GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-01-24 00:31:30 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000061 WDC_WD32 rev.01.0 Running: sf7ld4oc.exe; Driver: C:\Users\SZKOA~1\AppData\Local\Temp\fxldypog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x89344BD0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x8934652C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x89346782] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x893469FC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x89345450] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x89345B32] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x89345F3C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x893455F8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x89345E14] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x893447D6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x89345CD0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x89344992] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x8934606E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0x89347CB0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x893450EE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x893451EE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x89345D72] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x893476A2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x89348672] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x89345752] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x89347734] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x89347D64] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x89345FDE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x893454D2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x89345EAC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x89344DD6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x89347CDA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x89346110] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x89344CFA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x89346C3E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x8934807C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x893479CA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x8934649A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x89346360] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x89347442] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x89348554] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x8934586C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x8934530C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x89346CF2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x8934782E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x893481BC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x893482A0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x893483C8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x893475CE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x89344F4E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x89344EA4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x89347F32] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x8934502E] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13D1 8348C369 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 834C5D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 834CCD8C 4 Bytes [D0, 4B, 34, 89] .text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 834CCDB4 4 Bytes [2C, 65, 34, 89] {SUB AL, 0x65; XOR AL, 0x89} .text ntkrnlpa.exe!KeRemoveQueueEx + 1104 834CCDB9 3 Bytes [67, 34, 89] .text ntkrnlpa.exe!KeRemoveQueueEx + 1143 834CCDF8 4 Bytes [FC, 69, 34, 89] .text ntkrnlpa.exe!KeRemoveQueueEx + 116F 834CCE24 4 Bytes [50, 54, 34, 89] {PUSH EAX; PUSH ESP; XOR AL, 0x89} .text ... .text sptd.sys 88A26000 8 Bytes [34, 42, 42, 83, A0, A7, 41, ...] .text sptd.sys 88A26009 12 Bytes [A7, 41, 83, 48, CB, 41, 83, ...] .text sptd.sys 88A26016 10 Bytes [43, 83, EE, C6, 41, 83, 44, ...] {INC EBX; SUB ESI, -0x3a; INC ECX; ADD DWORD [EAX+ECX*8+0x41], -0x7d} .text sptd.sys 88A26024 4 Bytes [44, 55, B5, 88] {INC ESP; PUSH EBP; MOV CH, 0x88} .text sptd.sys 88A2602C 188 Bytes [51, 36, 6B, 83, 48, F9, 62, ...] .text ... .sptd2 C:\windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x88B1DD38] ? C:\windows\System32\Drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F43E000, 0x396C95, 0xE8000020] .text USBPORT.SYS!DllUnload 90E31DB9 5 Bytes JMP 8687B410 .text C:\windows\system32\drivers\hardlock.sys section is writeable [0x9DA14400, 0x82482, 0xE8000020] .protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0x9DAB4420] C:\windows\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0x9DAB4420] .protect˙˙˙˙hardlockunknown last code section [0x9DAB4200, 0x5105, 0xE0000020] C:\windows\system32\drivers\hardlock.sys unknown last code section [0x9DAB4200, 0x5105, 0xE0000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtCreateFile + 6 779655CE 4 Bytes [28, 00, 08, 00] {SUB [EAX], AL; OR [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtCreateFile + B 779655D3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtMapViewOfSection + 6 77965C2E 1 Byte [28] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtMapViewOfSection + 6 77965C2E 4 Bytes [28, 03, 08, 00] {SUB [EBX], AL; OR [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtMapViewOfSection + B 77965C33 