GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-09-05 15:41:55 Windows 6.1.7601 Service Pack 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500418AS rev.CC38 465,76GB Running: 8z3d2rev.exe; Driver: C:\Users\Grzesiek\AppData\Local\Temp\kxddrfow.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 83479A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 834B3212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92E3E000, 0x136CEC, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[304] ntdll.dll!NtCreateFile + 6 77A4560E 4 Bytes [28, 74, 87, 00] {SUB [EDI+EAX*4+0x0], DH} .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[304] ntdll.dll!NtCreateFile + B 77A45613 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[304] ntdll.dll!NtMapViewOfSection + 6 77A45C6E 4 Bytes [28, 77, 87, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[304] ntdll.dll!NtMapViewOfSection + B 77A45C73 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[304] ntdll.dll!NtOpenFile + 6 77A45D1E 4 Bytes [68, 74, 87, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[304] ntdll.dll!NtOpenFile + B 77A45D23 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[304] ntdll.dll!NtOpenProcess + 6 77A45DCE 4 Bytes [A8, 75, 87, 00] {TEST AL, 0x75; XCHG [EAX], EAX} .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[304] ntdll.dll!NtOpenProcess + B 77A45DD3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[304] ntdll.dll!NtOpenProcessToken + B 77A45DE3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[304] ntdll.dll!NtOpenProcessTokenEx + 6 77A45DEE 4 Bytes [A8, 76, 87, 00] {TEST AL, 0x76; XCHG [EAX], EAX} .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[304] ntdll.dll!NtOpenProcessTokenEx + B 77A45DF3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[304] ntdll.dll!NtOpenThread + 6 77A45E4E 4 Bytes [68, 75, 87, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[304] ntdll.dll!NtOpenThread + B 77A45E53 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[304] ntdll.dll!NtOpenThreadToken + 6 77A45E5E 4 Bytes [68, 76, 87, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[304] ntdll.dll!NtOpenThreadToken + B 77A45E63 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[304] ntdll.dll!NtOpenThreadTokenEx + B 77A45E73 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[304] ntdll.dll!NtQueryAttributesFile + 6 77A45F7E 4 Bytes [A8, 74, 87, 00] {TEST AL, 0x74; XCHG [EAX], EAX} .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[304] ntdll.dll!NtQueryAttributesFile + B 77A45F83 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[304] ntdll.dll!NtQueryFullAttributesFile + B 77A46033 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[304] ntdll.dll!NtSetInformationFile + 6 77A4667E 4 Bytes [28, 75, 87, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[304] ntdll.dll!NtSetInformationFile + B 77A46683 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[304] ntdll.dll!NtSetInformationThread + 6 77A466DE 4 Bytes [28, 76, 87, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[304] ntdll.dll!NtSetInformationThread + B 77A466E3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[304] ntdll.dll!NtUnmapViewOfSection + 6 77A469FE 4 Bytes [68, 77, 87, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[304] ntdll.dll!NtUnmapViewOfSection + B 77A46A03 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[980] ntdll.dll!NtCreateFile + 6 77A4560E 4 Bytes [28, 9C, FC, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[980] ntdll.dll!NtCreateFile + B 77A45613 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[980] ntdll.dll!NtMapViewOfSection + 6 77A45C6E 4 Bytes [28, 9F, FC, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[980] ntdll.dll!NtMapViewOfSection + B 77A45C73 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[980] ntdll.dll!NtOpenFile + 6 77A45D1E 4 Bytes [68, 9C, FC, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[980] ntdll.dll!NtOpenFile + B 77A45D23 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[980] ntdll.dll!NtOpenProcess + 6 77A45DCE 4 Bytes [A8, 9D, FC, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[980] ntdll.dll!NtOpenProcess + B 77A45DD3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[980] ntdll.dll!NtOpenProcessToken + B 77A45DE3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[980] ntdll.dll!NtOpenProcessTokenEx + 6 77A45DEE 4 Bytes [A8, 9E, FC, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[980] ntdll.dll!NtOpenProcessTokenEx + B 77A45DF3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[980] ntdll.dll!NtOpenThread + 6 77A45E4E 4 Bytes [68, 9D, FC, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[980] ntdll.dll!NtOpenThread + B 77A45E53 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[980] ntdll.dll!NtOpenThreadToken + 6 77A45E5E 4 Bytes [68, 9E, FC, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[980] ntdll.dll!NtOpenThreadToken + B 77A45E63 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[980] ntdll.dll!NtOpenThreadTokenEx + B 77A45E73 