GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-18 11:37:01 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3250310AS rev.3.AAA 232,88GB Running: 72w5r3qe.exe; Driver: C:\DOCUME~1\PIOTRE~1\USTAWI~1\Temp\kwlyrpow.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB68003C0, 0x843B7A, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 1C, 61, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 1F, 61, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 1C, 61, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 1D, 61, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B913736 .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 1E, 61, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 1D, 61, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 1E, 61, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9137A7 .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 1C, 61, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9138D5 .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 1D, 61, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 1E, 61, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 1F, 61, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 58, C6, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 5B, C6, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 58, C6, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 59, C6, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B919C72 .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 5A, C6, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 59, C6, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 5A, C6, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B919CE3 .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 58, C6, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B919E11 .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 59, C6, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 5A, C6, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 5B, C6, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 0C, D6, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 0F, D6, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 0C, D6, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 0D, D6, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91AC26 .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 0E, D6, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 0D, D6, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 0E, D6, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91AC97 .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 0C, D6, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91ADC5 .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 0D, D6, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 0E, D6, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 0F, D6, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 74, 56, 00] {SUB [ESI+EDX*2+0x0], DH} .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 77, 56, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 74, 56, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 75, 56, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912C8E .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 76, 56, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 75, 56, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 76, 56, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912CFF .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 74, 56, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912E2D .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 75, 56, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 76, 56, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 77, 56, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3904] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 78, EA, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3904] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3904] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 7B, EA, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3904] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3904] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 78, EA, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3904] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3904] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 79, EA, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3904] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3904] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91C092 .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3904] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3904] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 7A, EA, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3904] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3904] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 79, EA, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3904] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3904] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 7A, EA, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3904] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3904] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91C103 .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3904] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3904] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 78, EA, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3904] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3904] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91C231 .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3904] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3904] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 79, EA, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3904] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3904] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 7A, EA, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3904] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3904] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 7B, EA, 00] .text C:\Documents and Settings\Piotrek11\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3904] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x40 0xAF 0x6C 0xDB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF9 0xC9 0xA9 0x2C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEA 0x48 0x64 0x08 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x56 0x83 0x13 0xEB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x9A 0xBE 0x5C 0x32 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x81 0x52 0x91 0x14 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x40 0xAF 0x6C 0xDB ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF9 0xC9 0xA9 0x2C ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEA 0x48 0x64 0x08 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x56 0x83 0x13 0xEB ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x9A 0xBE 0x5C 0x32 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x81 0x52 0x91 0x14 ... ---- EOF - GMER 2.1 ----