GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-04-22 21:12:15
Windows 6.1.7600  \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 298,09GB
Running: gmer.exe; Driver: C:\Users\Cisu\AppData\Local\Temp\aftcaaog.sys


---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                 83E60579 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                          83E84F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           C:\windows\system32\DRIVERS\lirsgt.sys                                                                          section is writeable [0xA29C0300, 0x1B7E, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text           C:\windows\Explorer.EXE[1708] WS2_32.dll!WSASend                                                                772668A7 5 Bytes  JMP 045B0000 
.text           C:\windows\Explorer.EXE[1708] WS2_32.dll!send                                                                   7726C4C8 5 Bytes  JMP 036D0000 
.text           C:\windows\Explorer.EXE[1708] WININET.dll!HttpSendRequestW                                                      772BEEF3 5 Bytes  JMP 05960000 
.text           C:\windows\Explorer.EXE[1708] WININET.dll!HttpSendRequestA                                                      773300FC 1 Byte  [E9]
.text           C:\windows\Explorer.EXE[1708] WININET.dll!HttpSendRequestA                                                      773300FC 5 Bytes  JMP 05F10000 
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[3104] ntdll.dll!NtCreateFile + 6               77754A16 4 Bytes  [28, D8, AF, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[3104] ntdll.dll!NtCreateFile + B               77754A1B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[3104] ntdll.dll!NtMapViewOfSection + 6         77755076 4 Bytes  [28, DB, AF, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[3104] ntdll.dll!NtMapViewOfSection + B         7775507B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[3104] ntdll.dll!NtOpenFile + 6                 77755126 4 Bytes  [68, D8, AF, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[3104] ntdll.dll!NtOpenFile + B                 7775512B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[3104] ntdll.dll!NtOpenProcess + 6              777551D6 4 Bytes  [A8, D9, AF, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[3104] ntdll.dll!NtOpenProcess + B              777551DB 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[3104] ntdll.dll!NtOpenProcessToken + B         777551EB 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[3104] ntdll.dll!NtOpenProcessTokenEx + 6       777551F6 4 Bytes  [A8, DA, AF, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[3104] ntdll.dll!NtOpenProcessTokenEx + B       777551FB 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[3104] ntdll.dll!NtOpenThread + 6               77755256 4 Bytes  [68, D9, AF, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[3104] ntdll.dll!NtOpenThread + B               7775525B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[3104] ntdll.dll!NtOpenThreadToken + 6          77755266 4 Bytes  [68, DA, AF, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[3104] ntdll.dll!NtOpenThreadToken + B          7775526B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[3104] ntdll.dll!NtOpenThreadTokenEx + B        7775527B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[3104] ntdll.dll!NtQueryAttributesFile + 6      77755386 4 Bytes  [A8, D8, AF, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[3104] ntdll.dll!NtQueryAttributesFile + B      7775538B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[3104] ntdll.dll!NtQueryFullAttributesFile + B  7775543B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[3104] ntdll.dll!NtSetInformationFile + 6       77755A86 4 Bytes  [28, D9, AF, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[3104] ntdll.dll!NtSetInformationFile + B       77755A8B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[3104] ntdll.dll!NtSetInformationThread + 6     77755AE6 4 Bytes  [28, DA, AF, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[3104] ntdll.dll!NtSetInformationThread + B     77755AEB 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[3104] ntdll.dll!NtUnmapViewOfSection + 6       77755E06 4 Bytes  [68, DB, AF, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[3104] ntdll.dll!NtUnmapViewOfSection + B       77755E0B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\egsbcy.exe[3216] WININET.dll!HttpSendRequestW                                       772BEEF3 5 Bytes  JMP 005B0000 
.text           C:\Users\Cisu\AppData\Local\egsbcy.exe[3216] WININET.dll!HttpSendRequestA                                       773300FC 1 Byte  [E9]
.text           C:\Users\Cisu\AppData\Local\egsbcy.exe[3216] WININET.dll!HttpSendRequestA                                       773300FC 5 Bytes  JMP 005C0000 
.text           C:\Users\Cisu\AppData\Local\egsbcy.exe[3216] ws2_32.dll!WSASend                                                 772668A7 5 Bytes  JMP 005A0000 
.text           C:\Users\Cisu\AppData\Local\egsbcy.exe[3216] ws2_32.dll!send                                                    7726C4C8 5 Bytes  JMP 00590000 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3988] WININET.dll!HttpSendRequestW                   772BEEF3 5 Bytes  JMP 003D0000 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3988] WININET.dll!HttpSendRequestA                   773300FC 1 Byte  [E9]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3988] WININET.dll!HttpSendRequestA                   773300FC 5 Bytes  JMP 003E0000 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3988] ws2_32.dll!WSASend                             772668A7 5 Bytes  JMP 003C0000 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3988] ws2_32.dll!send                                7726C4C8 5 Bytes  JMP 00250000 
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4672] WS2_32.dll!WSASend                       772668A7 5 Bytes  JMP 03F30000 
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4672] WS2_32.dll!send                          7726C4C8 5 Bytes  JMP 033A0000 
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4672] wininet.dll!HttpSendRequestW             772BEEF3 5 Bytes  JMP 03F40000 