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[980] ntdll.dll!NtQueryAttributesFile + 6 77A45F7E 4 Bytes [A8, 9C, FC, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[980] ntdll.dll!NtQueryAttributesFile + B 77A45F83 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[980] ntdll.dll!NtQueryFullAttributesFile + B 77A46033 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[980] ntdll.dll!NtSetInformationFile + 6 77A4667E 4 Bytes [28, 9D, FC, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[980] ntdll.dll!NtSetInformationFile + B 77A46683 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[980] ntdll.dll!NtSetInformationThread + 6 77A466DE 4 Bytes [28, 9E, FC, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[980] ntdll.dll!NtSetInformationThread + B 77A466E3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[980] ntdll.dll!NtUnmapViewOfSection + 6 77A469FE 4 Bytes [68, 9F, FC, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[980] ntdll.dll!NtUnmapViewOfSection + B 77A46A03 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtCreateFile + 6 77A4560E 4 Bytes [28, 80, B3, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtCreateFile + B 77A45613 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtMapViewOfSection + 6 77A45C6E 4 Bytes [28, 83, B3, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtMapViewOfSection + B 77A45C73 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtOpenFile + 6 77A45D1E 4 Bytes [68, 80, B3, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtOpenFile + B 77A45D23 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtOpenProcess + 6 77A45DCE 4 Bytes [A8, 81, B3, 00] {TEST AL, 0x81; MOV BL, 0x0} .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtOpenProcess + B 77A45DD3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtOpenProcessToken + B 77A45DE3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtOpenProcessTokenEx + 6 77A45DEE 4 Bytes [A8, 82, B3, 00] {TEST AL, 0x82; MOV BL, 0x0} .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtOpenProcessTokenEx + B 77A45DF3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtOpenThread + 6 77A45E4E 4 Bytes [68, 81, B3, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtOpenThread + B 77A45E53 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtOpenThreadToken + 6 77A45E5E 4 Bytes [68, 82, B3, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtOpenThreadToken + B 77A45E63 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtOpenThreadTokenEx + B 77A45E73 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtQueryAttributesFile + 6 77A45F7E 4 Bytes [A8, 80, B3, 00] {TEST AL, 0x80; MOV BL, 0x0} .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtQueryAttributesFile + B 77A45F83 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtQueryFullAttributesFile + B 77A46033 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtSetInformationFile + 6 77A4667E 4 Bytes [28, 81, B3, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtSetInformationFile + B 77A46683 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtSetInformationThread + 6 77A466DE 4 Bytes [28, 82, B3, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtSetInformationThread + B 77A466E3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtUnmapViewOfSection + 6 77A469FE 4 Bytes [68, 83, B3, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtUnmapViewOfSection + B 77A46A03 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3128] ntdll.dll!NtMapViewOfSection + 6 77A45C6E 4 Bytes [18, 10, D6, 72] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3128] ntdll.dll!NtMapViewOfSection + B 77A45C73 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtCreateFile + 6 77A4560E 4 Bytes [28, 20, DF, 00] {SUB [EAX], AH; FILD WORD [EAX]} .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtCreateFile + B 77A45613 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtMapViewOfSection + 6 77A45C6E 4 Bytes [28, 23, DF, 00] {SUB [EBX], AH; FILD WORD [EAX]} .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtMapViewOfSection + B 77A45C73 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenFile + 6 77A45D1E 4 Bytes [68, 20, DF, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenFile + B 77A45D23 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenProcess + 6 77A45DCE 4 Bytes [A8, 21, DF, 00] {TEST AL, 0x21; FILD WORD [EAX]} .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenProcess + B 77A45DD3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenProcessToken + B 77A45DE3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenProcessTokenEx + 6 77A45DEE 4 Bytes [A8, 22, DF, 00] {TEST AL, 0x22; FILD WORD [EAX]} .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenProcessTokenEx + B 77A45DF3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenThread + 6 77A45E4E 4 Bytes [68, 21, DF, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenThread + B 77A45E53 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenThreadToken + 6 77A45E5E 4 Bytes [68, 22, DF, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenThreadToken + B 77A45E63 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenThreadTokenEx + B 77A45E73 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtQueryAttributesFile + 6 77A45F7E 4 Bytes [A8, 20, DF, 00] {TEST AL, 0x20; FILD WORD [EAX]} .