GMER 2.1.18952 - http://www.gmer.net Rootkit scan 2013-02-15 18:55:27 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS542512K9SA00 rev.BB2OC31P 111.79GB Running: ftnbcggh.exe; Driver: C:\DOCUME~1\ewelinka\USTAWI~1\Temp\pxrdapod.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xEC3AC4BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xEC3ACED6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xEC3EE811] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xEC3B7FA8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xEC3B7FF4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xEC3B8176] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xEC3EE1C5] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xEC3B7F16] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xEC3B8038] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xEC3B7F5E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xEC3AD11C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xEC3B8130] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xEC3AD93E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xEC3AC508] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xEC3EEED7] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xEC3EF18D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xEC3B11C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xEC3EED42] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xEC3EEBAD] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xEC3AC170] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xEC3AC556] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xEC3B1534] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xEC3AE3A6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xEC3B7FD2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xEC3B8016] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xEC3B819A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xEC3EE521] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xEC3B7F3C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xEC3B0C3E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xEC3B80BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xEC3B7F86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xEC3B0F14] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xEC3B8154] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xEC3EEA28] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xEC3AE272] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xEC3EE87A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xEC3ADDD4] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xEC48E7D2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xEC3ED838] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xEC3AC5A4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xEC3AC5F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xEC3AD7BE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xEC3AC1FA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xEC3AC3AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xEC3EEFDE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xEC3AC350] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xEC3ADAF8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xEC3ADC54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xEC3AC41A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xEC3AD4D4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xEC3AD636] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xEC3AC640] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xEC3ACF1A] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEC49AE56] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 23C8 80501C00 4 Bytes [11, E8, 3E, EC] {ADC EAX, EBP; IN AL, DX} .text ntkrnlpa.exe!ZwCallbackReturn + 25E5 80501E1D 3 Bytes JMP 947EEC3E .text ntkrnlpa.exe!ZwCallbackReturn + 2628 80501E60 4 Bytes [7A, E8, 3E, EC] {JP 0xffffffea; IN AL, DX} .text ntkrnlpa.exe!ZwCallbackReturn + 26B0 80501EE8 12 Bytes [A4, C5, 3A, EC, F2, C5, 3A, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2758 80501F90 12 Bytes [F8, DA, 3A, EC, 54, DC, 3A, ...] {CLC ; FIDIVR DWORD [EDX]; IN AL, DX; PUSH ESP; FDIVR QWORD [EDX]; IN AL, DX; SBB AL, AH; CMP CH, AH} PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059B840 4 Bytes CALL EC3AEA77 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1CEC 5 Bytes JMP EC497CF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805B8B64 5 Bytes JMP EC499810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73F6 7 Bytes JMP EC49AE5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text win32k.sys!EngFreeUserMem + 674 BF8098FA 5 Bytes JMP EC3B2B4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 35D0 BF80C856 5 Bytes JMP EC3B2A3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF8138E9 5 Bytes JMP EC3B29F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 322E BF81E750 5 Bytes JMP EC3B1688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMulDiv + 199A BF820E4A 5 Bytes JMP EC3B20A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetLastError + 763C BF82864E 5 Bytes JMP EC3B17C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + 698 BF838524 5 Bytes JMP EC3B2CB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + BB6 BF838A42 5 Bytes JMP EC3B28FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + 3605 BF83B491 5 Bytes JMP EC3B2EBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + D99E BF84582A 5 Bytes JMP EC3B1834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + 113B9 BF849245 5 Bytes JMP EC3B2090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMultiByteToWideChar + 2E60 BF8526BA 5 Bytes JMP EC3B216A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMultiByteToWideChar + 2F20 BF85277A 5 Bytes JMP EC3B1670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMultiByteToWideChar + 849D BF857CF7 5 Bytes JMP EC3B2E1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 23AD BF8738DF 5 Bytes JMP EC3B2BFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBlt + 37BB BF878789 5 Bytes JMP EC3B2A86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 3617 BF88FF2D 5 Bytes JMP EC3B1CDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 413A BF890A50 5 Bytes JMP EC3B1E9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetLastError + 1606 BF8ADCD3 5 Bytes JMP EC3B2182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 4B2A BF8B36BA 5 Bytes JMP EC3B1C1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 4BB5 BF8B3745 5 Bytes JMP EC3B1EE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAlphaBlend + 9285 BF8C3136 5 Bytes JMP EC3B1944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_vGetBounds + 5039 BF8EDBA3 5 Bytes JMP EC3B1A1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_vGetBounds + 52B9 BF8EDE23 1 Byte [E9] .text win32k.sys!PATHOBJ_vGetBounds + 52B9 BF8EDE23 5 Bytes JMP EC3B1B48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_vGetBounds + 74DF BF8F0049 5 Bytes JMP EC3B156A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_vGetBounds + EDBC BF8F7926 5 Bytes JMP EC3B20C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 19C1 BF912991 5 Bytes JMP EC3B1760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2595 BF913565 5 Bytes JMP EC3B18F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4EF4 BF915EC4 5 Bytes JMP EC3B1FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 1931 BF943D27 5 Bytes JMP EC3B2D74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\spoolsv.exe[172] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[172] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[284] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[284] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[376] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 70, 55, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[376] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[376] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 73, 55, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[376] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[376] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 70, 55, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[376] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[376] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 71, 55, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[376] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[376] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912B8A .text C:\Program Files\Google\Chrome\Application\chrome.exe[376] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[376] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 72, 55, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[376] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[376] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 71, 55, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[376] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[376] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 72, 55, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[376] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[376] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912BFB .text C:\Program Files\Google\Chrome\Application\chrome.exe[376] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[376] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 70, 55, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[376] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[376] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912D29 .text C:\Program Files\Google\Chrome\Application\chrome.exe[376] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[376] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 71, 55, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[376] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[376] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 72, 55, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[376] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[376] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 73, 55, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[376] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[376] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[376] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[388] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[388] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[440] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\ATK Hotkey\Hcontrol.exe[696] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\ATK Hotkey\Hcontrol.exe[696] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\ATKOSD2\ATKOSD2.exe[704] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\ATKOSD2\ATKOSD2.exe[704] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[708] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[708] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[860] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[860] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[872] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[872] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\ASUS\ATK Media\DMEDIA.EXE[912] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\ASUS\ATK Media\DMEDIA.EXE[912] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\HPZipm12.exe[928] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\HPZipm12.exe[928] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[936] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[936] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, CC, B8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, CF, B8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, CC, B8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, CD, B8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B918EE6 .