GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-10-16 12:31:37 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKS-22V1A0 rev.05.01D05 Running: d5v8h8g8.exe; Driver: C:\Users\x\AppData\Local\Temp\fxdoruoc.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13D1 82E8A349 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EC3D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text sptd.sys 88C0A001 31 Bytes [87, E1, 82, 34, 22, E2, 82, ...] .text sptd.sys 88C0A024 34 Bytes [37, 87, EE, 82, 05, C0, F6, ...] .text sptd.sys 88C0A047 69 Bytes [83, 97, 35, E8, 82, 2A, 35, ...] .text sptd.sys 88C0A08D 9 Bytes [85, E8, 82, 15, 35, E8, 82, ...] {TEST EAX, EBP; ADC BYTE [0x2482e835], -0x1d} .text sptd.sys 88C0A097 81 Bytes [83, B4, 68, EC, 82, 60, 53, ...] .text ... .sptd2 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x88CB49E3] ? C:\Windows\System32\Drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .text USBPORT.SYS!DllUnload 91578DB9 5 Bytes JMP 86145410 .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA117A300, 0x3B6D8, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA11BD300, 0x1BEE, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtCreateFile + 6 773A55CE 4 Bytes [28, 00, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtCreateFile + B 773A55D3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtMapViewOfSection + 6 773A5C2E 1 Byte [28] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtMapViewOfSection + 6 773A5C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtMapViewOfSection + B 773A5C33 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenFile + 6 773A5CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenFile + B 773A5CE3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenProcess + 6 773A5D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenProcess + B 773A5D93 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenProcessToken + 6 773A5D9E 4 Bytes CALL 763A64A4 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenProcessToken + B 773A5DA3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenProcessTokenEx + 6 773A5DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenProcessTokenEx + B 773A5DB3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenThread + 6 773A5E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenThread + B 773A5E13 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenThreadToken + 6 773A5E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenThreadToken + B 773A5E23 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenThreadTokenEx + 6 773A5E2E 4 Bytes CALL 763A6535 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenThreadTokenEx + B 773A5E33 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtQueryAttributesFile + 6 773A5F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtQueryAttributesFile + B 773A5F43 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtQueryFullAttributesFile + 6 773A5FEE 4 Bytes CALL 763A66F3 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtQueryFullAttributesFile + B 773A5FF3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtSetInformationFile + 6 773A663E 4 Bytes [28, 01, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtSetInformationFile + B 773A6643 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtSetInformationThread + 6 773A669E 4 Bytes [28, 02, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtSetInformationThread + B 773A66A3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtUnmapViewOfSection + 6 773A69BE 1 Byte [68] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtUnmapViewOfSection + 6 773A69BE 4 Bytes [68, 03, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtUnmapViewOfSection + B 773A69C3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtCreateFile + 6 773A55CE 4 Bytes [28, 00, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtCreateFile + B 773A55D3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtMapViewOfSection + 6 773A5C2E 1 Byte [28] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtMapViewOfSection + 6 773A5C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtMapViewOfSection + B 773A5C33 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtOpenFile + 6 773A5CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtOpenFile + B 773A5CE3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtOpenProcess + 6 773A5D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtOpenProcess + B 773A5D93 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtOpenProcessToken + 6 773A5D9E 4 Bytes CALL 763A64A4 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtOpenProcessToken + B 773A5DA3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtOpenProcessTokenEx + 6 773A5DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtOpenProcessTokenEx + B 773A5DB3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtOpenThread + 6 773A5E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtOpenThread + B 773A5E13 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtOpenThreadToken + 6 773A5E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtOpenThreadToken + B 773A5E23 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtOpenThreadTokenEx + 6 773A5E2E 4 Bytes CALL 763A6535 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtOpenThreadTokenEx + B 773A5E33 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtQueryAttributesFile + 6 773A5F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtQueryAttributesFile + B 773A5F43 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtQueryFullAttributesFile + 6 773A5FEE 4 Bytes CALL 763A66F3 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtQueryFullAttributesFile + B 773A5FF3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtSetInformationFile + 6 773A663E 4 Bytes [28, 01, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtSetInformationFile + B 773A6643 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtSetInformationThread + 6 773A669E 4 Bytes [28, 02, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtSetInformationThread + B 773A66A3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtUnmapViewOfSection + 6 773A69BE 1 Byte [68] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtUnmapViewOfSection + 6 773A69BE 4 Bytes [68, 03, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtUnmapViewOfSection + B 773A69C3 1 Byte [E2] .