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtQueryAttributesFile + B 77A45F83 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtQueryFullAttributesFile + B 77A46033 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtSetInformationFile + 6 77A4667E 4 Bytes [28, 21, DF, 00] {SUB [ECX], AH; FILD WORD [EAX]} .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtSetInformationFile + B 77A46683 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtSetInformationThread + 6 77A466DE 4 Bytes [28, 22, DF, 00] {SUB [EDX], AH; FILD WORD [EAX]} .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtSetInformationThread + B 77A466E3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtUnmapViewOfSection + 6 77A469FE 4 Bytes [68, 23, DF, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtUnmapViewOfSection + B 77A46A03 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtCreateFile + 6 77A4560E 4 Bytes [28, DC, 80, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtCreateFile + B 77A45613 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtMapViewOfSection + 6 77A45C6E 4 Bytes [28, DF, 80, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtMapViewOfSection + B 77A45C73 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtOpenFile + 6 77A45D1E 4 Bytes [68, DC, 80, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtOpenFile + B 77A45D23 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtOpenProcess + 6 77A45DCE 4 Bytes [A8, DD, 80, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtOpenProcess + B 77A45DD3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtOpenProcessToken + B 77A45DE3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtOpenProcessTokenEx + 6 77A45DEE 4 Bytes [A8, DE, 80, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtOpenProcessTokenEx + B 77A45DF3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtOpenThread + 6 77A45E4E 4 Bytes [68, DD, 80, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtOpenThread + B 77A45E53 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtOpenThreadToken + 6 77A45E5E 4 Bytes [68, DE, 80, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtOpenThreadToken + B 77A45E63 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtOpenThreadTokenEx + B 77A45E73 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtQueryAttributesFile + 6 77A45F7E 4 Bytes [A8, DC, 80, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtQueryAttributesFile + B 77A45F83 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtQueryFullAttributesFile + B 77A46033 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtSetInformationFile + 6 77A4667E 4 Bytes [28, DD, 80, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtSetInformationFile + B 77A46683 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtSetInformationThread + 6 77A466DE 4 Bytes [28, DE, 80, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtSetInformationThread + B 77A466E3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtUnmapViewOfSection + 6 77A469FE 4 Bytes [68, DF, 80, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtUnmapViewOfSection + B 77A46A03 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4164] ntdll.dll!NtCreateFile + 6 77A4560E 4 Bytes [28, 14, 39, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4164] ntdll.dll!NtCreateFile + B 77A45613 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4164] ntdll.dll!NtMapViewOfSection + 6 77A45C6E 4 Bytes [28, 17, 39, 00] {SUB [EDI], DL; CMP [EAX], EAX} .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4164] ntdll.dll!NtMapViewOfSection + B 77A45C73 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4164] ntdll.dll!NtOpenFile + 6 77A45D1E 4 Bytes [68, 14, 39, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4164] ntdll.dll!NtOpenFile + B 77A45D23 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4164] ntdll.dll!NtOpenProcess + 6 77A45DCE 4 Bytes [A8, 15, 39, 00] {TEST AL, 0x15; CMP [EAX], EAX} .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4164] ntdll.dll!NtOpenProcess + B 77A45DD3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4164] ntdll.dll!NtOpenProcessToken + B 77A45DE3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4164] ntdll.dll!NtOpenProcessTokenEx + 6 77A45DEE 4 Bytes [A8, 16, 39, 00] {TEST AL, 0x16; CMP [EAX], EAX} .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4164] ntdll.dll!NtOpenProcessTokenEx + B 77A45DF3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4164] ntdll.dll!NtOpenThread + 6 77A45E4E 4 Bytes [68, 15, 39, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4164] ntdll.dll!NtOpenThread + B 77A45E53 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4164] ntdll.dll!NtOpenThreadToken + 6 77A45E5E 4 Bytes [68, 16, 39, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4164] ntdll.dll!NtOpenThreadToken + B 77A45E63 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4164] ntdll.dll!NtOpenThreadTokenEx + B 77A45E73 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4164] ntdll.dll!NtQueryAttributesFile + 6 77A45F7E 4 Bytes [A8, 14, 39, 00] {TEST AL, 0x14; CMP [EAX], EAX} .