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenFile + 6 77965CDE 4 Bytes [68, 00, 08, 00] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenFile + B 77965CE3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenProcess + 6 77965D8E 4 Bytes [A8, 01, 08, 00] {TEST AL, 0x1; OR [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenProcess + B 77965D93 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenProcessToken + B 77965DA3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenProcessTokenEx + 6 77965DAE 4 Bytes [A8, 02, 08, 00] {TEST AL, 0x2; OR [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenProcessTokenEx + B 77965DB3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenThread + 6 77965E0E 4 Bytes [68, 01, 08, 00] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenThread + B 77965E13 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenThreadToken + 6 77965E1E 4 Bytes [68, 02, 08, 00] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenThreadToken + B 77965E23 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenThreadTokenEx + B 77965E33 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtQueryAttributesFile + 6 77965F3E 4 Bytes [A8, 00, 08, 00] {TEST AL, 0x0; OR [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtQueryAttributesFile + B 77965F43 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtQueryFullAttributesFile + B 77965FF3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtSetInformationFile + 6 7796663E 4 Bytes [28, 01, 08, 00] {SUB [ECX], AL; OR [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtSetInformationFile + B 77966643 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtSetInformationThread + 6 7796669E 4 Bytes [28, 02, 08, 00] {SUB [EDX], AL; OR [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtSetInformationThread + B 779666A3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtUnmapViewOfSection + 6 779669BE 1 Byte [68] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtUnmapViewOfSection + 6 779669BE 4 Bytes [68, 03, 08, 00] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtUnmapViewOfSection + B 779669C3 1 Byte [E2] ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] C:\windows\SYSTEM32\ntdll.dll time/date stamp mismatch; ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] C:\windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] USER32.dll!NotifyWinEvent + 6AE 76ABD66C 4 Bytes [70, 11, 33, 6D] ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] C:\windows\SYSTEM32\ntdll.dll time/date stamp mismatch; ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] C:\windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] USER32.dll!NotifyWinEvent + 6AE 76ABD66C 4 Bytes [70, 11, 33, 6D] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtCreateFile + 6 779655CE 4 Bytes [28, 00, 08, 00] {SUB [EAX], AL; OR [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtCreateFile + B 779655D3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtMapViewOfSection + 6 77965C2E 1 Byte [28] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtMapViewOfSection + 6 77965C2E 4 Bytes [28, 03, 08, 00] {SUB [EBX], AL; OR [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtMapViewOfSection + B 77965C33 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenFile + 6 77965CDE 4 Bytes [68, 00, 08, 00] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenFile + B 77965CE3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenProcess + 6 77965D8E 4 Bytes [A8, 01, 08, 00] {TEST AL, 0x1; OR [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenProcess + B 77965D93 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenProcessToken + B 77965DA3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenProcessTokenEx + 6 77965DAE 4 Bytes [A8, 02, 08, 00] {TEST AL, 0x2; OR [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenProcessTokenEx + B 77965DB3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenThread + 6 77965E0E 4 Bytes [68, 01, 08, 00] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenThread + B 77965E13 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenThreadToken + 6 77965E1E 4 Bytes [68, 02, 08, 00] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenThreadToken + B 77965E23 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenThreadTokenEx + B 77965E33 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtQueryAttributesFile + 6 77965F3E 4 Bytes [A8, 00, 08, 00] {TEST AL, 0x0; OR [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtQueryAttributesFile + B 77965F43 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtQueryFullAttributesFile + B 77965FF3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtSetInformationFile + 6 7796663E 4 Bytes [28, 01, 08, 00] {SUB [ECX], AL; OR [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtSetInformationFile + B 77966643 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtSetInformationThread + 6 7796669E 4 Bytes [28, 02, 08, 00] {SUB [EDX], AL; OR [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtSetInformationThread + B 779666A3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtUnmapViewOfSection + 6 779669BE 1 Byte [68] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtUnmapViewOfSection + 6 779669BE 4 Bytes [68, 03, 08, 00] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtUnmapViewOfSection + B 779669C3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[3408] SHELL32.dll!PathIsExe + 1797 76D2D8D4 4 Bytes [69, 92, 70, 68] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[3408] SHELL32.dll!PathIsExe + 179F 76D2D8DC 4 Bytes [84, 91, 70, 68] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[3408] SHELL32.dll!PathIsExe + 17BB 76D2D8F8 4 Bytes [69, 92, 70, 68] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[3408] SHELL32.dll!PathIsExe + 17C3 76D2D900 4 Bytes [84, 91, 70, 68] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[3408] SHELL32.dll!PathIsExe + 17D7 76D2D914 4 Bytes [D2, 68, 6F, 68] .text ... .