GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-10-16 18:05:38 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LV01 149,05GB Running: w6r67f6w.exe; Driver: C:\Users\Dorota\AppData\Local\Temp\kwlirpog.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x8E544AD6] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0x8D8F8806] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x8E5455B4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x8E5516B8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x8E551704] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x8E55189E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x8E551626] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x8D8F8BE0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x8E55166E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x8D8F8E70] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x8E551858] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x8E5463A2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x8E544B3C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwDuplicateObject [0x8D8F905E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0x8D8F88DE] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwLoadDriver [0x8D8F5A6E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x8D8F8CC0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x8E544BA2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x8E549FE8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x8E546EE6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x8E5516E2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x8E551726] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x8E5518C2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x8E55164C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x8E5494EA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x8E5517D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x8E551696] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x8E5498D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x8E55187C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x8D8F8A5E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x8E546CFE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0x8E546854] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x8E544C08] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x8E544C6E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x8D8F8DBC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x8E5447C2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x8E544994] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x8E544922] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x8E54656C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x8E5466CE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x8E544A1C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x8D8F8B2C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x8E5461FC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0x8D8F5A9E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x8E544CD4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x8D8F8990] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x8D8F8F5A] INT 0x51 ? 878AEBF8 INT 0x62 ? 878AEBF8 INT 0x72 ? 878AEBF8 INT 0x82 ? 85496BF8 INT 0x92 ? 85489BF8 INT 0xA2 ? 85489BF8 INT 0xB3 ? 878AEBF8 ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 10D 82CEE850 4 Bytes [D6, 4A, 54, 8E] .text ntkrnlpa.exe!KeSetEvent + 131 82CEE874 4 Bytes [06, 88, 8F, 8D] .text ntkrnlpa.exe!KeSetEvent + 191 82CEE8D4 4 Bytes [B4, 55, 54, 8E] .text ntkrnlpa.exe!KeSetEvent + 1D1 82CEE914 8 Bytes [B8, 16, 55, 8E, 04, 17, 55, ...] .text ntkrnlpa.exe!KeSetEvent + 1DD 82CEE920 4 Bytes CALL D7E787A7 .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82E7B886 4 Bytes CALL 8E5475CD \SystemRoot\system32\drivers\aswSnx.sys PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82E7F4FA 4 Bytes CALL 8E5475E3 \SystemRoot\system32\drivers\aswSnx.sys ? System32\Drivers\spfh.sys System nie może odnaleźć określonej ścieżki. ! .text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x89157000, 0x4036D, 0xE8000020] .dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x891A0000, 0x510, 0x40000040] .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8D003000, 0x1E73A0, 0xE8000020] .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA08F6300, 0x3ACC8, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA0939300, 0x1B7E, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[804] kernel32.dll!SetUnhandledExceptionFilter 7625A84F 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[4004] kernel32.dll!SetUnhandledExceptionFilter 7625A84F 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Mozilla Firefox\firefox.exe[4024] ntdll.dll!LdrLoadDll 77909390 5 Bytes JMP 64B3921C C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4024] ntdll.dll!LdrUnloadDll 7791BA50 5 Bytes JMP 000603FC .text C:\Program Files\Mozilla Firefox\firefox.exe[4024] ntdll.dll!NtCreateFile 779443D4 5 Bytes JMP 596F0BCB C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4024] ntdll.dll!NtFlushBuffersFile 779448D4 5 Bytes JMP 596F0916 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4024] ntdll.dll!NtQueryFullAttributesFile 77944E04 5 Bytes JMP 