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4164] ntdll.dll!NtQueryAttributesFile + B 77A45F83 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4164] ntdll.dll!NtQueryFullAttributesFile + B 77A46033 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4164] ntdll.dll!NtSetInformationFile + 6 77A4667E 4 Bytes [28, 15, 39, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4164] ntdll.dll!NtSetInformationFile + B 77A46683 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4164] ntdll.dll!NtSetInformationThread + 6 77A466DE 4 Bytes [28, 16, 39, 00] {SUB [ESI], DL; CMP [EAX], EAX} .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4164] ntdll.dll!NtSetInformationThread + B 77A466E3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4164] ntdll.dll!NtUnmapViewOfSection + 6 77A469FE 4 Bytes [68, 17, 39, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4164] ntdll.dll!NtUnmapViewOfSection + B 77A46A03 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtCreateFile + 6 77A4560E 4 Bytes [28, C8, D8, 00] {SUB AL, CL; FADD DWORD [EAX]} .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtCreateFile + B 77A45613 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtMapViewOfSection + 6 77A45C6E 4 Bytes [28, CB, D8, 00] {SUB BL, CL; FADD DWORD [EAX]} .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtMapViewOfSection + B 77A45C73 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenFile + 6 77A45D1E 4 Bytes [68, C8, D8, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenFile + B 77A45D23 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenProcess + 6 77A45DCE 4 Bytes [A8, C9, D8, 00] {TEST AL, 0xc9; FADD DWORD [EAX]} .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenProcess + B 77A45DD3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenProcessToken + B 77A45DE3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenProcessTokenEx + 6 77A45DEE 4 Bytes [A8, CA, D8, 00] {TEST AL, 0xca; FADD DWORD [EAX]} .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenProcessTokenEx + B 77A45DF3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenThread + 6 77A45E4E 4 Bytes [68, C9, D8, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenThread + B 77A45E53 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenThreadToken + 6 77A45E5E 4 Bytes [68, CA, D8, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenThreadToken + B 77A45E63 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenThreadTokenEx + B 77A45E73 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtQueryAttributesFile + 6 77A45F7E 4 Bytes [A8, C8, D8, 00] {TEST AL, 0xc8; FADD DWORD [EAX]} .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtQueryAttributesFile + B 77A45F83 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtQueryFullAttributesFile + B 77A46033 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtSetInformationFile + 6 77A4667E 4 Bytes [28, C9, D8, 00] {SUB CL, CL; FADD DWORD [EAX]} .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtSetInformationFile + B 77A46683 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtSetInformationThread + 6 77A466DE 4 Bytes [28, CA, D8, 00] {SUB DL, CL; FADD DWORD [EAX]} .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtSetInformationThread + B 77A466E3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtUnmapViewOfSection + 6 77A469FE 4 Bytes [68, CB, D8, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtUnmapViewOfSection + B 77A46A03 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtCreateFile + 6 77A4560E 4 Bytes [28, 40, 51, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtCreateFile + B 77A45613 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtMapViewOfSection + 6 77A45C6E 4 Bytes [28, 43, 51, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtMapViewOfSection + B 77A45C73 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenFile + 6 77A45D1E 4 Bytes [68, 40, 51, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenFile + B 77A45D23 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenProcess + 6 77A45DCE 4 Bytes [A8, 41, 51, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenProcess + B 77A45DD3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenProcessToken + B 77A45DE3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenProcessTokenEx + 6 77A45DEE 4 Bytes [A8, 42, 51, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenProcessTokenEx + B 77A45DF3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenThread + 6 77A45E4E 4 Bytes [68, 41, 51, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenThread + B 77A45E53 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenThreadToken + 6 77A45E5E 4 Bytes [68, 42, 51, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenThreadToken + B 77A45E63 