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[3408] SHELL32.dll!DAD_AutoScroll + 6EB 76D576B0 4 Bytes [69, 92, 70, 68] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[3408] SHELL32.dll!DAD_AutoScroll + 6F3 76D576B8 4 Bytes [84, 91, 70, 68] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[3408] SHELL32.dll!DAD_AutoScroll + 703 76D576C8 4 Bytes [FD, 69, 6F, 68] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[3408] SHELL32.dll!SHCreateDirectoryExW + 45F 76D7DF98 4 Bytes [69, 92, 70, 68] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[3408] SHELL32.dll!SHCreateDirectoryExW + 467 76D7DFA0 8 Bytes [84, 91, 70, 68, 0C, 93, 70, ...] {TEST [ECX-0x6cf39790], DL; JO 0x70} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtCreateFile + 6 779655CE 4 Bytes [28, 00, 18, 00] {SUB [EAX], AL; SBB [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtCreateFile + B 779655D3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtMapViewOfSection + 6 77965C2E 1 Byte [28] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtMapViewOfSection + 6 77965C2E 4 Bytes [28, 03, 18, 00] {SUB [EBX], AL; SBB [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtMapViewOfSection + B 77965C33 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtOpenFile + 6 77965CDE 4 Bytes [68, 00, 18, 00] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtOpenFile + B 77965CE3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtOpenProcess + 6 77965D8E 4 Bytes [A8, 01, 18, 00] {TEST AL, 0x1; SBB [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtOpenProcess + B 77965D93 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtOpenProcessToken + B 77965DA3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtOpenProcessTokenEx + 6 77965DAE 4 Bytes [A8, 02, 18, 00] {TEST AL, 0x2; SBB [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtOpenProcessTokenEx + B 77965DB3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtOpenThread + 6 77965E0E 4 Bytes [68, 01, 18, 00] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtOpenThread + B 77965E13 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtOpenThreadToken + 6 77965E1E 4 Bytes [68, 02, 18, 00] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtOpenThreadToken + B 77965E23 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtOpenThreadTokenEx + B 77965E33 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtQueryAttributesFile + 6 77965F3E 4 Bytes [A8, 00, 18, 00] {TEST AL, 0x0; SBB [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtQueryAttributesFile + B 77965F43 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtQueryFullAttributesFile + B 77965FF3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtSetInformationFile + 6 7796663E 4 Bytes [28, 01, 18, 00] {SUB [ECX], AL; SBB [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtSetInformationFile + B 77966643 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtSetInformationThread + 6 7796669E 4 Bytes [28, 02, 18, 00] {SUB [EDX], AL; SBB [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtSetInformationThread + B 779666A3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtUnmapViewOfSection + 6 779669BE 1 Byte [68] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtUnmapViewOfSection + 6 779669BE 4 Bytes [68, 03, 18, 00] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtUnmapViewOfSection + B 779669C3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtCreateFile + 6 779655CE 4 Bytes [28, 00, 08, 00] {SUB [EAX], AL; OR [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtCreateFile + B 779655D3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtMapViewOfSection + 6 77965C2E 1 Byte [28] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtMapViewOfSection + 6 77965C2E 4 Bytes [28, 03, 08, 00] {SUB [EBX], AL; OR [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtMapViewOfSection + B 77965C33 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenFile + 6 77965CDE 4 Bytes [68, 00, 08, 00] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenFile + B 77965CE3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcess + 6 77965D8E 4 Bytes [A8, 01, 08, 00] {TEST AL, 0x1; OR [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcess + B 77965D93 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcessToken + B 77965DA3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcessTokenEx + 6 77965DAE 4 Bytes [A8, 02, 08, 00] {TEST AL, 0x2; OR [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcessTokenEx + B 77965DB3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThread + 6 77965E0E 4 Bytes [68, 01, 08, 00] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThread + B 77965E13 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThreadToken + 6 77965E1E 4 Bytes [68, 02, 08, 00] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThreadToken + B 77965E23 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThreadTokenEx + B 77965E33 