596F0A43 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4024] ntdll.dll!NtReadFile 77945034 5 Bytes JMP 596F0950 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4024] ntdll.dll!NtReadFileScatter 77945044 5 Bytes JMP 59A09BCE C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4024] ntdll.dll!NtWriteFile 77945644 5 Bytes JMP 596F0D6F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4024] ntdll.dll!NtWriteFileGather 77945654 5 Bytes JMP 59A09C1E C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4024] KERNEL32.dll!HeapSetInformation + 26 7625A84A 7 Bytes JMP 59796358 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4024] KERNEL32.dll!LockResource + C 762768EB 7 Bytes JMP 599F5622 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4024] KERNEL32.dll!VirtualAllocEx + 54 7627AD50 7 Bytes JMP 599F6DFA C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4024] USER32.dll!GetWindowInfo 7617428E 5 Bytes JMP 5A408E4A C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4024] GDI32.dll!SetStretchBltMode + 256 7642745C 7 Bytes JMP 599F3E16 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ntdll.dll!NtCreateFile + 6 779443DA 4 Bytes [28, 20, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ntdll.dll!NtCreateFile + B 779443DF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ntdll.dll!NtCreateKey + 6 7794441A 4 Bytes [68, 21, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ntdll.dll!NtCreateKey + B 7794441F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ntdll.dll!NtCreateMutant + 6 7794444A 4 Bytes [28, 22, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ntdll.dll!NtCreateMutant + B 7794444F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ntdll.dll!NtCreateSection + 6 779444CA 4 Bytes [68, 22, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ntdll.dll!NtCreateSection + B 779444CF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ntdll.dll!NtMapViewOfSection + 6 77944B2A 4 Bytes [A8, 24, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ntdll.dll!NtMapViewOfSection + B 77944B2F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ntdll.dll!NtOpenFile + 6 77944BBA 4 Bytes [68, 20, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ntdll.dll!NtOpenFile + B 77944BBF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ntdll.dll!NtOpenKey + 6 77944BEA 4 Bytes [A8, 21, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ntdll.dll!NtOpenKey + B 77944BEF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ntdll.dll!NtOpenMutant + B 77944C0F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ntdll.dll!NtOpenProcess + 6 77944C3A 4 Bytes [28, 23, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ntdll.dll!NtOpenProcess + B 77944C3F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ntdll.dll!NtOpenProcessToken + 6 77944C4A 4 Bytes [68, 23, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ntdll.dll!NtOpenProcessToken + B 77944C4F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ntdll.dll!NtOpenProcessTokenEx + 6 77944C5A 4 Bytes [28, 24, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ntdll.dll!NtOpenProcessTokenEx + B 77944C5F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ntdll.dll!NtOpenSection + 6 77944C6A 4 Bytes [A8, 22, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ntdll.dll!NtOpenSection + B 77944C6F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ntdll.dll!NtOpenThread + B 77944CAF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ntdll.dll!NtOpenThreadToken + B 77944CBF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ntdll.dll!NtOpenThreadTokenEx + 6 77944CCA 4 Bytes [68, 24, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ntdll.dll!NtOpenThreadTokenEx + B 77944CCF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ntdll.dll!NtQueryAttributesFile + 6 77944D5A 4 Bytes [A8, 20, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ntdll.dll!NtQueryAttributesFile + B 77944D5F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ntdll.dll!NtQueryFullAttributesFile + B 77944E0F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ntdll.dll!NtSetInformationFile + 6 779452EA 4 Bytes [28, 21, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ntdll.dll!NtSetInformationFile + B 779452EF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ntdll.dll!NtSetInformationThread + 6 7794533A 4 Bytes [A8, 23, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ntdll.dll!NtSetInformationThread + B 7794533F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ntdll.dll!NtUnmapViewOfSection + B 779455DF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] kernel32.dll!CreateProcessW 76231BF3 5 Bytes JMP 000800B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] kernel32.dll!CreateProcessA 76231C28 5 Bytes JMP 000800F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] kernel32.dll!OpenEventW 7624BF97 5 Bytes JMP 00080070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] kernel32.dll!CreateEventW 7627B65E 5 Bytes JMP 00080030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!DeleteObject 76425A37 5 Bytes JMP 000B01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!GetDeviceCaps 7642617F 5 Bytes JMP 000B03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!SelectObject 764262A0 5 