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenThreadTokenEx + B 77A45E73 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtQueryAttributesFile + 6 77A45F7E 4 Bytes [A8, 40, 51, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtQueryAttributesFile + B 77A45F83 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtQueryFullAttributesFile + B 77A46033 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtSetInformationFile + 6 77A4667E 4 Bytes [28, 41, 51, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtSetInformationFile + B 77A46683 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtSetInformationThread + 6 77A466DE 4 Bytes [28, 42, 51, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtSetInformationThread + B 77A466E3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtUnmapViewOfSection + 6 77A469FE 4 Bytes [68, 43, 51, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtUnmapViewOfSection + B 77A46A03 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtCreateFile + 6 77A4560E 4 Bytes [28, 28, 1A, 00] {SUB [EAX], CH; SBB AL, [EAX]} .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtCreateFile + B 77A45613 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtMapViewOfSection + 6 77A45C6E 4 Bytes [28, 2B, 1A, 00] {SUB [EBX], CH; SBB AL, [EAX]} .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtMapViewOfSection + B 77A45C73 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenFile + 6 77A45D1E 4 Bytes [68, 28, 1A, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenFile + B 77A45D23 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenProcess + 6 77A45DCE 4 Bytes [A8, 29, 1A, 00] {TEST AL, 0x29; SBB AL, [EAX]} .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenProcess + B 77A45DD3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenProcessToken + B 77A45DE3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenProcessTokenEx + 6 77A45DEE 4 Bytes [A8, 2A, 1A, 00] {TEST AL, 0x2a; SBB AL, [EAX]} .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenProcessTokenEx + B 77A45DF3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenThread + 6 77A45E4E 4 Bytes [68, 29, 1A, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenThread + B 77A45E53 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenThreadToken + 6 77A45E5E 4 Bytes [68, 2A, 1A, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenThreadToken + B 77A45E63 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenThreadTokenEx + B 77A45E73 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtQueryAttributesFile + 6 77A45F7E 4 Bytes [A8, 28, 1A, 00] {TEST AL, 0x28; SBB AL, [EAX]} .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtQueryAttributesFile + B 77A45F83 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtQueryFullAttributesFile + B 77A46033 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtSetInformationFile + 6 77A4667E 4 Bytes [28, 29, 1A, 00] {SUB [ECX], CH; SBB AL, [EAX]} .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtSetInformationFile + B 77A46683 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtSetInformationThread + 6 77A466DE 4 Bytes [28, 2A, 1A, 00] {SUB [EDX], CH; SBB AL, [EAX]} .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtSetInformationThread + B 77A466E3 1 Byte [E2] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtUnmapViewOfSection + 6 77A469FE 4 Bytes [68, 2B, 1A, 00] .text C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtUnmapViewOfSection + B 77A46A03 1 Byte [E2] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [742C24CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [742A562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [742A56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [742C2546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [742B85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [742B4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [742B5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [742B51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [742B6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [742B8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [742B8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [742B90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [742BE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [742B4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS >>UNKNOWN [0x86f92769]<< 86f92769 Trace 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8663ba58] 8663ba58 Trace 3 CLASSPNP.SYS[895b459e] -> nt!IofCallDriver -> [0x8654ef08] 8654ef08 Trace 5 ACPI.sys[8409e3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x858d4610] 858d4610 ---- Threads - GMER 2.1 ---- Thread System [4:792] 871B90F4 ---- Processes - GMER 2.1 ---- Process ukryty proces (*** hidden *** ) 3864 Process cmd.exe (*** hidden *** ) 5924 ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Vbox\Licenses\CorelDRAW\xae Graphics Suite_11_D639.lic 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Vbox\Licenses\CorelDRAW\xae Graphics Suite_11_D639.prf 2 ---- EOF - GMER 2.1 ----