GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-08-18 16:08:48 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-14 WDC_WD5000AAKS-22A7B0 rev.01.03B01 465,76GB Running: r0do403o.exe; Driver: C:\DOCUME~1\GRSKI~1\USTAWI~1\Temp\awncipog.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xB42ECBA6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xB42ED684] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xB4331D80] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xB42F96F8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xB42F9744] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xB42F98DE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xB4331734] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xB42F9666] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xB42F9788] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xB42F96AE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xB42EDBBA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xB42F9898] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xB42EE472] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xB42ECC0C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xB4332446] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xB43326FC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xB42F1C68] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xB43322B1] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xB433211C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xB42EC7F8] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xB4562ED0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xB42ECC72] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xB42F205E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xB42EEF5A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xB42F9722] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xB42F9766] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xB42F9902] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xB4331A90] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xB42F968C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xB42F1560] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xB42F9816] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xB42F96D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xB42F194C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xB42F98BC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xB4562C6E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xB4331F97] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xB42EEDCE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xB4331DE9] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xB42EE924] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xB4570E1A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xB4330D77] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xB42ECCD8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xB42ECD3E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xB42EE2EC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xB42EC892] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xB42ECA64] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xB433254D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xB42EC9F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xB42EE63C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xB42EE79E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xB42ECAEC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xB42EE12A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xB42EE2CC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xB42ECDA4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xB42ED6E0] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2F4C 80504834 4 Bytes [E9, 1D, 33, B4] .text ntkrnlpa.exe!ZwCallbackReturn + 2F58 80504840 4 Bytes JMP D030FC73 .text ntkrnlpa.exe!ZwCallbackReturn + 2FD4 805048BC 12 Bytes [D8, CC, 2E, B4, 3E, CD, 2E, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 307C 80504964 12 Bytes [3C, E6, 2E, B4, 9E, E7, 2E, ...] {CMP AL, 0xe6; MOV AH, 0x9e; OUT 0x2e, EAX; MOV AH, 0xec; RETF 0xb42e} PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64DC 4 Bytes CALL B42EF62B \SystemRoot\system32\drivers\aswSnx.sys .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7145380, 0x8D6CD5, 0xE8000020] init C:\WINDOWS\system32\drivers\p17xfilt.sys entry point in "init" section [0xB6E3F130] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\svchost.exe[124] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[124] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Update\GoogleUpdate.exe[164] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Update\GoogleUpdate.exe[164] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[200] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[200] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[244] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[244] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\RUNDLL32.EXE[440] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\RUNDLL32.EXE[440] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[484] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[484] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[520] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[520] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 7C, 94, 00] {SUB [ESP+EDX*4+0x0], BH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 7F, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 7C, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 7D, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B916A96 .text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 7E, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 7D, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 7E, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B916B07 .text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 7C, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B916C35 .text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 7D, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 7E, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 7F, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00D201F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00D203FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[580] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[720] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[720] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[728] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[728] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[752] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[752] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[752] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[764] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[764] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text E:\Program Files\iTunes\iTunesHelper.exe[784] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text E:\Program Files\iTunes\iTunesHelper.exe[784] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe[812] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe[812] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[844] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[844] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[888] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[912] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\services.exe[956] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[956] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, CC, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, CF, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, CC, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, CD, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ECE6 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, CE, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, CD, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, CE, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED57 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, CC, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EE85 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, CD, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, CE, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, CF, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003F03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1168] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1272] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1412] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1412] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[1512] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[1512] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1516] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1516] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[1572] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[1572] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, BC, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, BF, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, BC, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, BD, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9134D6 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, BE, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, BD, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, BE, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B913547 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, BC, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B913675 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, BD, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, BE, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, BF, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 009C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 009C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1612] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1612] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\Rundll32.exe[1680] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\Rundll32.exe[1680] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1768] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1768] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1768] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1900] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1900] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2032] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2032] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2116] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2116] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\Górski\Moje dokumenty\Downloads\r0do403o.exe[2136] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Górski\Moje dokumenty\Downloads\r0do403o.exe[2136] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2148] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, A8, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2148] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2148] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, AB, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2148] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2148] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, A8, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2148] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2148] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, A9, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2148] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2148] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9168C2 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2148] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2148] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, AA, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2148] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2148] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, A9, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2148] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2148] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, AA, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2148] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2148] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B916933 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2148] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2148] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, A8, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2148] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2148] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B916A61 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2148] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2148] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, A9, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2148] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2148] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, AA, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2148] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2148] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, AB, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2148] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2148] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00CF01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2148] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2148] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00CF03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2148] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2164] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2164] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, D8, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, DB, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, D8, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, D9, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ECF2 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, DA, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, D9, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, DA, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED63 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, D8, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EE91 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, D9, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, DA, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, DB, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[2512] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[2512] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2596] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2636] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2636] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2872] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2872] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 48, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 4B, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 48, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 49, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912562 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 4A, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 49, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 4A, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9125D3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 48, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912701 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 49, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 4A, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 4B, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 008D01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 008D03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3224] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3224] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3608] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3608] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [18, 10, C4, 01] {SBB [EAX], DL; LES EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3760] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\iPod\bin\iPodService.exe[3860] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\iPod\bin\iPodService.exe[3860] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4040] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4040] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, E4, D8, 00] {SUB AH, AH; FADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, E7, D8, 00] {SUB BH, AH; FADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, E4, D8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, E5, D8, 00] {TEST AL, 0xe5; FADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91AEFE .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, E6, D8, 00] {TEST AL, 0xe6; FADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, E5, D8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, E6, D8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91AF6F .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, E4, D8, 00] {TEST AL, 0xe4; FADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91B09D .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, E5, D8, 00] {SUB CH, AH; FADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, E6, D8, 00] {SUB DH, AH; FADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, E7, D8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 011601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 011603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4068] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[956] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[956] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys ---- Files - GMER 2.1 ---- File C:\Documents and Settings\Górski\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cache\f_000f4f 89384 bytes ---- EOF - GMER 2.1 ----