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4672] wininet.dll!HttpSendRequestA             773300FC 1 Byte  [E9]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4672] wininet.dll!HttpSendRequestA             773300FC 5 Bytes  JMP 04150000 
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4776] ntdll.dll!NtCreateFile + 6               77754A16 4 Bytes  [28, A8, D6, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4776] ntdll.dll!NtCreateFile + B               77754A1B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4776] ntdll.dll!NtMapViewOfSection + 6         77755076 4 Bytes  [28, AB, D6, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4776] ntdll.dll!NtMapViewOfSection + B         7775507B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4776] ntdll.dll!NtOpenFile + 6                 77755126 4 Bytes  [68, A8, D6, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4776] ntdll.dll!NtOpenFile + B                 7775512B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4776] ntdll.dll!NtOpenProcess + 6              777551D6 4 Bytes  [A8, A9, D6, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4776] ntdll.dll!NtOpenProcess + B              777551DB 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4776] ntdll.dll!NtOpenProcessToken + B         777551EB 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4776] ntdll.dll!NtOpenProcessTokenEx + 6       777551F6 4 Bytes  [A8, AA, D6, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4776] ntdll.dll!NtOpenProcessTokenEx + B       777551FB 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4776] ntdll.dll!NtOpenThread + 6               77755256 4 Bytes  [68, A9, D6, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4776] ntdll.dll!NtOpenThread + B               7775525B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4776] ntdll.dll!NtOpenThreadToken + 6          77755266 4 Bytes  [68, AA, D6, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4776] ntdll.dll!NtOpenThreadToken + B          7775526B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4776] ntdll.dll!NtOpenThreadTokenEx + B        7775527B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4776] ntdll.dll!NtQueryAttributesFile + 6      77755386 4 Bytes  [A8, A8, D6, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4776] ntdll.dll!NtQueryAttributesFile + B      7775538B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4776] ntdll.dll!NtQueryFullAttributesFile + B  7775543B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4776] ntdll.dll!NtSetInformationFile + 6       77755A86 4 Bytes  [28, A9, D6, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4776] ntdll.dll!NtSetInformationFile + B       77755A8B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4776] ntdll.dll!NtSetInformationThread + 6     77755AE6 4 Bytes  [28, AA, D6, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4776] ntdll.dll!NtSetInformationThread + B     77755AEB 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4776] ntdll.dll!NtUnmapViewOfSection + 6       77755E06 4 Bytes  [68, AB, D6, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4776] ntdll.dll!NtUnmapViewOfSection + B       77755E0B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtCreateFile + 6               77754A16 4 Bytes  [28, AC, 99, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtCreateFile + B               77754A1B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtMapViewOfSection + 6         77755076 4 Bytes  [28, AF, 99, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtMapViewOfSection + B         7775507B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtOpenFile + 6                 77755126 4 Bytes  [68, AC, 99, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtOpenFile + B                 7775512B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtOpenProcess + 6              777551D6 4 Bytes  [A8, AD, 99, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtOpenProcess + B              777551DB 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtOpenProcessToken + B         777551EB 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtOpenProcessTokenEx + 6       777551F6 4 Bytes  [A8, AE, 99, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtOpenProcessTokenEx + B       777551FB 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtOpenThread + 6               77755256 4 Bytes  [68, AD, 99, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtOpenThread + B               7775525B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtOpenThreadToken + 6          77755266 4 Bytes  [68, AE, 99, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtOpenThreadToken + B          7775526B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtOpenThreadTokenEx + B        7775527B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtQueryAttributesFile + 6      77755386 4 Bytes  [A8, AC, 99, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtQueryAttributesFile + B      7775538B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtQueryFullAttributesFile + B  7775543B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtSetInformationFile + 6       77755A86 4 Bytes  [28, AD, 99, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtSetInformationFile + B       77755A8B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtSetInformationThread + 6     77755AE6 4 Bytes  [28, AE, 99, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtSetInformationThread + B     77755AEB 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtUnmapViewOfSection + 6       77755E06 4 Bytes  [68, AF, 99, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtUnmapViewOfSection + B       77755E0B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtCreateFile + 6               77754A16 4 Bytes  [28, 58, 33, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtCreateFile + B               77754A1B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtMapViewOfSection + 6         77755076 4 Bytes  [28, 5B, 33, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtMapViewOfSection + B         7775507B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenFile + 6                 77755126 4 Bytes  [68, 58, 33, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenFile + B                 7775512B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenProcess + 6              777551D6 4 Bytes  [A8, 59, 33, 00] {TEST AL, 0x59; XOR EAX, [EAX]}
