GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-08-08 08:38:40 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0001 Running: 2lxz2cjk.exe; Driver: C:\Users\uniprox\AppData\Local\Temp\pxrdypoc.sys ---- System - GMER 1.0.15 ---- SSDT 94510606 ZwCreateSection SSDT 94510610 ZwRequestWaitReplyPort SSDT 9451060B ZwSetContextThread SSDT 94510615 ZwSetSecurityObject SSDT 9451061A ZwSystemDebugControl SSDT 945105A7 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ZwRollbackEnlistment + 1409 83485989 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 834A54E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 14BF 834AC87C 4 Bytes [06, 06, 51, 94] {PUSH ES; PUSH ES; PUSH ECX; XCHG ESP, EAX} .text ntoskrnl.exe!KeRemoveQueueEx + 181B 834ACBD8 4 Bytes [10, 06, 51, 94] {ADC [ESI], AL; PUSH ECX; XCHG ESP, EAX} .text ntoskrnl.exe!KeRemoveQueueEx + 185F 834ACC1C 4 Bytes [0B, 06, 51, 94] {OR EAX, [ESI]; PUSH ECX; XCHG ESP, EAX} .text ntoskrnl.exe!KeRemoveQueueEx + 18DB 834ACC98 4 Bytes [15, 06, 51, 94] .text ntoskrnl.exe!KeRemoveQueueEx + 192F 834ACCEC 4 Bytes [1A, 06, 51, 94] {SBB AL, [ESI]; PUSH ECX; XCHG ESP, EAX} .text ... .text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x94C28000, 0x2DEB7A, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtCreateFile + 6 779E55CE 4 Bytes [28, 00, 28, 00] {SUB [EAX], AL; SUB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtCreateFile + B 779E55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtMapViewOfSection + 6 779E5C2E 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtMapViewOfSection + 6 779E5C2E 4 Bytes [28, 03, 28, 00] {SUB [EBX], AL; SUB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtMapViewOfSection + B 779E5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtOpenFile + 6 779E5CDE 4 Bytes [68, 00, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtOpenFile + B 779E5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtOpenProcess + 6 779E5D8E 4 Bytes [A8, 01, 28, 00] {TEST AL, 0x1; SUB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtOpenProcess + B 779E5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtOpenProcessToken + B 779E5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtOpenProcessTokenEx + 6 779E5DAE 4 Bytes [A8, 02, 28, 00] {TEST AL, 0x2; SUB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtOpenProcessTokenEx + B 779E5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtOpenThread + 6 779E5E0E 4 Bytes [68, 01, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtOpenThread + B 779E5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtOpenThreadToken + 6 779E5E1E 4 Bytes [68, 02, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtOpenThreadToken + B 779E5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtOpenThreadTokenEx + B 779E5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtQueryAttributesFile + 6 779E5F3E 4 Bytes [A8, 00, 28, 00] {TEST AL, 0x0; SUB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtQueryAttributesFile + B 779E5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtQueryFullAttributesFile + B 779E5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtSetInformationFile + 6 779E663E 4 Bytes [28, 01, 28, 00] {SUB [ECX], AL; SUB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtSetInformationFile + B 779E6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtSetInformationThread + 6 779E669E 4 Bytes [28, 02, 28, 00] {SUB [EDX], AL; SUB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtSetInformationThread + B 779E66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtUnmapViewOfSection + 6 779E69BE 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtUnmapViewOfSection + 6 779E69BE 4 Bytes [68, 03, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtUnmapViewOfSection + B 779E69C3 1 Byte [E2] .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4032] kernel32.dll!SetUnhandledExceptionFilter 7760F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtCreateFile + 6 779E55CE 4 Bytes [28, 00, 19, 00] {SUB [EAX], AL; SBB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtCreateFile + B 779E55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtMapViewOfSection + 6 779E5C2E 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtMapViewOfSection + 6 779E5C2E 4 Bytes [28, 03, 19, 00] {SUB [EBX], AL; SBB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtMapViewOfSection + B 779E5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenFile + 6 779E5CDE 4 Bytes [68, 00, 19, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenFile + B 779E5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcess + 6 779E5D8E 4 Bytes [A8, 01, 19, 00] {TEST AL, 0x1; SBB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcess + B 779E5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcessToken + B 779E5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcessTokenEx + 6 779E5DAE 4 Bytes [A8, 02, 19, 00] {TEST AL, 0x2; SBB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcessTokenEx + B 