GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-10-07 21:47:00 Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1 298,09GB Running: 9vyx3drl.exe; Driver: C:\Users\GRZE~1\AppData\Local\Temp\kgloqpow.sys ---- System - GMER 2.1 ---- SSDT 8D5FEE56 ZwCreateSection SSDT 8D5FEE60 ZwRequestWaitReplyPort SSDT 8D5FEE5B ZwSetContextThread SSDT 8D5FEE65 ZwSetSecurityObject SSDT 8D5FEE6A ZwSystemDebugControl SSDT 8D5FEDF7 ZwTerminateProcess INT 0x72 ? 86FB5BF8 INT 0x82 ? 86FB5BF8 INT 0x92 ? 86FB5BF8 INT 0xA2 ? 86FB5BF8 INT 0xB2 ? 857C1BF8 INT 0xB2 ? 86FB5BF8 INT 0xB2 ? 86FB5BF8 INT 0xB2 ? 86FB5BF8 INT 0xB2 ? 857C1BF8 ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!KeInsertQueue + 405 824709CC 4 Bytes [56, EE, 5F, 8D] .text ntoskrnl.exe!KeInsertQueue + 729 82470CF0 4 Bytes [60, EE, 5F, 8D] .text ntoskrnl.exe!KeInsertQueue + 75D 82470D24 4 Bytes [5B, EE, 5F, 8D] .text ntoskrnl.exe!KeInsertQueue + 7C1 82470D88 4 Bytes [65, EE, 5F, 8D] .text ntoskrnl.exe!KeInsertQueue + 809 82470DD0 4 Bytes [6A, EE, 5F, 8D] .text ... ? System32\Drivers\spwc.sys System nie może odnaleźć określonej ścieżki. ! ? \Programy\DAEMON Tools Lite\Engine.dll System nie może odnaleźć określonej ścieżki. ! ---- User code sections - GMER 2.1 ---- .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtCreateFile + 6 76EF7C7E 4 Bytes [28, EC, E5, 00] {SUB AH, CH; IN EAX, 0x0} .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtCreateFile + B 76EF7C83 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtMapViewOfSection + 6 76EF83CE 4 Bytes [28, EF, E5, 00] {SUB BH, CH; IN EAX, 0x0} .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtMapViewOfSection + B 76EF83D3 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenFile + 6 76EF845E 4 Bytes [68, EC, E5, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenFile + B 76EF8463 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenProcess + 6 76EF84DE 4 Bytes [A8, ED, E5, 00] {TEST AL, 0xed; IN EAX, 0x0} .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenProcess + B 76EF84E3 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenProcessToken + 6 76EF84EE 4 Bytes CALL 75F06AE0 C:\Windows\system32\SHELL32.dll .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenProcessToken + B 76EF84F3 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenProcessTokenEx + 6 76EF84FE 4 Bytes [A8, EE, E5, 00] {TEST AL, 0xee; IN EAX, 0x0} .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenProcessTokenEx + B 76EF8503 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenThread + 6 76EF854E 4 Bytes [68, ED, E5, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenThread + B 76EF8553 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenThreadToken + 6 76EF855E 4 Bytes [68, EE, E5, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenThreadToken + B 76EF8563 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenThreadTokenEx + 6 76EF856E 4 Bytes CALL 75F06B61 C:\Windows\system32\SHELL32.dll .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenThreadTokenEx + B 76EF8573 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtQueryAttributesFile + 6 76EF85FE 4 Bytes [A8, EC, E5, 00] {TEST AL, 0xec; IN EAX, 0x0} .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtQueryAttributesFile + B 76EF8603 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtQueryFullAttributesFile + 6 76EF86AE 4 Bytes CALL 75F06C9F C:\Windows\system32\SHELL32.dll .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtQueryFullAttributesFile + B 76EF86B3 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtSetInformationFile + 6 76EF8B8E 4 Bytes [28, ED, E5, 00] {SUB CH, CH; IN EAX, 0x0} .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtSetInformationFile + B 76EF8B93 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtSetInformationThread + 6 76EF8BDE 4 Bytes [28, EE, E5, 00] {SUB DH, CH; IN EAX, 0x0} .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtSetInformationThread + B 76EF8BE3 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtUnmapViewOfSection + 6 76EF8E7E 4 Bytes [68, EF, E5, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtUnmapViewOfSection + B 76EF8E83 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtCreateFile + 6 76EF7C7E 4 Bytes [28, 98, B9, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtCreateFile + B 76EF7C83 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtMapViewOfSection + 6 76EF83CE 4 Bytes [28, 9B, B9, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtMapViewOfSection + B 76EF83D3 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenFile + 6 76EF845E 4 Bytes [68, 98, B9, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenFile + B 76EF8463 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenProcess + 6 76EF84DE 4 Bytes [A8, 99, B9, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenProcess + B 76EF84E3 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenProcessToken + 6 76EF84EE 4 Bytes CALL 75F03E8C C:\Windows\system32\SHELL32.dll .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenProcessToken + B 76EF84F3 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenProcessTokenEx + 6 76EF84FE 4 Bytes [A8, 9A, B9, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenProcessTokenEx + B 76EF8503 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenThread + 6 76EF854E 4 Bytes [68, 99, B9, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenThread + B 76EF8553 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenThreadToken + 6 76EF855E 4 Bytes [68, 9A, B9, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenThreadToken + B 76EF8563 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenThreadTokenEx + 6 76EF856E 4 Bytes CALL 75F03F0D C:\Windows\system32\SHELL32.dll .