GMER 2.0.18454 - http://www.gmer.net Rootkit scan 2013-01-29 18:20:17 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD642JJ rev.1AA01118 596,17GB Running: pkkpgc8q.exe; Driver: C:\Users\DOMOWN~1\AppData\Local\Temp\pxldapow.sys ---- Kernel code sections - GMER 2.0 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8345D579 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83481F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ? System32\Drivers\spkq.sys System nie może odnaleźć określonej ścieżki. ! .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x93416000, 0x2BFBF0, 0xE8000020] .text USBPORT.SYS!DllUnload 92D88CA0 5 Bytes JMP 873971D8 .text peauth.sys 9A959C9D 28 Bytes JMP C021CE34 .text peauth.sys 9A959CC1 28 Bytes JMP C021CE58 ---- User code sections - GMER 2.0 ---- .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[1836] ntdll.dll!NtCreateFile + 6 77894A16 4 Bytes [28, A0, 55, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[1836] ntdll.dll!NtCreateFile + B 77894A1B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[1836] ntdll.dll!NtMapViewOfSection + 6 77895076 4 Bytes [28, A3, 55, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[1836] ntdll.dll!NtMapViewOfSection + B 7789507B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[1836] ntdll.dll!NtOpenFile + 6 77895126 4 Bytes [68, A0, 55, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[1836] ntdll.dll!NtOpenFile + B 7789512B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[1836] ntdll.dll!NtOpenProcess + 6 778951D6 4 Bytes [A8, A1, 55, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[1836] ntdll.dll!NtOpenProcess + B 778951DB 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[1836] ntdll.dll!NtOpenProcessToken + 6 778951E6 4 Bytes CALL 7689A78C C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[1836] ntdll.dll!NtOpenProcessToken + B 778951EB 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[1836] ntdll.dll!NtOpenProcessTokenEx + 6 778951F6 4 Bytes [A8, A2, 55, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[1836] ntdll.dll!NtOpenProcessTokenEx + B 778951FB 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[1836] ntdll.dll!NtOpenThread + 6 77895256 4 Bytes [68, A1, 55, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[1836] ntdll.dll!NtOpenThread + B 7789525B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[1836] ntdll.dll!NtOpenThreadToken + 6 77895266 4 Bytes [68, A2, 55, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[1836] ntdll.dll!NtOpenThreadToken + B 7789526B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[1836] ntdll.dll!NtOpenThreadTokenEx + 6 77895276 4 Bytes CALL 7689A81D C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[1836] ntdll.dll!NtOpenThreadTokenEx + B 7789527B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[1836] ntdll.dll!NtQueryAttributesFile + 6 77895386 4 Bytes [A8, A0, 55, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[1836] ntdll.dll!NtQueryAttributesFile + B 7789538B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[1836] ntdll.dll!NtQueryFullAttributesFile + 6 77895436 4 Bytes CALL 7689A9DB C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[1836] ntdll.dll!NtQueryFullAttributesFile + B 7789543B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[1836] ntdll.dll!NtSetInformationFile + 6 77895A86 4 Bytes [28, A1, 55, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[1836] ntdll.dll!NtSetInformationFile + B 77895A8B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[1836] ntdll.dll!NtSetInformationThread + 6 77895AE6 4 Bytes [28, A2, 55, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[1836] ntdll.dll!NtSetInformationThread + B 77895AEB 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[1836] ntdll.dll!NtUnmapViewOfSection + 6 77895E06 4 Bytes [68, A3, 55, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[1836] ntdll.dll!NtUnmapViewOfSection + B 77895E0B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtCreateFile + 6 77894A16 4 Bytes [28, F8, 47, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtCreateFile + B 77894A1B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtMapViewOfSection + 6 77895076 4 Bytes [28, FB, 47, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtMapViewOfSection + B 7789507B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenFile + 6 77895126 4 Bytes [68, F8, 47, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenFile + B 7789512B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenProcess + 6 778951D6 4 Bytes [A8, F9, 47, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenProcess + B 778951DB 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenProcessToken + 6 778951E6 4 Bytes CALL 768999E4 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenProcessToken + B 778951EB 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenProcessTokenEx + 6 778951F6 4 Bytes [A8, FA, 47, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenProcessTokenEx + B 778951FB 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenThread + 6 77895256 4 Bytes [68, F9, 47, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenThread + B 7789525B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenThreadToken + 6 77895266 4 Bytes [68, FA, 47, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenThreadToken + B 7789526B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenThreadTokenEx + 6 77895276 4 Bytes CALL 76899A75 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenThreadTokenEx + B 7789527B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtQueryAttributesFile + 6 