GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-01-26 16:57:32 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000001d ST1000LM024_HN-M101MBB rev.2BA30001 931,51GB Running: violcby7.exe; Driver: C:\Users\Marzena\AppData\Local\Temp\kxrdypow.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[7336] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffee4ec4ba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[7336] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffee4ec4fcc 8 bytes [50, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[7336] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffee4ec52a6 8 bytes [40, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[7336] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffee4ec549f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[7336] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffee4ec583f 8 bytes [20, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[7336] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 997 00007ffee4ec5895 8 bytes [10, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[7336] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffee4ec5a44 8 bytes [00, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[7336] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffee4ec5fe1 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[7336] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffee4f40780 8 bytes {JMP QWORD [RIP-0x7af47]} .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[7336] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffee4f40900 8 bytes {JMP QWORD [RIP-0x7b071]} .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[7336] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffee4f40930 8 bytes {JMP QWORD [RIP-0x7b96a]} .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[7336] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffee4f40a50 8 bytes {JMP QWORD [RIP-0x7b5b7]} .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[7336] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffee4f40b00 8 bytes {JMP QWORD [RIP-0x7b860]} .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[7336] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffee4f411c0 8 bytes {JMP QWORD [RIP-0x7b1e5]} .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[7336] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffee4f414c0 8 bytes {JMP QWORD [RIP-0x7b77e]} .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[7336] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffee4f41d40 8 bytes {JMP QWORD [RIP-0x7c302]} .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[7336] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438 00000000770b13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[7336] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387 00000000770b1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[7336] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 00000000770b1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[7336] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68 00000000770b1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[7336] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000770b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[7336] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 00000000770b16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[7336] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 00000000770b1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7208] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffee4ec4ba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7208] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffee4ec4fcc 8 bytes [50, 6E, 15, 7F, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7208] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffee4ec52a6 8 bytes [40, 6E, 15, 7F, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7208] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffee4ec549f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7208] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffee4ec583f 8 bytes [20, 6E, 15, 7F, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7208] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 997 00007ffee4ec5895 8 bytes [10, 6E, 15, 7F, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7208] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffee4ec5a44 8 bytes [00, 6E, 15, 7F, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7208] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffee4ec5fe1 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7208] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffee4f40780 8 bytes {JMP QWORD [RIP-0x7af47]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7208] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffee4f40900 8 bytes {JMP QWORD [RIP-0x7b071]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7208] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffee4f40930 8 bytes {JMP QWORD [RIP-0x7b96a]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7208] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffee4f40a50 8 bytes {JMP QWORD [RIP-0x7b5b7]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7208] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffee4f40b00 8 bytes {JMP QWORD [RIP-0x7b860]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7208] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffee4f411c0 8 bytes {JMP QWORD [RIP-0x7b1e5]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7208] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffee4f414c0 8 bytes {JMP QWORD [RIP-0x7b77e]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7208] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffee4f41d40 8 bytes {JMP QWORD [RIP-0x7c302]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7208] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438 00000000770b13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7208] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387 00000000770b1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7208] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 00000000770b1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7208] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68 00000000770b1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7208] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000770b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7208] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 00000000770b16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7208] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 00000000770b1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\WINDOWS\SysWOW64\RunDll32.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffee4ec4ba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\WINDOWS\SysWOW64\RunDll32.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffee4ec4fcc 8 bytes [50, 6E, D5, 7E, 00, 00, 00, ...] .text C:\WINDOWS\SysWOW64\RunDll32.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffee4ec52a6 8 bytes [40, 6E, D5, 7E, 00, 00, 00, ...] .text C:\WINDOWS\SysWOW64\RunDll32.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffee4ec549f 8 bytes {JMP 0xffffffffffffffee} .text C:\WINDOWS\SysWOW64\RunDll32.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffee4ec583f 8 bytes [20, 6E, D5, 7E, 00, 00, 00, ...] .text C:\WINDOWS\SysWOW64\RunDll32.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 997 00007ffee4ec5895 8 bytes [10, 6E, D5, 7E, 00, 00, 00, ...] .text C:\WINDOWS\SysWOW64\RunDll32.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffee4ec5a44 8 bytes [00, 6E, D5, 7E, 00, 00, 00, ...] .text C:\WINDOWS\SysWOW64\RunDll32.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffee4ec5fe1 8 bytes {JMP 0xffffffffffffff9e} .text C:\WINDOWS\SysWOW64\RunDll32.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffee4f40780 8 bytes {JMP QWORD [RIP-0x7af47]} .text C:\WINDOWS\SysWOW64\RunDll32.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffee4f40900 8 bytes {JMP QWORD [RIP-0x7b071]} .text C:\WINDOWS\SysWOW64\RunDll32.