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenThreadTokenEx + B 76EF8573 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtQueryAttributesFile + 6 76EF85FE 4 Bytes [A8, 98, B9, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtQueryAttributesFile + B 76EF8603 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtQueryFullAttributesFile + 6 76EF86AE 4 Bytes CALL 75F0404B C:\Windows\system32\SHELL32.dll .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtQueryFullAttributesFile + B 76EF86B3 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtSetInformationFile + 6 76EF8B8E 4 Bytes [28, 99, B9, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtSetInformationFile + B 76EF8B93 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtSetInformationThread + 6 76EF8BDE 4 Bytes [28, 9A, B9, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtSetInformationThread + B 76EF8BE3 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtUnmapViewOfSection + 6 76EF8E7E 4 Bytes [68, 9B, B9, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtUnmapViewOfSection + B 76EF8E83 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtCreateFile + 6 76EF7C7E 4 Bytes [28, 48, 7C, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtCreateFile + B 76EF7C83 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtMapViewOfSection + 6 76EF83CE 4 Bytes [28, 4B, 7C, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtMapViewOfSection + B 76EF83D3 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenFile + 6 76EF845E 4 Bytes [68, 48, 7C, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenFile + B 76EF8463 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcess + 6 76EF84DE 4 Bytes [A8, 49, 7C, 00] {TEST AL, 0x49; JL 0x4} .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcess + B 76EF84E3 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcessToken + 6 76EF84EE 4 Bytes CALL 75F0013C C:\Windows\system32\SHELL32.dll .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcessToken + B 76EF84F3 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcessTokenEx + 6 76EF84FE 4 Bytes [A8, 4A, 7C, 00] {TEST AL, 0x4a; JL 0x4} .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcessTokenEx + B 76EF8503 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThread + 6 76EF854E 4 Bytes [68, 49, 7C, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThread + B 76EF8553 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThreadToken + 6 76EF855E 4 Bytes [68, 4A, 7C, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThreadToken + B 76EF8563 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThreadTokenEx + 6 76EF856E 4 Bytes CALL 75F001BD C:\Windows\system32\SHELL32.dll .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThreadTokenEx + B 76EF8573 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtQueryAttributesFile + 6 76EF85FE 4 Bytes [A8, 48, 7C, 00] {TEST AL, 0x48; JL 0x4} .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtQueryAttributesFile + B 76EF8603 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtQueryFullAttributesFile + 6 76EF86AE 4 Bytes CALL 75F002FB C:\Windows\system32\SHELL32.dll .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtQueryFullAttributesFile + B 76EF86B3 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtSetInformationFile + 6 76EF8B8E 4 Bytes [28, 49, 7C, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtSetInformationFile + B 76EF8B93 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtSetInformationThread + 6 76EF8BDE 4 Bytes [28, 4A, 7C, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtSetInformationThread + B 76EF8BE3 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtUnmapViewOfSection + 6 76EF8E7E 4 Bytes [68, 4B, 7C, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtUnmapViewOfSection + B 76EF8E83 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3136] ntdll.dll!NtCreateFile + 6 76EF7C7E 4 Bytes [28, B8, D3, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3136] ntdll.dll!NtCreateFile + B 76EF7C83 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3136] ntdll.dll!NtMapViewOfSection + 6 76EF83CE 4 Bytes [28, BB, D3, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3136] ntdll.dll!NtMapViewOfSection + B 76EF83D3 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3136] ntdll.dll!NtOpenFile + 6 76EF845E 4 Bytes [68, B8, D3, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3136] ntdll.dll!NtOpenFile + B 76EF8463 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3136] ntdll.dll!NtOpenProcess + 6 76EF84DE 4 Bytes [A8, B9, D3, 00] {TEST AL, 0xb9; ROL [EAX], CL} .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3136] ntdll.dll!NtOpenProcess + B 76EF84E3 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3136] ntdll.dll!NtOpenProcessToken + 6 76EF84EE 4 Bytes CALL 75F058AC C:\Windows\system32\SHELL32.dll .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3136] ntdll.dll!NtOpenProcessToken + B 76EF84F3 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3136] ntdll.dll!NtOpenProcessTokenEx + 6 76EF84FE 4 Bytes [A8, BA, D3, 00] {TEST AL, 0xba; ROL [EAX], CL} .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3136] ntdll.dll!NtOpenProcessTokenEx + B 76EF8503 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3136] ntdll.dll!NtOpenThread + 6 76EF854E 4 Bytes [68, B9, D3, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3136] ntdll.dll!NtOpenThread + B 76EF8553 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3136] ntdll.dll!NtOpenThreadToken + 6 76EF855E 4 Bytes [68, BA, D3, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3136] ntdll.dll!NtOpenThreadToken + B 76EF8563 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3136] ntdll.dll!NtOpenThreadTokenEx + 6 76EF856E 4 Bytes CALL 75F0592D C:\Windows\system32\SHELL32.dll .