] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1608] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [744AE21D] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1608] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [744A4C59] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 83E491F8 Device \FileSystem\fastfat \FatCdrom 856F71F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{DC91F929-5B40-4452-B0C6-B920342FD0E1} 857251F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{737B43DA-056E-4A23-9864-9FC694780AD1} 857251F8 AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) Device \Driver\volmgr \Device\VolMgrControl 83E451F8 Device \FileSystem\fastfat \Fat 856F71F8 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243d42a5e Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd6062998 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd6062998@b8f93464de1c 0x7C 0x83 0xC7 0x37 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd6062998@00247d4fe304 0xFA 0x2D 0xEE 0xEF ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x73 0x91 0x8F 0xA6 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243d42a5e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd6062998 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd6062998@b8f93464de1c 0x7C 0x83 0xC7 0x37 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd6062998@00247d4fe304 0xFA 0x2D 0xEE 0xEF ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x69 0x1A 0x9A 0x0C ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x51 0x69 0xC5 0x7E ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDF 0x46 0x07 0x78 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@NextDetectionTime 2011-01-02 10:48:49 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect@LastSuccessTime 2011-01-01 16:58:29 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk 1 ---- EOF - GMER 1.0.15 ----