Bytes JMP 000B05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!SetTextColor 7642666B 5 Bytes JMP 000B0A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!SetBkMode 76426716 5 Bytes JMP 000B08F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!DeleteDC 764268CD 5 Bytes JMP 000B0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!GetCurrentObject 76426B58 5 Bytes JMP 000B0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!SetStretchBltMode 76427206 5 Bytes JMP 000B06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!SaveDC 764275BA 5 Bytes JMP 000B0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!RestoreDC 76427675 5 Bytes JMP 000B0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!StretchDIBits 764278CF 5 Bytes JMP 000B0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!ExtSelectClipRgn 764279F8 5 Bytes JMP 000B02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!SelectClipRgn 76427AF9 5 Bytes JMP 000B05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!MoveToEx 76427C33 5 Bytes JMP 000B0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!Rectangle 76427EA9 5 Bytes JMP 000B09B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!GetTextAlign 764282E0 5 Bytes JMP 000B0D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!SetTextAlign 764285CB 5 Bytes JMP 000B09F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!ExtTextOutW 7642872B 5 Bytes JMP 000B0970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!GetTextMetricsW 76428A81 5 Bytes JMP 000B0E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!IntersectClipRect 76428B64 5 Bytes JMP 000B03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!GetClipBox 76429071 5 Bytes JMP 000B0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!SetICMMode 764294E7 5 Bytes JMP 000B0DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!CreateDCW 7642A91D 5 Bytes JMP 000B00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!CreateDCA 7642AA49 5 Bytes JMP 000B00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!CreateICW 7642B2E9 5 Bytes JMP 000B0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!GetTextFaceW 7642B637 5 Bytes JMP 000B0D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!GetFontData 7642BA6C 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!GetFontData 7642BA6C 5 Bytes JMP 000B0C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!GetTextExtentPoint32W 7642C01A 5 Bytes JMP 000B0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!SetWorldTransform 7642C46A 5 Bytes JMP 000B06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!LineTo 7642C65E 5 Bytes JMP 000B0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!GetTextMetricsA 7642CCEB 5 Bytes JMP 000B0DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!ExtTextOutA 764300A5 5 Bytes JMP 000B0930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!GetTextExtentPoint32A 76430E58 5 Bytes JMP 000B0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!ExtEscape 764322A7 5 Bytes JMP 000B02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!Escape 764327F1 5 Bytes JMP 000B0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!ResetDCW 76433132 5 Bytes JMP 000B0AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!EndPage 7643375E 5 Bytes JMP 000B0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!SetPolyFillMode 764361D3 5 Bytes JMP 000B0B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!SetMiterLimit 764362E2 5 Bytes JMP 000B0B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!GetTextFaceA 7643F4C5 5 Bytes JMP 000B0CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!GetGlyphOutlineW 7644A41F 5 Bytes JMP 000B0CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!CreateScalableFontResourceW 7644C88B 5 Bytes JMP 000B0BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!AddFontResourceW 7644CC93 5 Bytes JMP 000B0BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!RemoveFontResourceW 7644D129 5 Bytes JMP 000B0C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!AbortDoc 76452CC4 5 Bytes JMP 000B0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!EndDoc 764530D8 5 Bytes JMP 000B01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!StartPage 764531C3 5 Bytes JMP 000B0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!StartDocW 76453CA7 5 Bytes JMP 000B07F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!BeginPath 76454465 5 Bytes JMP 000B0830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!SelectClipPath 764544BC 5 Bytes JMP 000B0AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!CloseFigure 76454517 5 Bytes JMP 000B0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!EndPath 7645456E 5 Bytes JMP 000B0A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!StrokePath 764547A0 5 Bytes JMP 000B07B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!FillPath 7645482C 5 Bytes JMP 000B0870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!PolylineTo 76454C95 5 Bytes JMP 000B04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!PolyBezierTo 76454D25 5 Bytes JMP 000B04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] GDI32.dll!PolyDraw 76454DD6 5 Bytes JMP 000B08B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] USER32.dll!SetCursor 7616D37D 5 Bytes JMP 000C0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] USER32.dll!RegisterClipboardFormatW 7616D6AC 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] USER32.dll!RegisterClipboardFormatW 7616D6AC 5 Bytes JMP 000C02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] USER32.dll!ActivateKeyboardLayout 7617478C 5 Bytes JMP 000C04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] USER32.dll!IsWindowVisible 7617878A 7 Bytes JMP 000C06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] USER32.dll!MonitorFromWindow 761788D4 4 Bytes JMP 000C0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] USER32.dll!MonitorFromWindow + 5 761788D9 2 Bytes [CC, CC] {INT 3 ; INT 3 } .