77895386 4 Bytes [A8, F8, 47, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtQueryAttributesFile + B 7789538B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtQueryFullAttributesFile + 6 77895436 4 Bytes CALL 76899C33 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtQueryFullAttributesFile + B 7789543B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtSetInformationFile + 6 77895A86 4 Bytes [28, F9, 47, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtSetInformationFile + B 77895A8B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtSetInformationThread + 6 77895AE6 4 Bytes [28, FA, 47, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtSetInformationThread + B 77895AEB 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtUnmapViewOfSection + 6 77895E06 4 Bytes [68, FB, 47, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtUnmapViewOfSection + B 77895E0B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtCreateFile + 6 77894A16 4 Bytes [28, 28, 66, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtCreateFile + B 77894A1B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtMapViewOfSection + 6 77895076 4 Bytes [28, 2B, 66, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtMapViewOfSection + B 7789507B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenFile + 6 77895126 4 Bytes [68, 28, 66, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenFile + B 7789512B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenProcess + 6 778951D6 4 Bytes [A8, 29, 66, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenProcess + B 778951DB 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenProcessToken + 6 778951E6 4 Bytes CALL 7689B814 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenProcessToken + B 778951EB 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenProcessTokenEx + 6 778951F6 4 Bytes [A8, 2A, 66, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenProcessTokenEx + B 778951FB 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenThread + 6 77895256 4 Bytes [68, 29, 66, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenThread + B 7789525B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenThreadToken + 6 77895266 4 Bytes [68, 2A, 66, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenThreadToken + B 7789526B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenThreadTokenEx + 6 77895276 4 Bytes CALL 7689B8A5 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenThreadTokenEx + B 7789527B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtQueryAttributesFile + 6 77895386 4 Bytes [A8, 28, 66, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtQueryAttributesFile + B 7789538B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtQueryFullAttributesFile + 6 77895436 4 Bytes CALL 7689BA63 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtQueryFullAttributesFile + B 7789543B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtSetInformationFile + 6 77895A86 4 Bytes [28, 29, 66, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtSetInformationFile + B 77895A8B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtSetInformationThread + 6 77895AE6 4 Bytes [28, 2A, 66, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtSetInformationThread + B 77895AEB 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtUnmapViewOfSection + 6 77895E06 4 Bytes [68, 2B, 66, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtUnmapViewOfSection + B 77895E0B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3428] ntdll.dll!NtCreateFile + 6 77894A16 4 Bytes [28, 58, A7, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3428] ntdll.dll!NtCreateFile + B 77894A1B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3428] ntdll.dll!NtMapViewOfSection + 6 77895076 4 Bytes [28, 5B, A7, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3428] ntdll.dll!NtMapViewOfSection + B 7789507B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3428] ntdll.dll!NtOpenFile + 6 77895126 4 Bytes [68, 58, A7, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3428] ntdll.dll!NtOpenFile + B 7789512B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3428] ntdll.dll!NtOpenProcess + 6 778951D6 4 Bytes [A8, 59, A7, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3428] ntdll.dll!NtOpenProcess + B 778951DB 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3428] ntdll.dll!NtOpenProcessToken + 6 778951E6 4 Bytes CALL 7689F944 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3428] ntdll.dll!NtOpenProcessToken + B 778951EB 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3428] ntdll.dll!NtOpenProcessTokenEx + 6 778951F6 4 Bytes [A8, 5A, A7, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3428] ntdll.dll!NtOpenProcessTokenEx + B 778951FB 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3428] ntdll.dll!NtOpenThread + 6 77895256 4 Bytes [68, 59, A7, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3428] ntdll.dll!NtOpenThread + B 7789525B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3428] ntdll.dll!NtOpenThreadToken + 6 77895266 4 Bytes [68, 5A, A7, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3428] ntdll.dll!NtOpenThreadToken + B 7789526B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3428] ntdll.dll!NtOpenThreadTokenEx + 6 77895276 4 Bytes CALL 7689F9D5 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3428] ntdll.dll!NtOpenThreadTokenEx + B 7789527B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3428] ntdll.dll!NtQueryAttributesFile + 6 77895386 4 Bytes [A8, 58, A7, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3428] ntdll.dll!NtQueryAttributesFile + B 7789538B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3428] ntdll.dll!NtQueryFullAttributesFile + 6 77895436 4 Bytes CALL 7689FB93 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3428] ntdll.dll!NtQueryFullAttributesFile + B 7789543B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3428] ntdll.dll!NtSetInformationFile + 6 77895A86 4 Bytes [28, 59, A7, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3428] ntdll.dll!NtSetInformationFile + B 77895A8B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3428] ntdll.dll!NtSetInformationThread + 6 77895AE6 4 Bytes [28, 5A, A7, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3428] ntdll.dll!NtSetInformationThread + B 77895AEB 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3428] ntdll.dll!NtUnmapViewOfSection + 6 77895E06 4 Bytes [68, 5B, A7, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3428] ntdll.dll!NtUnmapViewOfSection + B 77895E0B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtCreateFile + 6 77894A16 4 Bytes [28, BC, A7, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtCreateFile + B 77894A1B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtMapViewOfSection + 6 77895076 4 Bytes [28, BF, A7, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtMapViewOfSection + B 7789507B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenFile + 6 77895126 4 Bytes [68, BC, A7, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenFile + B 7789512B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenProcess + 6 778951D6 4 Bytes [A8, BD, A7, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenProcess + B 778951DB 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenProcessToken + 6 778951E6 4 Bytes CALL 7689F9A8 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenProcessToken + B 778951EB 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenProcessTokenEx + 6 778951F6 4 Bytes [A8, BE, A7, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenProcessTokenEx + B 778951FB 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenThread + 6 77895256 4 Bytes [68, BD, A7, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenThread + B 7789525B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenThreadToken + 6 77895266 4 Bytes [68, BE, A7, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenThreadToken + B 7789526B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenThreadTokenEx + 6 77895276 4 Bytes CALL 7689FA39 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenThreadTokenEx + B 7789527B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtQueryAttributesFile + 6 77895386 4 Bytes [A8, BC, A7, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtQueryAttributesFile + B 7789538B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtQueryFullAttributesFile + 6 77895436 4 Bytes CALL 7689FBF7 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtQueryFullAttributesFile + B 7789543B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtSetInformationFile + 6 77895A86 4 Bytes [28, BD, A7, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtSetInformationFile + B 77895A8B 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtSetInformationThread + 6 77895AE6 4 Bytes [28, BE, A7, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtSetInformationThread + B 77895AEB 1 Byte [E2] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtUnmapViewOfSection + 6 77895E06 4 Bytes [68, BF, A7, 00] .text C:\Users\Domownicy\AppData\Local\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtUnmapViewOfSection + B 77895E0B 1 Byte [E2] ---- Kernel IAT/EAT - GMER 2.0 ---- IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8CC9F042] \SystemRoot\System32\Drivers\spkq.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8CC9F6D6] \SystemRoot\System32\Drivers\spkq.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8CC9F800] \SystemRoot\System32\Drivers\spkq.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8CC9F13E] \SystemRoot\System32\Drivers\spkq.sys IAT \SystemRoot\System32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [8D52ED56] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.) ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFB 0x32 0x8D 0x9F ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFB 0x32 0x8D 0x9F ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x00 0x65 0xDC 0x8A ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x91 0xB3 0xBB 0x01 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xE3 0xA0 0x28 0xCD ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x27 0x46 0x2E 0x71 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xD8 0xF4 0x9E 0xE7 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Domownicy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA Games\Need for Speed\x2122 Most Wanted\Need for Speed\x2122 Most Wanted Safemode.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games\Need for Speed\x2122 Most Wanted\Need for Speed\x2122 Most Wanted Safemode.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Domownicy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA Games\Need for Speed\x2122 Most Wanted\EAsy Info.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games\Need for Speed\x2122 Most Wanted\EAsy Info.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Domownicy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA Games\Need for Speed\x2122 Most Wanted\Electronic Registration.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games\Need for Speed\x2122 Most Wanted\Electronic Registration.lnk 1 ---- EOF - GMER 2.0 ----