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenProcess + B              777551DB 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenProcessToken + B         777551EB 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenProcessTokenEx + 6       777551F6 4 Bytes  [A8, 5A, 33, 00] {TEST AL, 0x5a; XOR EAX, [EAX]}
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenProcessTokenEx + B       777551FB 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenThread + 6               77755256 4 Bytes  [68, 59, 33, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenThread + B               7775525B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenThreadToken + 6          77755266 4 Bytes  [68, 5A, 33, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenThreadToken + B          7775526B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenThreadTokenEx + B        7775527B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtQueryAttributesFile + 6      77755386 4 Bytes  [A8, 58, 33, 00] {TEST AL, 0x58; XOR EAX, [EAX]}
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtQueryAttributesFile + B      7775538B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtQueryFullAttributesFile + B  7775543B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtSetInformationFile + 6       77755A86 4 Bytes  [28, 59, 33, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtSetInformationFile + B       77755A8B 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtSetInformationThread + 6     77755AE6 4 Bytes  [28, 5A, 33, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtSetInformationThread + B     77755AEB 1 Byte  [E2]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtUnmapViewOfSection + 6       77755E06 4 Bytes  [68, 5B, 33, 00]
.text           C:\Users\Cisu\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtUnmapViewOfSection + B       77755E0B 1 Byte  [E2]

---- User IAT/EAT - GMER 2.1 ----

IAT             C:\windows\Explorer.EXE[1708] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree]                                  [7443250F] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT             C:\windows\Explorer.EXE[1708] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                 [74432494] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT             C:\windows\Explorer.EXE[1708] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                            [74415624] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT             C:\windows\Explorer.EXE[1708] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                           [744156E2] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT             C:\windows\Explorer.EXE[1708] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                        [74428573] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT             C:\windows\Explorer.EXE[1708] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                          [74424D27] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT             C:\windows\Explorer.EXE[1708] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                         [744250CE] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT             C:\windows\Explorer.EXE[1708] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                        [744251A3] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT             C:\windows\Explorer.EXE[1708] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]               [744266D0] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT             C:\windows\Explorer.EXE[1708] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                         [744282CA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT             C:\windows\Explorer.EXE[1708] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                    [74428819] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT             C:\windows\Explorer.EXE[1708] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                  [7442907A] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT             C:\windows\Explorer.EXE[1708] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                        [7442E21D] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT             C:\windows\Explorer.EXE[1708] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                            [74424C59] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                         Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                         Wdf01000.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654edff                                     
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f493                                     
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f652                                     
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b6d7fd80                                     
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b6d7fd80@0019b74ccde3                        0x26 0xC4 0xCF 0xF6 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b6d7fd80@001eb23dc6d8                        0x00 0xBD 0xC9 0x73 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export                                              ???u?????????????u??input.inf????????????????v???u??????5-???????k????N??}??????????????????s????????u??????????? ???????o?????u?????t??????????Z?????????????:??t????????h??????????????  ?????????????? ??????S????????????&???????u??????????? ?????????????L????????ag???????-??USB?????btwl2cap?????????z???????????????????????|??????????? ???????u???????????p?:????????????,???????????????????????????????????????????????6-21-2006???????????? ???????t?????t?????????????????????????s??NDIS????? ???????t???????????o????????(???????1??????????????0??????????????????t????????????}???k??? ???????t???????????o????????(????????1????????????????t????????????b???d???????????t?t1????u??? ???????t???????????`????????(?????????????????????????p???????????????HidUsb?06?????xu1????u?t?u?u????? ???????t???????????t?,??????(?????????????????????????????????????????????????????? ???????t???????????o????????(???????6??????????????4??ee??PEAUTH????????????X??????}???t?????t1??t???t???t???????t6? u???????????????????????????e?????u?