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffee4f40930 8 bytes {JMP QWORD [RIP-0x7b96a]} .text C:\WINDOWS\SysWOW64\RunDll32.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffee4f40a50 8 bytes {JMP QWORD [RIP-0x7b5b7]} .text C:\WINDOWS\SysWOW64\RunDll32.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffee4f40b00 8 bytes {JMP QWORD [RIP-0x7b860]} .text C:\WINDOWS\SysWOW64\RunDll32.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffee4f411c0 8 bytes {JMP QWORD [RIP-0x7b1e5]} .text C:\WINDOWS\SysWOW64\RunDll32.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffee4f414c0 8 bytes {JMP QWORD [RIP-0x7b77e]} .text C:\WINDOWS\SysWOW64\RunDll32.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffee4f41d40 8 bytes {JMP QWORD [RIP-0x7c302]} .text C:\WINDOWS\SysWOW64\RunDll32.exe[2664] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438 00000000770b13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\WINDOWS\SysWOW64\RunDll32.exe[2664] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387 00000000770b1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\WINDOWS\SysWOW64\RunDll32.exe[2664] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 00000000770b1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\WINDOWS\SysWOW64\RunDll32.exe[2664] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68 00000000770b1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\WINDOWS\SysWOW64\RunDll32.exe[2664] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000770b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\WINDOWS\SysWOW64\RunDll32.exe[2664] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 00000000770b16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\WINDOWS\SysWOW64\RunDll32.exe[2664] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 00000000770b1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Marzena\Desktop\Diagnostyka\violcby7.exe[5336] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffee4ec4ba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Marzena\Desktop\Diagnostyka\violcby7.exe[5336] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffee4ec4fcc 8 bytes [50, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Users\Marzena\Desktop\Diagnostyka\violcby7.exe[5336] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffee4ec52a6 8 bytes [40, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Users\Marzena\Desktop\Diagnostyka\violcby7.exe[5336] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffee4ec549f 8 bytes {JMP 0xffffffffffffffee} .text C:\Users\Marzena\Desktop\Diagnostyka\violcby7.exe[5336] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffee4ec583f 8 bytes [20, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Users\Marzena\Desktop\Diagnostyka\violcby7.exe[5336] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 997 00007ffee4ec5895 8 bytes [10, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Users\Marzena\Desktop\Diagnostyka\violcby7.exe[5336] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffee4ec5a44 8 bytes [00, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Users\Marzena\Desktop\Diagnostyka\violcby7.exe[5336] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffee4ec5fe1 8 bytes {JMP 0xffffffffffffff9e} .text C:\Users\Marzena\Desktop\Diagnostyka\violcby7.exe[5336] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffee4f40780 8 bytes {JMP QWORD [RIP-0x7af47]} .text C:\Users\Marzena\Desktop\Diagnostyka\violcby7.exe[5336] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffee4f40900 8 bytes {JMP QWORD [RIP-0x7b071]} .text C:\Users\Marzena\Desktop\Diagnostyka\violcby7.exe[5336] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffee4f40930 8 bytes {JMP QWORD [RIP-0x7b96a]} .text C:\Users\Marzena\Desktop\Diagnostyka\violcby7.exe[5336] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffee4f40a50 8 bytes {JMP QWORD [RIP-0x7b5b7]} .text C:\Users\Marzena\Desktop\Diagnostyka\violcby7.exe[5336] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffee4f40b00 8 bytes {JMP QWORD [RIP-0x7b860]} .text C:\Users\Marzena\Desktop\Diagnostyka\violcby7.exe[5336] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffee4f411c0 8 bytes {JMP QWORD [RIP-0x7b1e5]} .text C:\Users\Marzena\Desktop\Diagnostyka\violcby7.exe[5336] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffee4f414c0 8 bytes {JMP QWORD [RIP-0x7b77e]} .text C:\Users\Marzena\Desktop\Diagnostyka\violcby7.exe[5336] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffee4f41d40 8 bytes {JMP QWORD [RIP-0x7c302]} .text C:\Users\Marzena\Desktop\Diagnostyka\violcby7.exe[5336] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438 00000000770b13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Marzena\Desktop\Diagnostyka\violcby7.exe[5336] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387 00000000770b1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Marzena\Desktop\Diagnostyka\violcby7.exe[5336] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 00000000770b1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Marzena\Desktop\Diagnostyka\violcby7.exe[5336] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68 00000000770b1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Marzena\Desktop\Diagnostyka\violcby7.exe[5336] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000770b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Marzena\Desktop\Diagnostyka\violcby7.exe[5336] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 00000000770b16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Marzena\Desktop\Diagnostyka\violcby7.exe[5336] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 00000000770b1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [1700:1372] fffff9600096a2d0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\SDC47520_00_07DC_83^D3272F51DF4864CAA642E249F161E39B@Timestamp 0xD2 0xEC 0x01 0xB8 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -435316835 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalResumeTime 17611052 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnFromHandlerTimestamp 17610715 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@SleeperThreadEndTimestamp 17610716 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnSystemPowerState 17611004 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@DeviceResumeTime 263 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HybridBootAnimationTime 3768 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeCompleteTimestamp 0x49 0x6A 0x22 0x0A ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId 5 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\142d27ed5ba4 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{6A45253A-E805-4C24-8293-0452CFF353C9}@DefunctTimestamp 0x2E 0xCD 0x87 0x58 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\a4-2b-b0-cc-e6-24@UPnPState 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\a4-2b-b0-cc-e6-24@AddressCreationTimestamp 0x36 0x5E 0x98 0x0E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\a4-2b-b0-cc-e6-24@TeredoAddress 2001:0:d5c:5a30:28f3:1246:acfb:ecc6 Reg HKLM\SYSTEM\CurrentControlSet\Services\KLIF\Parameters@CheckVersion 324 Reg HKLM\SYSTEM\CurrentControlSet\Services\RtlWlanu\Parameters\Wdf@TimeOfLastSqmLog 0x9A 0x78 0x15 0x0A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 12239 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 5697 Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS 1794 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{48CCB77C-C349-4213-B029-B8F845657041}@LeaseObtainedTime 1485294894 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{48CCB77C-C349-4213-B029-B8F845657041}@T1 1485338094 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{48CCB77C-C349-4213-B029-B8F845657041}@T2 1485370494 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{48CCB77C-C349-4213-B029-B8F845657041}@LeaseTerminatesTime 1485381294 Reg HKLM\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters\Interfaces\{48CCB77C-C349-4213-B029-B8F845657041}@Dhcpv6State 1 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----