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3136] ntdll.dll!NtOpenThreadTokenEx + B 76EF8573 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3136] ntdll.dll!NtQueryAttributesFile + 6 76EF85FE 4 Bytes [A8, B8, D3, 00] {TEST AL, 0xb8; ROL [EAX], CL} .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3136] ntdll.dll!NtQueryAttributesFile + B 76EF8603 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3136] ntdll.dll!NtQueryFullAttributesFile + 6 76EF86AE 4 Bytes CALL 75F05A6B C:\Windows\system32\SHELL32.dll .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3136] ntdll.dll!NtQueryFullAttributesFile + B 76EF86B3 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3136] ntdll.dll!NtSetInformationFile + 6 76EF8B8E 4 Bytes [28, B9, D3, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3136] ntdll.dll!NtSetInformationFile + B 76EF8B93 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3136] ntdll.dll!NtSetInformationThread + 6 76EF8BDE 4 Bytes [28, BA, D3, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3136] ntdll.dll!NtSetInformationThread + B 76EF8BE3 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3136] ntdll.dll!NtUnmapViewOfSection + 6 76EF8E7E 4 Bytes [68, BB, D3, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3136] ntdll.dll!NtUnmapViewOfSection + B 76EF8E83 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtCreateFile + 6 76EF7C7E 4 Bytes [28, 3C, 33, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtCreateFile + B 76EF7C83 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtMapViewOfSection + 6 76EF83CE 4 Bytes [28, 3F, 33, 00] {SUB [EDI], BH; XOR EAX, [EAX]} .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtMapViewOfSection + B 76EF83D3 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenFile + 6 76EF845E 4 Bytes [68, 3C, 33, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenFile + B 76EF8463 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenProcess + 6 76EF84DE 4 Bytes [A8, 3D, 33, 00] {TEST AL, 0x3d; XOR EAX, [EAX]} .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenProcess + B 76EF84E3 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenProcessToken + 6 76EF84EE 4 Bytes CALL 75EFB830 C:\Windows\system32\SHELL32.dll .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenProcessToken + B 76EF84F3 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenProcessTokenEx + 6 76EF84FE 4 Bytes [A8, 3E, 33, 00] {TEST AL, 0x3e; XOR EAX, [EAX]} .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenProcessTokenEx + B 76EF8503 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenThread + 6 76EF854E 4 Bytes [68, 3D, 33, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenThread + B 76EF8553 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenThreadToken + 6 76EF855E 4 Bytes [68, 3E, 33, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenThreadToken + B 76EF8563 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenThreadTokenEx + 6 76EF856E 4 Bytes CALL 75EFB8B1 C:\Windows\system32\SHELL32.dll .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenThreadTokenEx + B 76EF8573 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtQueryAttributesFile + 6 76EF85FE 4 Bytes [A8, 3C, 33, 00] {TEST AL, 0x3c; XOR EAX, [EAX]} .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtQueryAttributesFile + B 76EF8603 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtQueryFullAttributesFile + 6 76EF86AE 4 Bytes CALL 75EFB9EF C:\Windows\system32\SHELL32.dll .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtQueryFullAttributesFile + B 76EF86B3 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtSetInformationFile + 6 76EF8B8E 4 Bytes [28, 3D, 33, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtSetInformationFile + B 76EF8B93 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtSetInformationThread + 6 76EF8BDE 4 Bytes [28, 3E, 33, 00] {SUB [ESI], BH; XOR EAX, [EAX]} .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtSetInformationThread + B 76EF8BE3 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtUnmapViewOfSection + 6 76EF8E7E 4 Bytes [68, 3F, 33, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtUnmapViewOfSection + B 76EF8E83 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtCreateFile + 6 76EF7C7E 4 Bytes [28, B4, 33, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtCreateFile + B 76EF7C83 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtMapViewOfSection + 6 76EF83CE 4 Bytes [28, B7, 33, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtMapViewOfSection + B 76EF83D3 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenFile + 6 76EF845E 4 Bytes [68, B4, 33, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenFile + B 76EF8463 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenProcess + 6 76EF84DE 4 Bytes [A8, B5, 33, 00] {TEST AL, 0xb5; XOR EAX, [EAX]} .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenProcess + B 76EF84E3 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenProcessToken + 6 76EF84EE 4 Bytes CALL 75EFB8A8 C:\Windows\system32\SHELL32.dll .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenProcessToken + B 76EF84F3 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenProcessTokenEx + 6 76EF84FE 4 Bytes [A8, B6, 33, 00] {TEST AL, 0xb6; XOR EAX, [EAX]} .