GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-08-27 15:21:14 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD5003ABYX-18WERA0 rev.01.01S02 465,76GB Running: 0o5lvy5z.exe; Driver: C:\DOCUME~1\98\USTAWI~1\Temp\uxxdrpog.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xED81CBA6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xED81D684] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xED861D80] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xED8296F8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xED829744] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xED8298DE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xED861734] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xED829666] SSDT d347bus.sys ZwCreatePagingFile [0xF74EAA20] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xED829788] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xED8296AE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xED81DBBA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xED829898] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xED81E472] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xED81CC0C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xED862446] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xED8626FC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xED821C68] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xED8622B1] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xED86211C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xED81C7F8] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xEDB32ED0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xED81CC72] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xED82205E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xED81EF5A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xED829722] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xED829766] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xED829902] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xED861A90] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xED82968C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xED821560] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xED829816] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xED8296D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xED82194C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xED8298BC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xEDB32C6E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xED861F97] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xED81EDCE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xED861DE9] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xED81E924] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xEDB40E1A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xED860D77] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xED81CCD8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xED81CD3E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xED81E2EC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xED81C892] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xED81CA64] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xED86254D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xED81C9F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xED81E63C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xED81E79E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xED81CAEC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xED81E12A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xED81E2CC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xED81CDA4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xED81D6E0] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2E88 80504714 4 Bytes JMP AB3DCD36 .text ntkrnlpa.exe!ZwCallbackReturn + 2E94 80504720 4 Bytes JMP CF0534A6 .text ntkrnlpa.exe!ZwCallbackReturn + 2F10 8050479C 12 Bytes [D8, CC, 81, ED, 3E, CD, 81, ...] {FMUL ST0, ST4; SUB EBP, 0xed81cd3e; IN AL, DX; LOOP 0xffffff8c; IN EAX, DX} .text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504844 12 Bytes [3C, E6, 81, ED, 9E, E7, 81, ...] {CMP AL, 0xe6; SUB EBP, 0xed81e79e; IN AL, DX; RETF 0xed81} PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A648C 4 Bytes CALL ED81F62B \SystemRoot\system32\drivers\aswSnx.sys .xreloc C:\WINDOWS\system32\drivers\sfsync05.sys unknown last section [0xF74A8000, 0xCA8, 0x40000040] ? System nie może odnaleźć określonej ścieżki. ! .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF649D000, 0x1C5D38, 0xE8000020] .text C:\WINDOWS\system32\drivers\ACEDRV07.sys section is writeable [0xEB406000, 0x328BA, 0xE8000020] .pklstb C:\WINDOWS\system32\drivers\ACEDRV07.sys entry point in ".pklstb" section [0xEB44A000] .relo2 C:\WINDOWS\system32\drivers\ACEDRV07.sys unknown last section [0xEB466000, 0x8E, 0x42000040] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\spoolsv.exe[188] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[188] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 0C, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 0F, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 0C, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 0D, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90FC08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 0E, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 0D, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 0E, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90FC79 .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 0C, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90FDA7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 0D, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 0E, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 0F, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 007201F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 007203FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[556] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[556] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[564] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[564] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[572] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[572] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\D-Tools\daemon.exe[580] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\D-Tools\daemon.exe[580] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[588] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[588] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[588] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[604] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[604] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[612] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[612] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[672] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[728] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[728] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[760] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[760] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[804] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\services.exe[804] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[816] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Skype\Phone\Skype.exe[944] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Skype\Phone\Skype.exe[944] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1000] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1000] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, B8, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, BB, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, B8, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, B9, 88, 00] {TEST AL, 0xb9; MOV [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B915EB4 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, BA, 88, 00] {TEST AL, 0xba; MOV [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, B9, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, BA, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B915F25 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, B8, 88, 00] {TEST AL, 0xb8; MOV [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B916053 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, B9, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, BA, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, BB, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00C601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00C603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1020] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text G:\Łukasz\torrent\uTorrent.exe[1028] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text G:\Łukasz\torrent\uTorrent.exe[1028] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1344] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1344] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1412] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1412] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1436] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1436] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1436] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1492] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1492] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1564] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1564] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\IePluginService\PluginService.exe[1752] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\IePluginService\PluginService.exe[1752] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\WinZipper\winzipersvc.exe[1796] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\WinZipper\winzipersvc.exe[1796] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\WPM\wprotectmanager.exe[1904] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\WPM\wprotectmanager.exe[1904] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 8C, 99, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 8F, 99, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 8C, 99, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 8D, 99, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B916F88 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 8E, 99, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 8D, 99, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 8E, 99, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B916FF9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 8C, 99, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B917127 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 8D, 99, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 8E, 99, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 8F, 99, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00D701F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00D703FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2824] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2852] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2852] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2852] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2852] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 98, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 9B, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 98, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 99, 30, 00] {TEST AL, 0x99; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B910694 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 9A, 30, 00] {TEST AL, 0x9a; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 99, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 9A, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B910705 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 98, 30, 00] {TEST AL, 0x98; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B910833 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 99, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 9A, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 9B, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003F03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2924] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2932] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2932] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\IBUpdaterService\ibsvc.exe[3048] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\IBUpdaterService\ibsvc.exe[3048] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[3180] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[3180] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 9C, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 9F, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 9C, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 9D, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B913498 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 9E, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 9D, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 9E, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B913509 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 9C, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B913637 