779E5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThread + 6 779E5E0E 4 Bytes [68, 01, 19, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThread + B 779E5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThreadToken + 6 779E5E1E 4 Bytes [68, 02, 19, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThreadToken + B 779E5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThreadTokenEx + B 779E5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtQueryAttributesFile + 6 779E5F3E 4 Bytes [A8, 00, 19, 00] {TEST AL, 0x0; SBB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtQueryAttributesFile + B 779E5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtQueryFullAttributesFile + B 779E5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtSetInformationFile + 6 779E663E 4 Bytes [28, 01, 19, 00] {SUB [ECX], AL; SBB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtSetInformationFile + B 779E6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtSetInformationThread + 6 779E669E 4 Bytes [28, 02, 19, 00] {SUB [EDX], AL; SBB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtSetInformationThread + B 779E66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtUnmapViewOfSection + 6 779E69BE 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtUnmapViewOfSection + 6 779E69BE 4 Bytes [68, 03, 19, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtUnmapViewOfSection + B 779E69C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6300] ntdll.dll!NtCreateFile + 6 779E55CE 4 Bytes [28, 00, 09, 00] {SUB [EAX], AL; OR [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6300] ntdll.dll!NtCreateFile + B 779E55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6300] ntdll.dll!NtMapViewOfSection + 6 779E5C2E 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6300] ntdll.dll!NtMapViewOfSection + 6 779E5C2E 4 Bytes [28, 03, 09, 00] {SUB [EBX], AL; OR [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6300] ntdll.dll!NtMapViewOfSection + B 779E5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6300] ntdll.dll!NtOpenFile + 6 779E5CDE 4 Bytes [68, 00, 09, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6300] ntdll.dll!NtOpenFile + B 779E5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6300] ntdll.dll!NtOpenProcess + 6 779E5D8E 4 Bytes [A8, 01, 09, 00] {TEST AL, 0x1; OR [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6300] ntdll.dll!NtOpenProcess + B 779E5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6300] ntdll.dll!NtOpenProcessToken + B 779E5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6300] ntdll.dll!NtOpenProcessTokenEx + 6 779E5DAE 4 Bytes [A8, 02, 09, 00] {TEST AL, 0x2; OR [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6300] ntdll.dll!NtOpenProcessTokenEx + B 779E5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6300] ntdll.dll!NtOpenThread + 6 779E5E0E 4 Bytes [68, 01, 09, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6300] ntdll.dll!NtOpenThread + B 779E5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6300] ntdll.dll!NtOpenThreadToken + 6 779E5E1E 4 Bytes [68, 02, 09, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6300] ntdll.dll!NtOpenThreadToken + B 779E5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6300] ntdll.dll!NtOpenThreadTokenEx + B 779E5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6300] ntdll.dll!NtQueryAttributesFile + 6 779E5F3E 4 Bytes [A8, 00, 09, 00] {TEST AL, 0x0; OR [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6300] ntdll.dll!NtQueryAttributesFile + B 779E5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6300] ntdll.dll!NtQueryFullAttributesFile + B 779E5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6300] ntdll.dll!NtSetInformationFile + 6 779E663E 4 Bytes [28, 01, 09, 00] {SUB [ECX], AL; OR [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6300] ntdll.dll!NtSetInformationFile + B 779E6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6300] ntdll.dll!NtSetInformationThread + 6 779E669E 4 Bytes [28, 02, 09, 00] {SUB [EDX], AL; OR [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6300] ntdll.dll!NtSetInformationThread + B 779E66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6300] ntdll.dll!NtUnmapViewOfSection + 6 779E69BE 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6300] ntdll.dll!NtUnmapViewOfSection + 6 779E69BE 4 Bytes [68, 03, 09, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6300] ntdll.dll!NtUnmapViewOfSection + B 779E69C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtCreateFile + 6 779E55CE 4 Bytes [28, 00, 1C, 00] {SUB [EAX], AL; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtCreateFile + B 779E55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtMapViewOfSection + 6 779E5C2E 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtMapViewOfSection + 6 779E5C2E 4 Bytes [28, 03, 1C, 00] {SUB [EBX], AL; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtMapViewOfSection + B 779E5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtOpenFile + 6 779E5CDE 4 Bytes [68, 00, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtOpenFile + B 779E5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtOpenProcess + 6 779E5D8E 4 Bytes [A8, 01, 1C, 00] {TEST AL, 0x1; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtOpenProcess + B 779E5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtOpenProcessToken + B 779E5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtOpenProcessTokenEx + 6 779E5DAE 4 Bytes [A8, 02, 1C, 00] {TEST AL, 0x2; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtOpenProcessTokenEx + B 779E5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtOpenThread + 6 779E5E0E 4 Bytes [68, 01, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtOpenThread + B 779E5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtOpenThreadToken + 6 779E5E1E 4 Bytes [68, 02, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtOpenThreadToken + B 779E5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtOpenThreadTokenEx + B 779E5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtQueryAttributesFile + 6 779E5F3E 4 Bytes [A8, 00, 1C, 00] {TEST AL, 0x0; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtQueryAttributesFile + B 779E5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtQueryFullAttributesFile + B 779E5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtSetInformationFile + 6 779E663E 4 Bytes [28, 01, 1C, 00] {SUB [ECX], AL; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtSetInformationFile + B 779E6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtSetInformationThread + 6 779E669E 4 Bytes [28, 02, 1C, 00] {SUB [EDX], AL; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtSetInformationThread + B 779E66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtUnmapViewOfSection + 6 779E69BE 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtUnmapViewOfSection + 6 779E69BE 4 Bytes [68, 03, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6336] ntdll.dll!NtUnmapViewOfSection + B 779E69C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6572] ntdll.dll!NtCreateFile + 6 779E55CE 4 Bytes [28, 00, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6572] ntdll.dll!NtCreateFile + B 779E55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6572] ntdll.dll!NtMapViewOfSection + 6 779E5C2E 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6572] ntdll.dll!NtMapViewOfSection + 6 779E5C2E 4 Bytes [28, 03, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6572] ntdll.dll!NtMapViewOfSection + B 779E5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6572] ntdll.dll!NtOpenFile + 6 779E5CDE 4 Bytes [68, 00, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6572] ntdll.dll!NtOpenFile + B 779E5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6572] ntdll.dll!NtOpenProcess + 6 779E5D8E 4 Bytes [A8, 01, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6572] ntdll.dll!NtOpenProcess + B 779E5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6572] ntdll.dll!NtOpenProcessToken + B 779E5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6572] ntdll.dll!NtOpenProcessTokenEx + 6 779E5DAE 4 Bytes [A8, 02, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6572] ntdll.dll!NtOpenProcessTokenEx + B 779E5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6572] ntdll.dll!NtOpenThread + 6 779E5E0E 4 Bytes [68, 01, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6572] ntdll.dll!NtOpenThread + B 779E5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6572] ntdll.dll!NtOpenThreadToken + 6 779E5E1E 4 Bytes [68, 02, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6572] ntdll.dll!NtOpenThreadToken + B 779E5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6572] ntdll.dll!NtOpenThreadTokenEx + B 779E5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6572] ntdll.dll!NtQueryAttributesFile + 6 779E5F3E 4 Bytes [A8, 00, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6572] ntdll.dll!NtQueryAttributesFile + B 779E5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6572] ntdll.dll!NtQueryFullAttributesFile + B 779E5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6572] ntdll.dll!NtSetInformationFile + 6 779E663E 4 Bytes [28, 01, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6572] ntdll.dll!NtSetInformationFile + B 779E6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6572] ntdll.dll!NtSetInformationThread + 6 779E669E 4 Bytes [28, 02, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6572] ntdll.dll!NtSetInformationThread + B 779E66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6572] ntdll.dll!NtUnmapViewOfSection + 6 779E69BE 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6572] ntdll.dll!NtUnmapViewOfSection + 6 779E69BE 4 Bytes [68, 03, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6572] ntdll.dll!NtUnmapViewOfSection + B 779E69C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6612] ntdll.dll!NtCreateFile + 6 779E55CE 4 Bytes [28, 00, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6612] ntdll.dll!NtCreateFile + B 779E55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6612] ntdll.dll!NtMapViewOfSection + 6 779E5C2E 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6612] ntdll.dll!NtMapViewOfSection + 6 779E5C2E 4 Bytes [28, 03, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6612] ntdll.dll!NtMapViewOfSection + B 779E5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6612] ntdll.dll!NtOpenFile + 6 779E5CDE 4 Bytes [68, 00, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6612] ntdll.dll!NtOpenFile + B 779E5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6612] ntdll.dll!NtOpenProcess + 6 779E5D8E 4 Bytes [A8, 01, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6612] ntdll.dll!NtOpenProcess + B 779E5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6612] ntdll.dll!NtOpenProcessToken + B 779E5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6612] ntdll.dll!NtOpenProcessTokenEx + 6 779E5DAE 4 Bytes [A8, 02, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6612] ntdll.dll!NtOpenProcessTokenEx + B 779E5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6612] ntdll.dll!NtOpenThread + 6 779E5E0E 4 Bytes [68, 01, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6612] ntdll.dll!NtOpenThread + B 779E5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6612] ntdll.dll!NtOpenThreadToken + 6 779E5E1E 4 Bytes [68, 02, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6612] ntdll.dll!NtOpenThreadToken + B 779E5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6612] ntdll.dll!NtOpenThreadTokenEx + B 779E5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6612] ntdll.dll!NtQueryAttributesFile + 6 779E5F3E 4 Bytes [A8, 00, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6612] ntdll.dll!NtQueryAttributesFile + B 779E5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6612] ntdll.dll!NtQueryFullAttributesFile + B 779E5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6612] ntdll.dll!NtSetInformationFile + 6 779E663E 4 Bytes [28, 01, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6612] ntdll.dll!NtSetInformationFile + B 779E6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6612] ntdll.dll!NtSetInformationThread + 6 779E669E 4 Bytes [28, 02, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6612] ntdll.dll!NtSetInformationThread + B 779E66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6612] ntdll.dll!NtUnmapViewOfSection + 6 779E69BE 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6612] ntdll.dll!NtUnmapViewOfSection + 6 779E69BE 4 Bytes [68, 03, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6612] ntdll.dll!NtUnmapViewOfSection + B 779E69C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6724] ntdll.dll!NtCreateFile + 6 779E55CE 4 Bytes [28, 00, 22, 00] {SUB [EAX], AL; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6724] ntdll.dll!NtCreateFile + B 779E55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6724] ntdll.dll!NtMapViewOfSection + 6 779E5C2E 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6724] ntdll.dll!NtMapViewOfSection + 6 779E5C2E 4 Bytes [28, 03, 22, 00] {SUB [EBX], AL; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6724] ntdll.dll!NtMapViewOfSection + B 779E5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6724] ntdll.dll!NtOpenFile + 6 779E5CDE 4 Bytes [68, 00, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6724] ntdll.dll!NtOpenFile + B 779E5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6724] ntdll.dll!NtOpenProcess + 6 779E5D8E 4 Bytes [A8, 01, 22, 00] {TEST AL, 0x1; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6724] ntdll.dll!NtOpenProcess + B 779E5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6724] ntdll.dll!NtOpenProcessToken + B 779E5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6724] ntdll.dll!NtOpenProcessTokenEx + 6 779E5DAE 4 Bytes [A8, 02, 22, 00] {TEST AL, 0x2; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6724] ntdll.dll!NtOpenProcessTokenEx + B 779E5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6724] ntdll.dll!NtOpenThread + 6 779E5E0E 4 Bytes [68, 01, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6724] ntdll.dll!NtOpenThread + B 779E5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6724] ntdll.dll!NtOpenThreadToken + 6 779E5E1E 4 Bytes [68, 02, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6724] ntdll.dll!NtOpenThreadToken + B 779E5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6724] ntdll.dll!NtOpenThreadTokenEx + B 779E5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6724] ntdll.dll!NtQueryAttributesFile + 6 779E5F3E 4 Bytes [A8, 00, 22, 00] {TEST AL, 0x0; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6724] ntdll.dll!NtQueryAttributesFile + B 779E5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6724] ntdll.dll!NtQueryFullAttributesFile + B 779E5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6724] ntdll.dll!NtSetInformationFile + 6 779E663E 4 Bytes [28, 01, 22, 00] {SUB [ECX], AL; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6724] ntdll.dll!NtSetInformationFile + B 779E6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6724] ntdll.dll!NtSetInformationThread + 6 779E669E 4 Bytes [28, 02, 22, 00] {SUB [EDX], AL; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6724] ntdll.dll!NtSetInformationThread + B 779E66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6724] ntdll.dll!NtUnmapViewOfSection + 6 779E69BE 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6724] ntdll.dll!NtUnmapViewOfSection + 6 779E69BE 4 Bytes [68, 03, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6724] ntdll.dll!NtUnmapViewOfSection + B 779E69C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6936] ntdll.dll!NtCreateFile + 6 779E55CE 4 Bytes [28, 00, 28, 00] {SUB [EAX], AL; SUB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6936] ntdll.dll!NtCreateFile + B 779E55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6936] ntdll.dll!NtMapViewOfSection + 6 779E5C2E 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6936] ntdll.dll!NtMapViewOfSection + 6 779E5C2E 4 Bytes [28, 03, 28, 00] {SUB [EBX], AL; SUB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6936] ntdll.dll!NtMapViewOfSection + B 779E5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6936] ntdll.dll!NtOpenFile + 6 779E5CDE 4 Bytes [68, 00, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6936] ntdll.dll!NtOpenFile + B 779E5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6936] ntdll.dll!NtOpenProcess + 6 779E5D8E 4 Bytes [A8, 01, 28, 00] {TEST AL, 0x1; SUB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6936] ntdll.dll!NtOpenProcess + B 779E5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6936] ntdll.dll!NtOpenProcessToken + B 779E5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6936] ntdll.dll!NtOpenProcessTokenEx + 6 779E5DAE 4 Bytes [A8, 02, 28, 00] {TEST AL, 0x2; SUB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6936] ntdll.dll!NtOpenProcessTokenEx + B 779E5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6936] ntdll.dll!NtOpenThread + 6 779E5E0E 4 Bytes [68, 01, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6936] ntdll.dll!NtOpenThread + B 779E5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6936] ntdll.dll!NtOpenThreadToken + 6 779E5E1E 4 Bytes [68, 02, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6936] ntdll.dll!NtOpenThreadToken + B 779E5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6936] ntdll.dll!NtOpenThreadTokenEx + B 779E5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6936] ntdll.dll!NtQueryAttributesFile + 6 779E5F3E 4 Bytes [A8, 00, 28, 00] {TEST AL, 0x0; SUB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6936] ntdll.dll!NtQueryAttributesFile + B 779E5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6936] ntdll.dll!NtQueryFullAttributesFile + B 779E5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6936] ntdll.dll!NtSetInformationFile + 6 779E663E 4 Bytes [28, 01, 28, 00] {SUB [ECX], AL; SUB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6936] ntdll.dll!NtSetInformationFile + B 779E6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6936] ntdll.dll!NtSetInformationThread + 6 779E669E 4 Bytes [28, 02, 28, 00] {SUB [EDX], AL; SUB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6936] ntdll.dll!NtSetInformationThread + B 779E66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6936] ntdll.dll!NtUnmapViewOfSection + 6 779E69BE 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6936] ntdll.dll!NtUnmapViewOfSection + 6 779E69BE 4 Bytes [68, 03, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6936] ntdll.dll!NtUnmapViewOfSection + B 779E69C3 1 Byte [E2] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\windows\Explorer.EXE[1968] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [747024CB] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1968] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [746E562E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1968] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [746E56EC] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1968] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree] [74702546] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1968] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [746F85AA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1968] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [746F4D5E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1968] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [746F5105] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1968] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [746F51DA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1968] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [746F6707] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1968] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [746F8301] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1968] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [746F8850] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1968] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [746F90B1] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1968] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [746FE254] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1968] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [746F4C90] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011678325c6 