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] USER32.dll!ScreenToClient 76178C56 7 Bytes JMP 000C0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] USER32.dll!GetClientRect 76178F0D 7 Bytes JMP 000C05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] USER32.dll!GetParent 761790AA 7 Bytes JMP 000C06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] USER32.dll!RegisterClipboardFormatA 7617A111 5 Bytes JMP 000C02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] USER32.dll!PostMessageW 7617A175 5 Bytes JMP 000C05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] USER32.dll!MapWindowPoints 7617A30D 5 Bytes JMP 000C0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] USER32.dll!GetClipboardFormatNameA 7617A552 5 Bytes JMP 000C0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] USER32.dll!GetOpenClipboardWindow 761826A6 5 Bytes JMP 000C03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] USER32.dll!SetClipboardViewer 7618BA2D 5 Bytes JMP 000C04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] USER32.dll!IsClipboardFormatAvailable 7618C2E3 5 Bytes JMP 000C00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] USER32.dll!CloseClipboard 7618C2F7 5 Bytes JMP 000C00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] USER32.dll!OpenClipboard 7618C31D 5 Bytes JMP 000C0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] USER32.dll!GetTopWindow 7618CE0A 7 Bytes JMP 000C0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] USER32.dll!GetClipboardSequenceNumber 7618D8B7 5 Bytes JMP 000C0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] USER32.dll!ChangeClipboardChain 7618DF83 5 Bytes JMP 000C0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] USER32.dll!CountClipboardFormats 76190048 5 Bytes JMP 000C01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] USER32.dll!GetClipboardOwner 761926EF 5 Bytes JMP 000C0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] USER32.dll!SetClipboardData 761A6410 5 Bytes JMP 000C0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] USER32.dll!EnumClipboardFormats 761A6D16 5 Bytes JMP 000C01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] USER32.dll!SetCursorPos 761A6FB2 5 Bytes JMP 000C0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] USER32.dll!GetClipboardData 761A715A 5 Bytes JMP 000C0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] USER32.dll!GetClipboardFormatNameW 761AA99F 5 Bytes JMP 000C0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] USER32.dll!EmptyClipboard 761C398B 5 Bytes JMP 000C0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] USER32.dll!GetClipboardViewer 761C39ED 5 Bytes JMP 000C0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] USER32.dll!GetPriorityClipboardFormat 761C3AEF 5 Bytes JMP 000C03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] Secur32.dll!FreeContextBuffer 75FF2D83 5 Bytes JMP 000E00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] Secur32.dll!DeleteSecurityContext 75FF2F18 5 Bytes JMP 000E0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] Secur32.dll!FreeCredentialsHandle 75FF3598 5 Bytes JMP 000E0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] Secur32.dll!EncryptMessage 75FF3745 5 Bytes JMP 000E01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] Secur32.dll!DecryptMessage 75FF3813 5 Bytes JMP 000E0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] Secur32.dll!InitializeSecurityContextA 75FF87DF 5 Bytes JMP 000E0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] Secur32.dll!AcquireCredentialsHandleA 75FF8A43 5 Bytes JMP 000E0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] Secur32.dll!QueryContextAttributesA 75FF8E77 5 Bytes JMP 000E0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] Secur32.dll!ApplyControlToken 75FFDE4F 5 Bytes JMP 000E01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] Secur32.dll!QueryCredentialsAttributesA 75FFE052 5 Bytes JMP 000E00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ole32.dll!OleGetClipboard 77807439 5 Bytes JMP 000F00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ole32.dll!OleSetClipboard 778310E1 3 Bytes JMP 000F0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ole32.dll!OleSetClipboard + 4 778310E5 1 Byte [88] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ole32.dll!OleIsCurrentClipboard 7783A761 3 Bytes JMP 000F0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe[5480] ole32.dll!OleIsCurrentClipboard + 4 7783A765 1 Byte [88] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5808] ntdll.dll!LdrLoadDll 77909390 5 Bytes JMP 64B3921C C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5808] USER32.dll!GetWindowInfo 7617428E 5 Bytes JMP 5A2F33D1 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5808] USER32.dll!SetMenuItemBitmaps + 71 761814EE 7 Bytes JMP 5A2F19C4 C:\Program Files\Mozilla Firefox\xul.