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[2272] kernel32.dll!SetUnhandledExceptionFilter 766DF4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtCreateFile + 6 773A55CE 4 Bytes [28, 00, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtCreateFile + B 773A55D3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtMapViewOfSection + 6 773A5C2E 1 Byte [28] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtMapViewOfSection + 6 773A5C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtMapViewOfSection + B 773A5C33 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenFile + 6 773A5CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenFile + B 773A5CE3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenProcess + 6 773A5D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenProcess + B 773A5D93 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenProcessToken + 6 773A5D9E 4 Bytes CALL 763A64A4 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenProcessToken + B 773A5DA3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenProcessTokenEx + 6 773A5DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenProcessTokenEx + B 773A5DB3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenThread + 6 773A5E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenThread + B 773A5E13 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenThreadToken + 6 773A5E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenThreadToken + B 773A5E23 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenThreadTokenEx + 6 773A5E2E 4 Bytes CALL 763A6535 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenThreadTokenEx + B 773A5E33 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtQueryAttributesFile + 6 773A5F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtQueryAttributesFile + B 773A5F43 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtQueryFullAttributesFile + 6 773A5FEE 4 Bytes CALL 763A66F3 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtQueryFullAttributesFile + B 773A5FF3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtSetInformationFile + 6 773A663E 4 Bytes [28, 01, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtSetInformationFile + B 773A6643 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtSetInformationThread + 6 773A669E 4 Bytes [28, 02, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtSetInformationThread + B 773A66A3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtUnmapViewOfSection + 6 773A69BE 1 Byte [68] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtUnmapViewOfSection + 6 773A69BE 4 Bytes [68, 03, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtUnmapViewOfSection + B 773A69C3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtCreateFile + 6 773A55CE 4 Bytes [28, 00, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtCreateFile + B 773A55D3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtMapViewOfSection + 6 773A5C2E 1 Byte [28] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtMapViewOfSection + 6 773A5C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtMapViewOfSection + B 773A5C33 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenFile + 6 773A5CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenFile + B 773A5CE3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenProcess + 6 773A5D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenProcess + B 773A5D93 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenProcessToken + 6 773A5D9E 4 Bytes CALL 763A64A4 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenProcessToken + B 773A5DA3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenProcessTokenEx + 6 773A5DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenProcessTokenEx + B 773A5DB3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenThread + 6 773A5E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenThread + B 773A5E13 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenThreadToken + 6 773A5E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenThreadToken + B 773A5E23 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenThreadTokenEx + 6 773A5E2E 4 Bytes CALL 763A6535 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenThreadTokenEx + B 773A5E33 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtQueryAttributesFile + 6 773A5F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtQueryAttributesFile + B 773A5F43 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtQueryFullAttributesFile + 6 773A5FEE 4 Bytes CALL 763A66F3 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtQueryFullAttributesFile + B 773A5FF3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtSetInformationFile + 6 773A663E 4 Bytes [28, 01, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtSetInformationFile + B 773A6643 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtSetInformationThread + 6 773A669E 4 Bytes [28, 02, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtSetInformationThread + B 773A66A3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtUnmapViewOfSection + 6 773A69BE 1 Byte [68] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtUnmapViewOfSection + 6 773A69BE 4 Bytes [68, 03, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtUnmapViewOfSection + B 773A69C3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtCreateFile + 6 773A55CE 4 Bytes [28, 00, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtCreateFile + B 773A55D3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtMapViewOfSection + 6 773A5C2E 1 Byte [28] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtMapViewOfSection + 6 773A5C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtMapViewOfSection + B 773A5C33 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenFile + 6 773A5CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenFile + B 773A5CE3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenProcess + 6 773A5D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenProcess + B 773A5D93 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenProcessToken + 6 773A5D9E 4 Bytes CALL 763A64A4 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenProcessToken + B 773A5DA3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenProcessTokenEx + 6 773A5DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenProcessTokenEx + B 773A5DB3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenThread + 6 773A5E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenThread + B 773A5E13 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenThreadToken + 6 773A5E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenThreadToken + B 773A5E23 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenThreadTokenEx + 6 773A5E2E 4 Bytes CALL 763A6535 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenThreadTokenEx + B 773A5E33 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtQueryAttributesFile + 6 773A5F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtQueryAttributesFile + B 773A5F43 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtQueryFullAttributesFile + 6 773A5FEE 4 Bytes CALL 763A66F3 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtQueryFullAttributesFile + B 773A5FF3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtSetInformationFile + 6 773A663E 4 Bytes [28, 01, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtSetInformationFile + B 773A6643 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtSetInformationThread + 6 773A669E 4 Bytes [28, 02, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtSetInformationThread + B 773A66A3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtUnmapViewOfSection + 6 773A69BE 1 Byte [68] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtUnmapViewOfSection + 6 773A69BE 4 Bytes [68, 03, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtUnmapViewOfSection + B 773A69C3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtCreateFile + 6 773A55CE 4 Bytes [28, 00, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtCreateFile + B 773A55D3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtMapViewOfSection + 6 773A5C2E 1 Byte [28] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtMapViewOfSection + 6 773A5C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtMapViewOfSection + B 773A5C33 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenFile + 6 773A5CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenFile + B 773A5CE3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenProcess + 6 773A5D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenProcess + B 773A5D93 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenProcessToken + 6 773A5D9E 4 Bytes CALL 763A64A4 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenProcessToken + B 773A5DA3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenProcessTokenEx + 6 773A5DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenProcessTokenEx + B 773A5DB3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenThread + 6 773A5E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenThread + B 773A5E13 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenThreadToken + 6 773A5E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenThreadToken + B 773A5E23 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenThreadTokenEx + 6 773A5E2E 4 Bytes CALL 763A6535 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenThreadTokenEx + B 773A5E33 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtQueryAttributesFile + 6 773A5F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtQueryAttributesFile + B 773A5F43 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtQueryFullAttributesFile + 6 773A5FEE 4 Bytes CALL 763A66F3 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtQueryFullAttributesFile + B 773A5FF3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtSetInformationFile + 6 773A663E 4 Bytes [28, 01, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtSetInformationFile + B 773A6643 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtSetInformationThread + 6 773A669E 4 Bytes [28, 02, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtSetInformationThread + B 773A66A3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtUnmapViewOfSection + 6 773A69BE 1 Byte [68] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtUnmapViewOfSection + 6 773A69BE 4 Bytes [68, 03, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtUnmapViewOfSection + B 773A69C3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtCreateFile + 6 773A55CE 4 Bytes [28, 00, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtCreateFile + B 773A55D3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtMapViewOfSection + 6 773A5C2E 1 Byte [28] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtMapViewOfSection + 6 773A5C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtMapViewOfSection + B 773A5C33 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenFile + 6 773A5CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenFile + B 773A5CE3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenProcess + 6 773A5D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenProcess + B 773A5D93 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenProcessToken + 6 773A5D9E 4 Bytes CALL 763A64A4 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenProcessToken + B 773A5DA3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenProcessTokenEx + 6 773A5DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenProcessTokenEx + B 773A5DB3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenThread + 6 773A5E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenThread + B 773A5E13 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenThreadToken + 6 773A5E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenThreadToken + B 773A5E23 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenThreadTokenEx + 6 773A5E2E 4 Bytes CALL 763A6535 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenThreadTokenEx + B 773A5E33 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtQueryAttributesFile + 6 773A5F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtQueryAttributesFile + B 773A5F43 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtQueryFullAttributesFile + 6 773A5FEE 4 Bytes CALL 763A66F3 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtQueryFullAttributesFile + B 773A5FF3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtSetInformationFile + 6 773A663E 4 Bytes [28, 01, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtSetInformationFile + B 773A6643 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtSetInformationThread + 6 773A669E 4 Bytes [28, 02, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtSetInformationThread + B 773A66A3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtUnmapViewOfSection + 6 773A69BE 1 Byte [68] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtUnmapViewOfSection + 6 773A69BE 4 Bytes [68, 03, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtUnmapViewOfSection + B 773A69C3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtCreateFile + 6 773A55CE 4 Bytes [28, 00, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtCreateFile + B 773A55D3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtMapViewOfSection + 6 773A5C2E 1 Byte [28] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtMapViewOfSection + 6 773A5C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtMapViewOfSection + B 773A5C33 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenFile + 6 773A5CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenFile + B 773A5CE3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenProcess + 6 773A5D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenProcess + B 773A5D93 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenProcessToken + 6 773A5D9E 4 Bytes CALL 763A64A4 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenProcessToken + B 773A5DA3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenProcessTokenEx + 6 773A5DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenProcessTokenEx + B 773A5DB3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenThread + 6 773A5E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenThread + B 773A5E13 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenThreadToken + 6 773A5E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenThreadToken + B 773A5E23 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenThreadTokenEx + 6 773A5E2E 4 Bytes CALL 763A6535 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenThreadTokenEx + B 773A5E33 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtQueryAttributesFile + 6 773A5F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtQueryAttributesFile + B 773A5F43 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtQueryFullAttributesFile + 6 773A5FEE 4 Bytes CALL 763A66F3 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtQueryFullAttributesFile + B 773A5FF3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtSetInformationFile + 6 773A663E 4 Bytes [28, 01, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtSetInformationFile + B 773A6643 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtSetInformationThread + 6 773A669E 4 Bytes [28, 02, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtSetInformationThread + B 773A66A3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtUnmapViewOfSection + 6 773A69BE 1 Byte [68] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtUnmapViewOfSection + 6 773A69BE 4 Bytes [68, 03, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtUnmapViewOfSection + B 773A69C3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtCreateFile + 6 773A55CE 4 Bytes [28, 00, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtCreateFile + B 773A55D3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtMapViewOfSection + 6 773A5C2E 1 Byte [28] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtMapViewOfSection + 6 773A5C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtMapViewOfSection + B 773A5C33 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtOpenFile + 6 773A5CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtOpenFile + B 773A5CE3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtOpenProcess + 6 773A5D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtOpenProcess + B 773A5D93 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtOpenProcessToken + 6 773A5D9E 4 Bytes CALL 763A64A4 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtOpenProcessToken + B 773A5DA3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtOpenProcessTokenEx + 6 773A5DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtOpenProcessTokenEx + B 773A5DB3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtOpenThread + 6 773A5E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtOpenThread + B 773A5E13 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtOpenThreadToken + 6 773A5E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtOpenThreadToken + B 773A5E23 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtOpenThreadTokenEx + 6 773A5E2E 4 Bytes CALL 763A6535 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtOpenThreadTokenEx + B 773A5E33 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtQueryAttributesFile + 6 773A5F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtQueryAttributesFile + B 773A5F43 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtQueryFullAttributesFile + 6 773A5FEE 4 Bytes CALL 763A66F3 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtQueryFullAttributesFile + B 773A5FF3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtSetInformationFile + 6 773A663E 4 Bytes [28, 01, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtSetInformationFile + B 773A6643 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtSetInformationThread + 6 773A669E 4 Bytes [28, 02, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtSetInformationThread + B 773A66A3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtUnmapViewOfSection + 6 773A69BE 1 Byte [68] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtUnmapViewOfSection + 6 773A69BE 4 Bytes [68, 03, 07, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtUnmapViewOfSection + B 773A69C3 1 Byte [E2] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [88C0B70C] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [88C0BEEE] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [88C0C20E] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [88C0C0CC] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [88C0B8F0] \SystemRoot\System32\Drivers\sptd.