GMER 2.1.18952 - http://www.gmer.net Rootkit scan 2013-03-22 09:54:59 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800AAJS-00PSA0 rev.05.06H05 74,53GB Running: zejd9idq.exe; Driver: C:\DOCUME~1\NAUCZY~1\USTAWI~1\Temp\uxliapod.sys ---- System - GMER 2.1 ---- SSDT 86BB79E8 ZwAlertResumeThread SSDT 86E46B80 ZwAlertThread SSDT 86B9C928 ZwAllocateVirtualMemory SSDT 86E3E940 ZwAssignProcessToJobObject SSDT 86B01B28 ZwConnectPort SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA930DED0] SSDT 86BBD7D8 ZwCreateMutant SSDT 86BBE080 ZwCreateSymbolicLinkObject SSDT 86EBDA98 ZwCreateThread SSDT 86E4B6F8 ZwDebugActiveProcess SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA930E150] SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA930E810] SSDT 86B7AA20 ZwDuplicateObject SSDT 86BB5698 ZwFreeVirtualMemory SSDT 86BBFA30 ZwImpersonateAnonymousToken SSDT 86BBE9E8 ZwImpersonateThread SSDT 86C97F08 ZwLoadDriver SSDT 86B9DBA8 ZwMapViewOfSection SSDT 86E47598 ZwOpenEvent SSDT 86B7D588 ZwOpenProcess SSDT 86B7C6E8 ZwOpenProcessToken SSDT 86EBCBD0 ZwOpenSection SSDT 86B7C720 ZwOpenThread SSDT 86E429E8 ZwProtectVirtualMemory SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwRenameKey [0xA930ED80] SSDT 86B9C458 ZwResumeThread SSDT 86BA76E8 ZwSetContextThread SSDT 86B98A20 ZwSetInformationProcess SSDT 86E67720 ZwSetSystemInformation SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA930EAA0] SSDT 86E638F8 ZwSuspendProcess SSDT 86B98550 ZwSuspendThread SSDT 86E53658 ZwTerminateProcess SSDT 86B9D6E8 ZwTerminateThread SSDT 86BBB9E8 ZwUnmapViewOfSection SSDT 86BA7BB8 ZwWriteVirtualMemory ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2C0C 80504504 8 Bytes [E8, 79, BB, 86, 80, 6B, E4, ...] {CALL 0x8086bb7e; IMUL ESP, ESP, -0x7a} .text ntkrnlpa.exe!ZwCallbackReturn + 2C28 80504520 4 Bytes JMP 9948CC08 .text ntkrnlpa.exe!ZwCallbackReturn + 2CE0 805045D8 4 Bytes [10, E8, 30, A9] .text ntkrnlpa.exe!ZwCallbackReturn + 2D48 80504640 4 Bytes [E8, E9, BB, 86] .text ntkrnlpa.exe!ZwCallbackReturn + 2E00 805046F8 4 Bytes [E8, 29, E4, 86] .text ... ? SYMDS.SYS Nie można odnaleźć określonego pliku. ! ? SYMEFA.SYS Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[908] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 003F0048 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[908] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 003D004C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[908] ADVAPI32.dll!OpenSCManagerW + A3 77DD6FF8 7 Bytes JMP 003F020E .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[908] ADVAPI32.dll!LogonUserExW + 461 77DE4A04 7 Bytes JMP 003F012A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[908] ADVAPI32.dll!SystemFunction025 + 8D 77DE4C61 7 Bytes JMP 003F0682 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[908] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E26E64 7 Bytes JMP 003F059E .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[908] ADVAPI32.dll!ChangeServiceConfigA + 193 77E26FFC 7 Bytes JMP 003F03D6 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[908] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E2720C 2 Bytes JMP 003F02F2 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[908] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E2720F 4 Bytes [5C, 88, EB, F9] {POP ESP; MOV BL, CH; STC } .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[908] ADVAPI32.dll!CreateServiceA + 193 77E273A4 7 Bytes JMP 003F04BA .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[908] ADVAPI32.dll!CreateServiceW + 103 77E274AC 7 Bytes JMP 003F0766 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[908] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 003F0A0E .text C:\Program Files\Java\jre7\bin\jqs.exe[1632] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 003E0048 .text C:\Program Files\Java\jre7\bin\jqs.exe[1632] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 003C004C .text C:\Program Files\Java\jre7\bin\jqs.exe[1632] ADVAPI32.dll!OpenSCManagerW + A3 77DD6FF8 7 Bytes JMP 003E020E .text C:\Program Files\Java\jre7\bin\jqs.exe[1632] ADVAPI32.dll!LogonUserExW + 461 77DE4A04 7 Bytes JMP 003E012A .text C:\Program Files\Java\jre7\bin\jqs.exe[1632] ADVAPI32.dll!SystemFunction025 + 8D 77DE4C61 7 Bytes JMP 003E0682 .text C:\Program Files\Java\jre7\bin\jqs.exe[1632] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E26E64 7 Bytes JMP 003E059E .text C:\Program Files\Java\jre7\bin\jqs.exe[1632] ADVAPI32.dll!ChangeServiceConfigA + 193 77E26FFC 7 Bytes JMP 003E03D6 .text C:\Program Files\Java\jre7\bin\jqs.exe[1632] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E2720C 2 Bytes JMP 003E02F2 .text C:\Program Files\Java\jre7\bin\jqs.exe[1632] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E2720F 4 Bytes [5B, 88, EB, F9] {POP EBX; MOV BL, CH; STC } .text C:\Program Files\Java\jre7\bin\jqs.exe[1632] ADVAPI32.dll!CreateServiceA + 193 77E273A4 7 Bytes JMP 003E04BA .text C:\Program Files\Java\jre7\bin\jqs.exe[1632] ADVAPI32.dll!CreateServiceW + 103 77E274AC 7 Bytes JMP 003E0766 .text C:\Program Files\Java\jre7\bin\jqs.exe[1632] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 003E084A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1668] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00380048 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1668] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0036004C .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1668] ADVAPI32.dll!OpenSCManagerW + A3 77DD6FF8 7 Bytes JMP 0038020E .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1668] ADVAPI32.dll!LogonUserExW + 461 77DE4A04 7 Bytes JMP 0038012A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1668] ADVAPI32.dll!SystemFunction025 + 8D 77DE4C61 7 Bytes JMP 00380682 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1668] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E26E64 7 Bytes JMP 0038059E .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1668] ADVAPI32.dll!ChangeServiceConfigA + 193 77E26FFC 7 Bytes JMP 003803D6 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1668] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E2720C 2 Bytes JMP 003802F2 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1668] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E2720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC } .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1668] ADVAPI32.dll!CreateServiceA + 193 77E273A4 7 Bytes JMP 003804BA .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1668] ADVAPI32.dll!CreateServiceW + 103 77E274AC 7 Bytes JMP 00380766 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1668] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 0038084A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1712] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1712] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1712] ADVAPI32.dll!OpenSCManagerW + A3 77DD6FF8 7 Bytes JMP 0039020E .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1712] ADVAPI32.dll!LogonUserExW + 461 77DE4A04 7 Bytes JMP 0039012A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1712] ADVAPI32.dll!SystemFunction025 + 8D 77DE4C61 7 Bytes JMP 00390682 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1712] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E26E64 7 Bytes JMP 0039059E .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1712] ADVAPI32.dll!ChangeServiceConfigA + 193 77E26FFC 7 Bytes JMP 003903D6 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1712] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E2720C 2 Bytes JMP 003902F2 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1712] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E2720F 4 Bytes [56, 88, EB, F9] {PUSH ESI; MOV BL, CH; STC } .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1712] ADVAPI32.dll!CreateServiceA + 193 77E273A4 7 Bytes JMP 003904BA .