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, CE, B8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, CD, B8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, CE, B8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B918F57 .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, CC, B8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B919085 .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, CD, B8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, CE, B8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, CF, B8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[992] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Secunia\PSI\sua.exe[1000] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Secunia\PSI\sua.exe[1000] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[1024] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[1024] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1240] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1240] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\ASUS\Splendid\ACMON.exe[1292] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\ASUS\Splendid\ACMON.exe[1292] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\ewelinka\Moje dokumenty\Downloads\ftnbcggh.exe[1316] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Documents and Settings\ewelinka\Moje dokumenty\Downloads\ftnbcggh.exe[1316] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 88, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 8B, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 88, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 89, B3, 00] {TEST AL, 0x89; MOV BL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9189A2 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 8A, B3, 00] {TEST AL, 0x8a; MOV BL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 89, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 8A, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B918A13 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 88, B3, 00] {TEST AL, 0x88; MOV BL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B918B41 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 89, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 8A, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 8B, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1460] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1460] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe[1560] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe[1560] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[1588] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[1588] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Wireless Console 2\wcourier.exe[1724] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Wireless Console 2\wcourier.exe[1724] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1764] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\ACEngSvr.exe[1776] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\ACEngSvr.exe[1776] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1820] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1828] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 34, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 37, 00, 01] {SUB [EDI], DH; ADD [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 34, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 35, 00, 01] {TEST AL, 0x35; ADD [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91D64E .text C:\Program Files\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 36, 00, 01] {TEST AL, 0x36; ADD [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 35, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 36, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91D6BF .text C:\Program Files\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 34, 00, 01] {TEST AL, 0x34; ADD [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91D7ED .text C:\Program Files\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 35, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 36, 00, 01] {SUB [ESI], DH; ADD [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 37, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1868] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\ASUSTPE.exe[1904] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\ASUSTPE.exe[1904] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[1932] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[1932] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1992] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1992] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1992] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\ASScrPro.exe[2072] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\ASScrPro.exe[2072] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[2192] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[2192] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2292] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2292] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[2340] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[2340] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2396] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2396] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[2540] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[2540] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[2552] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[2552] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\ATK Hotkey\ATKOSD.exe[2804] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\ATK Hotkey\ATKOSD.exe[2804] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[2868] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[2868] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, F0, ED, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, F3, ED, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, F0, ED, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, F1, ED, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91C40A .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, F2, ED, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, F1, ED, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, F2, ED, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91C47B .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, F0, ED, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91C5A9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, F1, ED, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, F2, ED, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, F3, ED, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 28, D5, 00] {SUB [EAX], CH; AAD 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 2B, D5, 00] {SUB [EBX], CH; AAD 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 28, D5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 29, D5, 00] {TEST AL, 0x29; AAD 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91AB42 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 2A, D5, 00] {TEST AL, 0x2a; AAD 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 29, D5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 2A, D5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91ABB3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 28, D5, 00] {TEST AL, 0x28; AAD 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91ACE1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 29, D5, 00] {SUB [ECX], CH; AAD 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 2A, D5, 00] {SUB [EDX], CH; AAD 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 2B, D5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\ATK Hotkey\KBFiltr.exe[3632] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\ATK Hotkey\KBFiltr.exe[3632] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\ATK Hotkey\WDC.exe[3640] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\ATK Hotkey\WDC.exe[3640] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3780] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3780] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4080] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4080] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Google\Chrome\Application\chrome.exe[376] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 006C0010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[992] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00CF0010 IAT C:\WINDOWS\system32\services.exe[1068] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[1068] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[1432] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00CA0010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[1868] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 01160010 IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1992] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[2340] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3308] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 01040010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3544] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00EB0010 ---- Devices - GMER 2.1 ---- Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) Device aswSP.SYS (avast! self protection module/AVAST Software) Device Fastfat.sys (Fast FAT File System Driver/Microsoft Corporation) AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 (null) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA6 0x0F 0xB2 0x56 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x92 0xA7 0xFA 0x72 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD0 0xF2 0x74 0x72 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 (null) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA6 0x0F 0xB2 0x56 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x92 0xA7 0xFA 0x72 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD0 0xF2 0x74 0x72 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 (null) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD5 0x0B 0x63 0xE0 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xFF 0x06 0xE2 0x2C ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD0 0xF2 0x74 0x72 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 (null) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD5 0x0B 0x63 0xE0 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xFF 0x06 0xE2 0x2C ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD0 0xF2 0x74 0x72 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 (null) Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD5 0x0B 0x63 0xE0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xFF 0x06 0xE2 0x2C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD0 0xF2 0x74 0x72 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 (null) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD5 0x0B 0x63 0xE0 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xFF 0x06 0xE2 0x2C ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD0 0xF2 0x74 0x72 ... ---- EOF - GMER 2.1 ----