Reg             HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export                                         ????????????1.??0???? ?????????????e?????????????????????????????????????2??????\\?\USBSTOR#Disk&Ven_HUAWEI&Prod_MMC_Storage&Rev_2.31#8&10a2c2bf&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}?????N??????????????????????????????????????????k?s?v?v????????????Urz?dzenie wej?ciowe USB?$????????????????????X?????????????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32815|Desc=@FirewallAPI.dll,-32816|EmbedCtxt=@FirewallAPI.dll,-32752|?<???<??????|???? ????????????????????????????N?????????????????\\?\STORAGE#Volume#_??_USBSTOR#Disk&Ven_HUAWEI&Prod_MMC_Storage&Rev_2.31#8&10a2c2bf&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}??????????????????????????????0???????????w??????????????????????????????????Stacja dysk?w???v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=Odnajdowanie sieci (ruch przychodz?cy UPnP)|Desc=Regu?a
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654edff (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f493 (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f652 (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b6d7fd80 (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b6d7fd80@0019b74ccde3                            0x26 0xC4 0xCF 0xF6 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b6d7fd80@001eb23dc6d8                            0x00 0xBD 0xC9 0x73 ...
Reg             HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export                                                  ???s?????????e?????????????????e????.NT?????????p????????~????T??????????????d???????????????????l??? ???????s???????????s????????&????? ??????????????????????????????e????? ???????o?????s?? ??s????????$?????????c????????s?????????e????@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193??????????????????????????????s????????h?????"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"???????????????t??????s?????s?????? ????????????????s?????????n????@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8192??????????s???+??????? ???s??????????????LocalSystem??????????????????????????s?s?s?s?s?s?s???s???????s??????????????????SeTcbPrivilege?SeAssignPrimaryTokenPrivilege?SeTakeOwnershipPrivilege?SeBackupPrivilege?SeRestorePrivilege?SeImpersonatePrivilege?????????,??s???????????????????????????????????????s?s?s?s?s?s?s?s?s?s????? ???????s???????????s?????????????????????????
Reg             HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export                                             ???s?????????2??? ???????s????????????????????,?B??? ???????????? B??s??????????????%SystemRoot%\System32\ikeext.dll?????????????????????????????????s?????????n????IkeServiceMain??????? ???????s?????s???????????????????????????o???????s???s????? ???????s???????????s??????????\?????0????????????????????????s0????????s????????????????????????\??s??????0???500?UDP?%windir%\system32\svchost.exe?IKEEXT?????s?s?s?s?s????????????????0?????? ???????o?????s????????????????????????????? ???????s?????????????????????????? ??????????????s????? ???????o???????????s??????????T???????????System Bus Extender??????{?{?{???s?s?s??\SystemRoot\system32\DRIVERS\isapnp.sys?r?????$??s??????p???*6to4mp????????s???s??????????????:??s????????h?????????????????????????????????????????????????????????????????6-21-2006???BTAUDIO?????Microsoft????????k???|??? ???????o??????????????????????J???????????????????????????%SystemRoot%\system32\srvsvc.dll????USB??????????????????????????????d?????????V2A??HIDClass????????????HIDClass???????????

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                                           unknown MBR code

---- EOF - GMER 2.1 ----