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1712] ADVAPI32.dll!CreateServiceW + 103 77E274AC 7 Bytes JMP 00390766 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1712] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 0039084A .text C:\Documents and Settings\Nauczyciele\Pulpit\OTL.exe[1856] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 003E0048 .text C:\Documents and Settings\Nauczyciele\Pulpit\OTL.exe[1856] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 003C004C .text C:\Documents and Settings\Nauczyciele\Pulpit\OTL.exe[1856] user32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 003E012A .text C:\Documents and Settings\Nauczyciele\Pulpit\OTL.exe[1856] ADVAPI32.dll!OpenSCManagerW + A3 77DD6FF8 7 Bytes JMP 003E02F0 .text C:\Documents and Settings\Nauczyciele\Pulpit\OTL.exe[1856] ADVAPI32.dll!LogonUserExW + 461 77DE4A04 7 Bytes JMP 003E020C .text C:\Documents and Settings\Nauczyciele\Pulpit\OTL.exe[1856] ADVAPI32.dll!SystemFunction025 + 8D 77DE4C61 7 Bytes JMP 003E0764 .text C:\Documents and Settings\Nauczyciele\Pulpit\OTL.exe[1856] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E26E64 7 Bytes JMP 003E0680 .text C:\Documents and Settings\Nauczyciele\Pulpit\OTL.exe[1856] ADVAPI32.dll!ChangeServiceConfigA + 193 77E26FFC 7 Bytes JMP 003E04B8 .text C:\Documents and Settings\Nauczyciele\Pulpit\OTL.exe[1856] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E2720C 7 Bytes JMP 003E03D4 .text C:\Documents and Settings\Nauczyciele\Pulpit\OTL.exe[1856] ADVAPI32.dll!CreateServiceA + 193 77E273A4 7 Bytes JMP 003E059C .text C:\Documents and Settings\Nauczyciele\Pulpit\OTL.exe[1856] ADVAPI32.dll!CreateServiceW + 103 77E274AC 7 Bytes JMP 003E0848 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1864] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 003D0048 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1864] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 003B004C .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1864] ADVAPI32.dll!OpenSCManagerW + A3 77DD6FF8 7 Bytes JMP 003D020E .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1864] ADVAPI32.dll!LogonUserExW + 461 77DE4A04 7 Bytes JMP 003D012A .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1864] ADVAPI32.dll!SystemFunction025 + 8D 77DE4C61 7 Bytes JMP 003D0682 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1864] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E26E64 7 Bytes JMP 003D059E .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1864] ADVAPI32.dll!ChangeServiceConfigA + 193 77E26FFC 7 Bytes JMP 003D03D6 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1864] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E2720C 2 Bytes JMP 003D02F2 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1864] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E2720F 4 Bytes [5A, 88, EB, F9] {POP EDX; MOV BL, CH; STC } .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1864] ADVAPI32.dll!CreateServiceA + 193 77E273A4 7 Bytes JMP 003D04BA .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1864] ADVAPI32.dll!CreateServiceW + 103 77E274AC 7 Bytes JMP 003D0766 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1864] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 003D084A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1960] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00380048 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1960] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0036004C .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1960] ADVAPI32.dll!OpenSCManagerW + A3 77DD6FF8 7 Bytes JMP 0038020E .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1960] ADVAPI32.dll!LogonUserExW + 461 77DE4A04 7 Bytes JMP 0038012A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1960] ADVAPI32.dll!SystemFunction025 + 8D 77DE4C61 7 Bytes JMP 00380682 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1960] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E26E64 7 Bytes JMP 0038059E .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1960] ADVAPI32.dll!ChangeServiceConfigA + 193 77E26FFC 7 Bytes JMP 003803D6 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1960] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E2720C 2 Bytes JMP 003802F2 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1960] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E2720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC } .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1960] ADVAPI32.dll!CreateServiceA + 193 77E273A4 7 Bytes JMP 003804BA .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1960] ADVAPI32.dll!CreateServiceW + 103 77E274AC 7 Bytes JMP 00380766 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1960] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 0038084A .text C:\Program Files\Mozilla Firefox\firefox.exe[2408] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00320048 .text C:\Program Files\Mozilla Firefox\firefox.exe[2408] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0030004C .text C:\Program Files\Mozilla Firefox\firefox.exe[2408] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 016E3C70 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2408] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01A36096 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2408] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01A36073 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2408] kernel32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 0170553C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2408] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 0032012A .text C:\Program Files\Mozilla Firefox\firefox.exe[2408] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01A35FF4 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2408] ADVAPI32.dll!OpenSCManagerW + A3 77DD6FF8 7 Bytes JMP 003202F0 .text C:\Program Files\Mozilla Firefox\firefox.exe[2408] ADVAPI32.dll!LogonUserExW + 461 77DE4A04 7 Bytes JMP 0032020C .text C:\Program Files\Mozilla Firefox\firefox.exe[2408] ADVAPI32.dll!SystemFunction025 + 8D 77DE4C61 7 Bytes JMP 00320764 .text C:\Program Files\Mozilla Firefox\firefox.exe[2408] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E26E64 7 Bytes JMP 00320680 .text C:\Program Files\Mozilla Firefox\firefox.exe[2408] ADVAPI32.dll!ChangeServiceConfigA + 193 77E26FFC 7 Bytes JMP 003204B8 .text C:\Program Files\Mozilla Firefox\firefox.exe[2408] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E2720C 7 Bytes JMP 003203D4 .text C:\Program Files\Mozilla Firefox\firefox.exe[2408] ADVAPI32.dll!CreateServiceA + 193 77E273A4 7 Bytes JMP 0032059C .text C:\Program Files\Mozilla Firefox\firefox.exe[2408] ADVAPI32.dll!CreateServiceW + 103 77E274AC 7 Bytes JMP 00320848 .text C:\Documents and Settings\Nauczyciele\Pulpit\zejd9idq.exe[3928] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 003E0048 .text C:\Documents and Settings\Nauczyciele\Pulpit\zejd9idq.exe[3928] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 003C004C .text C:\Documents and Settings\Nauczyciele\Pulpit\zejd9idq.exe[3928] ADVAPI32.dll!OpenSCManagerW + A3 77DD6FF8 7 Bytes JMP 003E020E .text C:\Documents and Settings\Nauczyciele\Pulpit\zejd9idq.exe[3928] ADVAPI32.dll!LogonUserExW + 461 77DE4A04 7 Bytes JMP 003E012A .text C:\Documents and Settings\Nauczyciele\Pulpit\zejd9idq.exe[3928] ADVAPI32.dll!SystemFunction025 + 8D 77DE4C61 7 Bytes JMP 003E0682 .text C:\Documents and Settings\Nauczyciele\Pulpit\zejd9idq.exe[3928] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E26E64 7 Bytes JMP 003E059E .text C:\Documents and Settings\Nauczyciele\Pulpit\zejd9idq.exe[3928] ADVAPI32.dll!ChangeServiceConfigA + 193 77E26FFC 7 Bytes JMP 003E03D6 .text C:\Documents and Settings\Nauczyciele\Pulpit\zejd9idq.exe[3928] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E2720C 2 Bytes JMP 003E02F2 .text C:\Documents and Settings\Nauczyciele\Pulpit\zejd9idq.exe[3928] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E2720F 4 Bytes [5B, 88, EB, F9] {POP EBX; MOV BL, CH; STC } .text C:\Documents and Settings\Nauczyciele\Pulpit\zejd9idq.exe[3928] ADVAPI32.dll!CreateServiceA + 193 77E273A4 7 Bytes JMP 003E04BA .text C:\Documents and Settings\Nauczyciele\Pulpit\zejd9idq.exe[3928] ADVAPI32.dll!CreateServiceW + 103 77E274AC 7 Bytes JMP 003E0766 .text C:\Documents and Settings\Nauczyciele\Pulpit\zejd9idq.exe[3928] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 003E084A ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 2.1 ----