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73A57817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73AAA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73A5BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73A4F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73A575E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73A4E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73A88395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73A5DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73A4FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73A4FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73A471CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73ADCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73A7C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73A4D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73A46853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73A4687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73A52AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 85E241F8 AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys Device \Driver\volmgr \Device\VolMgrControl 8548B1F8 Device \Driver\netbt \Device\NetBT_Tcpip_{7CDC3E96-1919-427E-8B48-57D7968255CC} 8DF511F8 Device \Driver\usbuhci \Device\USBPDO-0 876C21F8 Device \Driver\usbuhci \Device\USBPDO-1 876C21F8 Device \Driver\usbehci \Device\USBPDO-2 876F01F8 Device \Driver\usbuhci \Device\USBPDO-3 876C21F8 Device \Driver\netbt \Device\NetBT_Tcpip_{2574B0F6-0BB3-491B-AA78-FAF0E5DA68DE} 8DF511F8 Device \Driver\usbuhci \Device\USBPDO-4 876C21F8 Device \Driver\tdx \Device\Tcp aswStmXP.sys AttachedDevice \Driver\tdx \Device\Tcp tStLibG.sys Device \Driver\usbuhci \Device\USBPDO-5 876C21F8 Device \Driver\usbehci \Device\USBPDO-6 876F01F8 Device \Driver\volmgr \Device\HarddiskVolume1 8548B1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 ngvss.sys Device \Driver\sptd \Device\1457332683 spfh.sys Device \Driver\volmgr \Device\HarddiskVolume2 8548B1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 ngvss.sys Device \Driver\cdrom \Device\CdRom0 877D91F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-1 854971F8 Device \Driver\iaStor \Device\Ide\iaStor0 [832CC580] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 854971F8 Device \Driver\atapi \Device\Ide\IdePort1 854971F8 Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [832CC580] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\volmgr \Device\HarddiskVolume3 8548B1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 ngvss.sys Device \Driver\cdrom \Device\CdRom1 877D91F8 Device \Driver\tdx \Device\RawIp6 aswStmXP.sys Device \Driver\tdx \Device\Tcp6 aswStmXP.sys Device \Driver\netbt \Device\NetBt_Wins_Export 8DF511F8 Device \Driver\PCI_PNP4670 \Device\00000077 spfh.sys Device \Driver\Smb \Device\NetbiosSmb 8DE2D1F8 Device \Driver\tdx \Device\Tdx aswStmXP.sys Device \Driver\iScsiPrt \Device\RaidPort0 877F41F8 Device \Driver\tdx \Device\Udp aswStmXP.sys AttachedDevice \Driver\tdx \Device\Udp tStLibG.sys Device \Driver\tdx \Device\RawIp aswStmXP.sys Device \Driver\netbt \Device\NetBT_Tcpip_{E97717DB-696E-4937-B2A8-4B70EB52C84C} 8DF511F8 Device \Driver\usbuhci \Device\USBFDO-0 876C21F8 Device \Driver\usbuhci \Device\USBFDO-1 876C21F8 Device \Driver\tdx \Device\Udp6 aswStmXP.sys Device \Driver\usbehci \Device\USBFDO-2 876F01F8 Device \Driver\usbuhci \Device\USBFDO-3 876C21F8 Device \Driver\usbuhci \Device\USBFDO-4 876C21F8 Device \Driver\usbuhci \Device\USBFDO-5 876C21F8 Device \Driver\usbehci \Device\USBFDO-6 876F01F8 Device \Driver\abrgyhgc \Device\Scsi\abrgyhgc1 877F0500 Device \Driver\abrgyhgc \Device\Scsi\abrgyhgc1Port4Path0Target0Lun0 877F0500 Device \FileSystem\cdfs \Cdfs 8767B1F8 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spfh.sys hal.dll >>UNKNOWN [0x85dd5938]<< 85dd5938 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86983a78] 86983a78 Trace 3 CLASSPNP.SYS[88f1a8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85e9c028] 85e9c028 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\ngvss\Parameters@asserts ????_I??t???? ?????????????????????#????????????????????????????er???????????E????????????????????????????????????????*????????????????n????Port_#0001.Hub_#0001?????????????\??????32??????????? l??????e?????ter??USB\VID_0930&PID_0508&REV_5102?USB\VID_0930&PID_0508????????????????????SD\CLASS_STORAGE????@usbstor.inf,%generic.mfg%;Zgodne urz?dzenie magazynuj?ce USB?????.??????v??????????????????????? ??????????????????6.0.6001.18000??????? ?????????????????????#????????????????????? ?????????????????????#????????????????????????????? ??????????????????????6.0.6001.18000??????????????? ??s ??Mouse???????????????????????????????? ?????????????????????#????????$?????????????$?????? ??????Mysz zgodna z HID???? b?????????????????@msmouse.inf,%hid.mousedevice%;Mysz zgodna z HID?)??????????????????????????? ???????#????????????????N?????$???