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1920] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [717D2437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1920] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [717B5600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1920] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [717B56BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1920] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [717D24B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1920] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [717C8514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1920] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [717C4CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1920] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [717C506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1920] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [717C5144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1920] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [717C6671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1920] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [717C826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1920] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [717C87BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1920] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [717C901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1920] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [717CE1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1920] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [717C4BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[2616] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [753EFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[2616] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [753EFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[2616] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [753EFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[2616] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [753EFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[2616] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [753EFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[2616] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [753EFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 84C601E8 Device \FileSystem\fastfat \FatCdrom 870801E8 Device \Driver\usbohci \Device\USBPDO-0 8611F1E8 Device \Driver\usbohci \Device\USBPDO-1 8611F1E8 Device \Driver\usbehci \Device\USBPDO-2 861201E8 Device \Driver\ACPI_HAL \Device\00000046 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) Device \Driver\usbohci \Device\USBPDO-3 8611F1E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{833A79E9-FD03-4E84-B84D-A78866F6272C} 860CC430 Device \Driver\usbohci \Device\USBPDO-4 8611F1E8 Device \Driver\usbehci \Device\USBPDO-5 861201E8 Device \Driver\usbohci \Device\USBPDO-6 8611F1E8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\NetBT \Device\NetBT_Tcpip_{99F25937-20F4-4A25-B8F7-7FB51A28381D} 860CC430 Device \Driver\cdrom \Device\CdRom0 860AF1E8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84C5E1E8 Device \Driver\atapi \Device\Ide\IdePort0 84C5E1E8 Device \Driver\atapi \Device\Ide\IdePort1 84C5E1E8 Device \Driver\atapi \Device\Ide\IdePort2 84C5E1E8 Device \Driver\atapi \Device\Ide\IdePort3 84C5E1E8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 84C5E1E8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom1 860AF1E8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\USBSTOR \Device\00000068 85F551E8 Device \Driver\USBSTOR \Device\00000069 85F551E8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\NetBT \Device\NetBt_Wins_Export 860CC430 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl 85AC61E8 Device \Driver\PCI_PNP8708 \Device\0000004e sptd.sys Device \Driver\dtsoftbus01 \Device\0000005d 85AC61E8 Device \Driver\USBSTOR \Device\0000006a 85F551E8 Device \Driver\USBSTOR \Device\0000006b 85F551E8 Device \Driver\USBSTOR \Device\0000006c 85F551E8 Device \Driver\usbohci \Device\USBFDO-0 8611F1E8 Device \Driver\usbohci \Device\USBFDO-1 8611F1E8 Device \Driver\usbehci \Device\USBFDO-2 861201E8 Device \Driver\usbohci \Device\USBFDO-3 8611F1E8 Device \Driver\usbohci \Device\USBFDO-4 8611F1E8 Device \Driver\usbehci \Device\USBFDO-5 861201E8 Device \Driver\usbohci \Device\USBFDO-6 8611F1E8 Device \Driver\a6uuoq03 \Device\Scsi\a6uuoq031 8627E1E8 Device \FileSystem\fastfat \Fat 870801E8 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x91 0x17 0x35 0xE8 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9E 0x46 0xE8 0x04 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDC 0x5B 0xCF 0x3B ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBC 0x2B 0xF9 0xC4 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x91 0x17 0x35 0xE8 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9E 0x46 0xE8 0x04 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDC 0x5B 0xCF 0x3B ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBC 0x2B 0xF9 0xC4 ... ---- Files - GMER 1.0.15 ---- File C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Cache\f_007d87 505531 bytes File C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Cache\f_007d88 525648 bytes File C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal 0 bytes ---- EOF - GMER 1.0.15 ----