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 9D, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 9E, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 9F, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 009B01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 009B03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3224] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 30, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 33, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 30, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 31, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B91572C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 32, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 31, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 32, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B91579D .text C:\Program Files\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 30, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B9158CB .text C:\Program Files\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 31, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 32, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 33, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00BF01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00BF03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3260] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, DC, FD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, DF, FD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, DC, FD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, DD, FD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B91D3D8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, DE, FD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, DD, FD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, DE, FD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B91D449 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, DC, FD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91D577 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, DD, FD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, DE, FD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, DF, FD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 013B01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 013B03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3608] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3608] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\wbem\unsecapp.exe[3636] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\wbem\unsecapp.exe[3636] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\wdfmgr.exe[3812] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\wdfmgr.exe[3812] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[3868] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[3868] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4044] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4044] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\notepad.exe[4268] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\notepad.exe[4268] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text G:\FRST.exe[4396] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text G:\FRST.exe[4396] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 78, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 7B, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 78, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 79, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B91A474 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 7A, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 79, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 7A, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B91A4E5 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 78, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91A613 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 79, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 7A, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 7B, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 010C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 010C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\notepad.exe[4788] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\notepad.exe[4788] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 18, 32, 00] {SUB [EAX], BL; XOR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 1B, 32, 00] {SUB [EBX], BL; XOR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 18, 32, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 19, 32, 00] {TEST AL, 0x19; XOR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B910814 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 1A, 32, 00] {TEST AL, 0x1a; XOR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 19, 32, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 1A, 32, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B910885 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 18, 32, 00] {TEST AL, 0x18; XOR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B9109B3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 19, 32, 00] {SUB [ECX], BL; XOR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 1A, 32, 00] {SUB [EDX], BL; XOR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 1B, 32, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 007E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 007E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5312] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 30, B5, 00] {SUB [EAX], DH; MOV CH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5312] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5312] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 33, B5, 00] {SUB [EBX], DH; MOV CH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5312] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5312] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 30, B5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5312] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5312] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 31, B5, 00] {TEST AL, 0x31; MOV CH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5312] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5312] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B918B2C .text C:\Program Files\Google\Chrome\Application\chrome.exe[5312] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5312] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 32, B5, 00] {TEST AL, 0x32; MOV CH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5312] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5312] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 31, B5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5312] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5312] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 32, B5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5312] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5312] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B918B9D .text C:\Program Files\Google\Chrome\Application\chrome.exe[5312] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5312] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 30, B5, 00] {TEST AL, 0x30; MOV CH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5312] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5312] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B918CCB .text C:\Program Files\Google\Chrome\Application\chrome.exe[5312] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5312] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 31, B5, 00] {SUB [ECX], DH; MOV CH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5312] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5312] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 32, B5, 00] {SUB [EDX], DH; MOV CH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5312] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5312] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 33, B5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5312] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5312] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00F301F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5312] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5312] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00F303FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5312] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\notepad.exe[5588] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\notepad.exe[5588] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, F8, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, FB, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, F8, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, F9, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B9183F4 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, FA, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, F9, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, FA, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B918465 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, F8, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B918593 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, F9, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, FA, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, FB, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00EB01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00EB03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text G:\0o5lvy5z.exe[5960] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text G:\0o5lvy5z.exe[5960] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, E4, D9, 00] {SUB AH, AH; FLD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, E7, D9, 00] {SUB BH, AH; FLD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, E4, D9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, E5, D9, 00] {TEST AL, 0xe5; FLD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B91AFE0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, E6, D9, 00] {TEST AL, 0xe6; FLD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, E5, D9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, E6, D9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B91B051 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, E4, D9, 00] {TEST AL, 0xe4; FLD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91B17F .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, E5, D9, 00] {SUB CH, AH; FLD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, E6, D9, 00] {SUB DH, AH; FLD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, E7, D9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 011701F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 011703FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[804] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[804] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 8676AB60 Device \FileSystem\Fastfat \FatCdrom 859BF328 AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys Device \Driver\Cdrom \Device\CdRom0 8640AAC0 Device \FileSystem\Rdbss \Device\FsWrap 85E10548 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 863C0F00 Device \Driver\atapi \Device\Ide\IdePort0 863C0F00 Device \Driver\atapi \Device\Ide\IdePort1 863C0F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e 863C0F00 Device \Driver\Cdrom \Device\CdRom1 8640AAC0 Device \Driver\USBSTOR \Device\00000078 86652818 Device \Driver\USBSTOR \Device\00000079 86652818 Device \FileSystem\Srv \Device\LanmanServer 85BE7D68 AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys Device \Driver\USBSTOR \Device\0000007a 86652818 Device \Driver\USBSTOR \Device\0000007b 86652818 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85EF6880 Device \FileSystem\MRxSmb \Device\LanmanRedirector 85EF6880 Device \FileSystem\Npfs \Device\NamedPipe 85F31468 Device \FileSystem\Msfs \Device\Mailslot 85F38468 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 8644FC18 Device \Driver\d347prt \Device\Scsi\d347prt1 8644FC18 Device \FileSystem\Fastfat \Fat 859BF328 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 861E3CE8 Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 861E3CE8 Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 861E3CE8 Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 861E3CE8 Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 861E3CE8 Device \FileSystem\Cdfs \Cdfs 867E80D8 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x863c0f00]<< 863c0f00 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86781ab8] 86781ab8 Trace 3 CLASSPNP.SYS[f7650fd7] -> nt!IofCallDriver -> \Device\00000063[0x8676b9e8] 8676b9e8 Trace 5 ACPI.sys[f74c0620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86761940] 86761940 Trace \Driver\atapi[0x86762b08] -> IRP_MJ_CREATE -> 0x863c0f00 863c0f00 ---- Modules - GMER 2.1 ---- Module _________ (FILE NOT FOUND) F7439000-F7451000 (98304 bytes) ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40 Reg HKLM\SOFTWARE\Classes\AvastPersistentStorage@InstupProgress_Description Przesy?anie pliku do analizy: C:\Documents and Settings\98\Ustawienia lokalne\Temp\tmp1371.tmp ---- EOF - GMER 2.1 ----