GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-09-23 19:37:32 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST3120026A rev.3.06 Running: kuinukte.exe; Driver: C:\DOCUME~1\mwosko\USTAWI~1\Temp\uwtdypod.sys ---- System - GMER 1.0.15 ---- SSDT spbs.sys ZwCreateKey [0xF74E40E0] SSDT spbs.sys ZwEnumerateKey [0xF74FCDA4] SSDT spbs.sys ZwEnumerateValueKey [0xF74FD132] SSDT spbs.sys ZwOpenKey [0xF74E40C0] SSDT spbs.sys ZwQueryKey [0xF74FD20A] SSDT spbs.sys ZwQueryValueKey [0xF74FD08A] SSDT spbs.sys ZwSetValueKey [0xF74FD29C] INT 0x73 ? 89785E08 INT 0x73 ? 89785E08 INT 0x83 ? 89BA1BF8 INT 0x83 ? 89BA1BF8 INT 0x83 ? 89785E08 INT 0x83 ? 89BA1BF8 INT 0xA4 ? 89785E08 INT 0xB4 ? 89785E08 ---- Kernel code sections - GMER 1.0.15 ---- ? spbs.sys Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB99BD000, 0x198FE0, 0xE8000020] .text USBPORT.SYS!DllUnload B91768AC 5 Bytes JMP 897853E8 init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB909CF80] .text aqul28n9.SYS B900E386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text aqul28n9.SYS B900E3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text aqul28n9.SYS B900E3C4 3 Bytes [00, 80, 02] .text aqul28n9.SYS B900E3C9 1 Byte [30] .text aqul28n9.SYS B900E3C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL} .text ... ---- User code sections - GMER 1.0.15 ---- .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1748] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1748] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1748] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1748] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1748] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1748] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1748] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1748] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1748] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1748] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1748] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1748] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1748] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1748] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1748] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1748] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1748] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1748] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1748] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1748] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1748] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1748] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1748] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1748] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1748] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1748] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1748] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1748] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1748] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1748] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1880] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[2032] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3244] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 104B229C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3244] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 104B2861 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Mozilla Firefox\firefox.exe[3828] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 89C132D8 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F750FDDC] spbs.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F750FE30] spbs.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74E5042] spbs.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74E513E] spbs.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74E50C0] spbs.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74E5800] spbs.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74E56D6] spbs.sys IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 897854E8 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!swprintf] 001CBA86 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8986 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C8B IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!MmFreeMappingAddress] 96868801 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CB286 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!MmUnmapIoSpace] 88968B00 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IofCompleteRequest] 001CA496 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IofCallDriver] 001CC186 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] C286880C IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CC386 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!sprintf] 968D5140 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C98 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!ObfDereferenceObject] 22F6E852 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!ZwClose] 1CB48E8D IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 000022E4 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoCreateDevice] 00001CA0 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 22D2E850 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!ZwOpenKey] 1CBC968D IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoStartTimer] 000022C0 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoInitializeTimer] 001CC38E IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CC58688 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!ZwCreateKey] C6000000 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CC386 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C98 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2292E851 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoStartPacket] 538B0000 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CB4868D IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoFreeMdl] E8500000 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!MmUnlockPages] 00002280 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CC38E IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CC58688 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CC396 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!KeSetTimer] F6317300 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!_allmul] 74070647 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!_except_handler3] 05578A0B IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CC5 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!_aulldiv] 03087408 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!strstr] 72F93B3F IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!_strupr] 8A09EBDA IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CC5 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!KeTickCount] 88084B8A IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CC68E IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC886 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoAllocateIrp] 11E85000 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000022 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CC08E IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!MmLockPagableDataSection] C4968B00 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CCC8E IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!ExFreePoolWithTag] D0968900 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!InitSafeBootMode] D4C68150 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!PoCallDriver] 0021E7E8 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!memmove] 18C48300 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[HAL.dll!KeGetCurrentIrql] 9E880000 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[HAL.dll!KfRaiseIrql] 00001CB1 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[HAL.dll!KfLowerIrql] 0E798366 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[HAL.dll!HalGetInterruptVector] 74AAB000 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[HAL.dll!HalTranslateBusAddress] 8986C636 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[HAL.dll!READ_PORT_USHORT] 001C9686 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2 IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[WMILIB.SYS!WmiSystemControl] 8800001C IAT \SystemRoot\System32\Drivers\aqul28n9.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1036] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010 IAT C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1748] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010 IAT C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3184] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010 IAT C:\Documents and Settings\mwosko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3560] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 89BA01F8 AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) Device \FileSystem\Fastfat \FatCdrom 88B891F8 Device \Driver\PCI_PNP4542 \Device\00000042 spbs.sys Device \Driver\PCI_PNP4542 \Device\00000042 spbs.sys Device \Driver\usbuhci \Device\USBPDO-0 89836500 Device \Driver\NetBT \Device\NetBT_Tcpip_{E4EAD1C3-4B86-428D-B95B-27F4EBCE9B68} 892161F8 Device \Driver\usbuhci \Device\USBPDO-1 89836500 Device \Driver\dmio \Device\DmControl\DmIoDaemon 89C111F8 Device \Driver\dmio \Device\DmControl\DmConfig 89C111F8 Device \Driver\dmio \Device\DmControl\DmPnP 89C111F8 Device \Driver\dmio \Device\DmControl\DmInfo 89C111F8 Device \Driver\sptd \Device\2088768292 spbs.sys Device \Driver\usbuhci \Device\USBPDO-2 89836500 Device \Driver\usbuhci \Device\USBPDO-3 89836500 Device \Driver\usbehci \Device\USBPDO-4 897A2428 AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET) Device \Driver\Ftdisk \Device\HarddiskVolume1 89BA21F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 89BA21F8 Device \Driver\Cdrom \Device\CdRom0 89902500 Device \Driver\atapi \Device\Ide\IdePort0 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Ftdisk \Device\HarddiskVolume3 89BA21F8 Device \Driver\Ftdisk \Device\HarddiskVolume4 89BA21F8 Device \Driver\Ftdisk \Device\HarddiskVolume5 89BA21F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 892161F8 Device \Driver\NetBT \Device\NetbiosSmb 892161F8 Device \Driver\usbuhci \Device\USBFDO-0 89836500 Device \Driver\usbuhci \Device\USBFDO-1 89836500 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 891A51F8 Device \Driver\usbuhci \Device\USBFDO-2 89836500 Device \FileSystem\MRxSmb \Device\LanmanRedirector 891A51F8 Device \Driver\usbuhci \Device\USBFDO-3 89836500 Device \Driver\usbehci \Device\USBFDO-4 897A2428 Device \Driver\Ftdisk \Device\FtControl 89BA21F8 Device \Driver\aqul28n9 \Device\Scsi\aqul28n91Port2Path0Target0Lun0 896CB1F8 Device \Driver\aqul28n9 \Device\Scsi\aqul28n91 896CB1F8 Device \FileSystem\Fastfat \Fat 88B891F8 AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET) Device \FileSystem\Cdfs \Cdfs 897E2500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2E 0x0A 0x78 0x5C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x14 0x36 0xD0 0x77 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE4 0xD5 0xF6 0xEF ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2E 0x0A 0x78 0x5C ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x14 0x36 0xD0 0x77 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE4 0xD5 0xF6 0xEF ... ---- EOF - GMER 1.0.15 ----