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ea57be Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ea6bb2 Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????????????????????????????????????????????????????????? ?????????????????????1????????????????????????????????????????? ?????????????????????1????????(???????????????????????????????STORAGE\VolumeSnapshot??????????????????????? ?????????????????????1????????????????????????????????????????????????????????HUAWEI Mobile Connect - 3G PC UI Interface?OT\???????????????????????????????????????????????????e??COM11???? ???????e??????r???????????????? ???????A???????????????????? ?(???????????? ??????????????????Microsoft????????????????????????????????A??????????????? ??????????????????? (?????????????????.NTx86?v?l??Microsoft???volume_install??????? ???A??????????????6-21-2006???6-21-2006???? ???????????????)??6.1.7601.17514??????????????????????????storage\volume??????????????????????????Wolumin uniwersalny?????????????????????.NT?????????????????????????wpdfs.inf???? ???????A???????????????????? ?L?????????? Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ??????????\??????5???????????????i??????????????? ??vi??????????? ???????????????????i??????????????????????????????????????? ???????????????????g????????"???C???????????????N??????????????????????????5?????????'?&??????????????????????????????? ???????/?????????????-??"??????????????????????0??? ???????????????????g????????"???D??????????????????????????????????????????????????????o????????????????*?????????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip_{9D670816-8A02-432B-A9C2-CE287418D7B9}] DATAGRAM 16???s??????????????????? ?????????????????????-??"???&?????????????????87??? ????????????????????????????????????m?????????????usbstor.inf?????????????????.NTx86??????? ?????????????????????-??"???&????? ???????????Port_#0001.Hub_#0005?j???????????0??????0-??? ?????????????????????-?????????????????f??????????{00000000-0000-0000-0000-000000000000}?pro??{00000000-0000-0000-0000-000000000000}??????? l??????j?????j?j??USB\VID_12D1&PID_1001&REV_0000?USB\VID_12D1&PID_1001????? ???????k???????k????N??????k?????D?k? Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011678325c6 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ea57be (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ea6bb2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???p?p??????????????????Keyboard Port????|???|???????s????????n?????????????? ???????o??????????????????????R?]????????????????????g?????????u???????????p?p?p??system32\DRIVERS\hidusb.sys?\hidusb.sys???????V??r?????????e?????p??????RpcSs?????????T??s????????h??????????p??????p???????????????????????????????????????t?????N??p???????????d???p????$??p??????????????Global\MMF_BITS_s????o?o?p?p?p?o?p?p?p?p?p?pPe????\????????????e????????????????t?????P???????????h??????????????????????p???????????o?o?o?o?o?pt???? ??????????????r????????????????????????? ??o?????????t????? ????????????????????????????????p?????????????? ???????p???????????p??????????????????????????????4?? ?????????? ????\???????????????????? ??????????????????????????? ??????? ????????p?????o???o???p????????? ???????o???????????o??????????T?>??????????????????????????p??@%SystemRoot%\system32\drivers\fileinfo.sys,-100????? ??1???????????????????????????????????????File system?????????????????????????????????????????????????????????? ???????o????? Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???p?e?????????????????????????????p????@%SystemRoot%\system32\drivers\fileinfo.sys,-101????????t???ServiceMain??????????i???????e??ProfSvc_Group????????o??????p???????????? ???????o?????p?? ???????????(???T?????m????????p???0???2???????????????????????_??FSFilter Virtualization?????Parport??&??????????????????????7&37fd834b&0?j???????&???{?|????????????????????????%SystemRoot%\System32\wevtsvc.dll?????P??t?????????n????????????????????????????t???????????????ms???????????/????????P??p?????????e???????????????????5????????????????????????t2??????????????????????p????????p?????????n???????????????????????e??????????????????????????????????????????????J??q?????????e????*pnp0c0b????? ???????p?????????????,???????????? ???????????? ???????o?????p?????p????????$???U????????c????@%SystemRoot%\System32\certprop.dll,-11???????Z??p????????h?????%SystemRoot%\system32\svchost.exe -k netsvcs??????P??p?????????n????@%SystemRoot%\System32\certprop.dll,-12?????? ???p??????????????LocalSystem?????RpcSs??????????????????????