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenProcessTokenEx + B 76EF8503 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenThread + 6 76EF854E 4 Bytes [68, B5, 33, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenThread + B 76EF8553 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenThreadToken + 6 76EF855E 4 Bytes [68, B6, 33, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenThreadToken + B 76EF8563 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenThreadTokenEx + 6 76EF856E 4 Bytes CALL 75EFB929 C:\Windows\system32\SHELL32.dll .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenThreadTokenEx + B 76EF8573 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtQueryAttributesFile + 6 76EF85FE 4 Bytes [A8, B4, 33, 00] {TEST AL, 0xb4; XOR EAX, [EAX]} .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtQueryAttributesFile + B 76EF8603 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtQueryFullAttributesFile + 6 76EF86AE 4 Bytes CALL 75EFBA67 C:\Windows\system32\SHELL32.dll .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtQueryFullAttributesFile + B 76EF86B3 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtSetInformationFile + 6 76EF8B8E 4 Bytes [28, B5, 33, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtSetInformationFile + B 76EF8B93 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtSetInformationThread + 6 76EF8BDE 4 Bytes [28, B6, 33, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtSetInformationThread + B 76EF8BE3 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtUnmapViewOfSection + 6 76EF8E7E 4 Bytes [68, B7, 33, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtUnmapViewOfSection + B 76EF8E83 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtCreateFile + 6 76EF7C7E 4 Bytes [28, 3C, 51, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtCreateFile + B 76EF7C83 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtMapViewOfSection + 6 76EF83CE 4 Bytes [28, 3F, 51, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtMapViewOfSection + B 76EF83D3 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenFile + 6 76EF845E 4 Bytes [68, 3C, 51, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenFile + B 76EF8463 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenProcess + 6 76EF84DE 4 Bytes [A8, 3D, 51, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenProcess + B 76EF84E3 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenProcessToken + 6 76EF84EE 4 Bytes CALL 75EFD630 C:\Windows\system32\SHELL32.dll .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenProcessToken + B 76EF84F3 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenProcessTokenEx + 6 76EF84FE 4 Bytes [A8, 3E, 51, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenProcessTokenEx + B 76EF8503 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenThread + 6 76EF854E 4 Bytes [68, 3D, 51, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenThread + B 76EF8553 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenThreadToken + 6 76EF855E 4 Bytes [68, 3E, 51, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenThreadToken + B 76EF8563 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenThreadTokenEx + 6 76EF856E 4 Bytes CALL 75EFD6B1 C:\Windows\system32\SHELL32.dll .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenThreadTokenEx + B 76EF8573 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtQueryAttributesFile + 6 76EF85FE 4 Bytes [A8, 3C, 51, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtQueryAttributesFile + B 76EF8603 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtQueryFullAttributesFile + 6 76EF86AE 4 Bytes CALL 75EFD7EF C:\Windows\system32\SHELL32.dll .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtQueryFullAttributesFile + B 76EF86B3 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtSetInformationFile + 6 76EF8B8E 4 Bytes [28, 3D, 51, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtSetInformationFile + B 76EF8B93 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtSetInformationThread + 6 76EF8BDE 4 Bytes [28, 3E, 51, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtSetInformationThread + B 76EF8BE3 1 Byte [E2] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtUnmapViewOfSection + 6 76EF8E7E 4 Bytes [68, 3F, 51, 00] .text C:\Users\Grześ\AppData\Local\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtUnmapViewOfSection + B 76EF8E83 1 Byte [E2] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73AE8864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73B29855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73AEB984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73ADFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73AE7A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73ADEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73B1B12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73AEBC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73AE0756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73AE06BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73AD71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73B6D9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73B07329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73ADE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73AD697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73AD69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73AE2475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.exe[3412] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [73AE8864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.exe[3412] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [73B29855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.exe[3412] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [73AEB984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.exe[3412] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [73ADFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.exe[3412] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [73AE7A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.exe[3412] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [73ADEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.exe[3412] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73B1B12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.exe[3412] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [73AEBC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.exe[3412] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [73AE0756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.exe[3412] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [73AE06BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.exe[3412] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [73AD71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.exe[3412] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [73B6D9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.exe[3412] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [73B07329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.exe[3412] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73ADE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.exe[3412] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [73AD697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.exe[3412] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [73AD69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.exe[3412] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73AE2475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 857C41F8 AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys Device \Driver\volmgr \Device\VolMgrControl 857BF1F8 Device \Driver\usbuhci \Device\USBPDO-0 854871F8 Device \Driver\netbt \Device\NetBT_Tcpip_{5BFDD8BC-89AC-49C8-BA5A-23778EAB30DF} 87AA9500 Device \Driver\usbuhci \Device\USBPDO-1 854871F8 Device \Driver\usbuhci \Device\USBPDO-2 854871F8 Device \Driver\usbehci \Device\USBPDO-3 86FEB1F8 Device \Driver\usbuhci \Device\USBPDO-4 854871F8 Device \Driver\usbuhci \Device\USBPDO-5 854871F8 Device \Driver\usbuhci \Device\USBPDO-6 854871F8 Device \Driver\volmgr \Device\HarddiskVolume1 857BF1F8 Device \Driver\usbehci \Device\USBPDO-7 86FEB1F8 Device \Driver\volmgr \Device\HarddiskVolume2 857BF1F8 Device \Driver\cdrom \Device\CdRom0 870361F8 Device \Driver\netbt \Device\NetBT_Tcpip_{B5C32751-2BFD-4EBC-9CEC-EDEC74446805} 87AA9500 Device \Driver\volmgr \Device\HarddiskVolume3 857BF1F8 Device \Driver\iaStor \Device\Ide\iaStor0 [8A4A60B0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8A4A60B0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [8A4A60B0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\BTHUSB \Device\00000074 bthport.sys Device \Driver\BTHUSB \Device\00000076 bthport.sys Device \Driver\netbt \Device\NetBt_Wins_Export 87AA9500 Device \Driver\Smb \Device\NetbiosSmb 87AA81F8 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys spwc.sys hal.dll >>UNKNOWN [0x85778938]<< 85778938 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86335ac8] 86335ac8 Trace 3 CLASSPNP.SYS[8a9a3745] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8582d028] 8582d028 ---- Processes - GMER 2.1 ---- Process (*** hidden *** ) [4] 849E17D0 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310@fce557532743 0x85 0xA5 0x39 0x53 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310@00234507a7cd 0x47 0x6D 0x24 0xED ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310@001c35f9ef43 0x96 0x95 0x78 0xE4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310@0015b9a9da9f 0xED 0x2B 0x78 0xCA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310@dca97133358c 0x63 0x3A 0x37 0x42 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310@183f471676ff 0x98 0x64 0x2A 0x21 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310@e4b0212afa6b 0x30 0x8F 0xDC 0x55 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310@980d2e099fde 0x75 0x0E 0xD5 0x18 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x19 0xC4 0x83 0xF0 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158315a310 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158315a310@fce557532743 0x85 0xA5 0x39 0x53 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158315a310@00234507a7cd 0x47 0x6D 0x24 0xED ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158315a310@001c35f9ef43 0x96 0x95 0x78 0xE4 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158315a310@0015b9a9da9f 0xED 0x2B 0x78 0xCA ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158315a310@dca97133358c 0x63 0x3A 0x37 0x42 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158315a310@183f471676ff 0x98 0x64 0x2A 0x21 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158315a310@e4b0212afa6b 0x30 0x8F 0xDC 0x55 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158315a310@980d2e099fde 0x75 0x0E 0xD5 0x18 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programy\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x19 0xC4 0x83 0xF0 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x83 0xB0 0x79 0x28 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE8 0x76 0xF8 0x36 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x5E 0x35 0xAA 0xA5 ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----