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtQueryAttributesFile + 6 77965F3E 4 Bytes [A8, 00, 08, 00] {TEST AL, 0x0; OR [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtQueryAttributesFile + B 77965F43 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtQueryFullAttributesFile + B 77965FF3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtSetInformationFile + 6 7796663E 4 Bytes [28, 01, 08, 00] {SUB [ECX], AL; OR [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtSetInformationFile + B 77966643 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtSetInformationThread + 6 7796669E 4 Bytes [28, 02, 08, 00] {SUB [EDX], AL; OR [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtSetInformationThread + B 779666A3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtUnmapViewOfSection + 6 779669BE 1 Byte [68] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtUnmapViewOfSection + 6 779669BE 4 Bytes [68, 03, 08, 00] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtUnmapViewOfSection + B 779669C3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6852] ntdll.dll!NtCreateFile + 6 779655CE 4 Bytes [28, 00, 18, 00] {SUB [EAX], AL; SBB [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6852] ntdll.dll!NtCreateFile + B 779655D3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6852] ntdll.dll!NtMapViewOfSection + 6 77965C2E 1 Byte [28] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6852] ntdll.dll!NtMapViewOfSection + 6 77965C2E 4 Bytes [28, 03, 18, 00] {SUB [EBX], AL; SBB [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6852] ntdll.dll!NtMapViewOfSection + B 77965C33 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6852] ntdll.dll!NtOpenFile + 6 77965CDE 4 Bytes [68, 00, 18, 00] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6852] ntdll.dll!NtOpenFile + B 77965CE3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6852] ntdll.dll!NtOpenProcess + 6 77965D8E 4 Bytes [A8, 01, 18, 00] {TEST AL, 0x1; SBB [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6852] ntdll.dll!NtOpenProcess + B 77965D93 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6852] ntdll.dll!NtOpenProcessToken + B 77965DA3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6852] ntdll.dll!NtOpenProcessTokenEx + 6 77965DAE 4 Bytes [A8, 02, 18, 00] {TEST AL, 0x2; SBB [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6852] ntdll.dll!NtOpenProcessTokenEx + B 77965DB3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6852] ntdll.dll!NtOpenThread + 6 77965E0E 4 Bytes [68, 01, 18, 00] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6852] ntdll.dll!NtOpenThread + B 77965E13 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6852] ntdll.dll!NtOpenThreadToken + 6 77965E1E 4 Bytes [68, 02, 18, 00] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6852] ntdll.dll!NtOpenThreadToken + B 77965E23 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6852] ntdll.dll!NtOpenThreadTokenEx + B 77965E33 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6852] ntdll.dll!NtQueryAttributesFile + 6 77965F3E 4 Bytes [A8, 00, 18, 00] {TEST AL, 0x0; SBB [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6852] ntdll.dll!NtQueryAttributesFile + B 77965F43 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6852] ntdll.dll!NtQueryFullAttributesFile + B 77965FF3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6852] ntdll.dll!NtSetInformationFile + 6 7796663E 4 Bytes [28, 01, 18, 00] {SUB [ECX], AL; SBB [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6852] ntdll.dll!NtSetInformationFile + B 77966643 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6852] ntdll.dll!NtSetInformationThread + 6 7796669E 4 Bytes [28, 02, 18, 00] {SUB [EDX], AL; SBB [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6852] ntdll.dll!NtSetInformationThread + B 779666A3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6852] ntdll.dll!NtUnmapViewOfSection + 6 779669BE 1 Byte [68] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6852] ntdll.dll!NtUnmapViewOfSection + 6 779669BE 4 Bytes [68, 03, 18, 00] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6852] ntdll.dll!NtUnmapViewOfSection + B 779669C3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6900] ntdll.dll!NtCreateFile + 6 779655CE 4 Bytes [28, 00, 08, 00] {SUB [EAX], AL; OR [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6900] ntdll.dll!NtCreateFile + B 779655D3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6900] ntdll.dll!NtMapViewOfSection + 6 77965C2E 1 Byte [28] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6900] ntdll.dll!NtMapViewOfSection + 6 77965C2E 4 Bytes [28, 03, 08, 00] {SUB [EBX], AL; OR [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6900] ntdll.dll!NtMapViewOfSection + B 77965C33 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6900] ntdll.dll!NtOpenFile + 6 77965CDE 4 Bytes [68, 00, 08, 00] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6900] ntdll.dll!NtOpenFile + B 77965CE3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6900] ntdll.dll!NtOpenProcess + 6 77965D8E 4 Bytes [A8, 01, 08, 00] {TEST AL, 0x1; OR [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6900] ntdll.dll!NtOpenProcess + B 77965D93 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6900] ntdll.dll!NtOpenProcessToken + B 77965DA3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6900] ntdll.dll!NtOpenProcessTokenEx + 6 77965DAE 4 Bytes [A8, 02, 08, 00] {TEST AL, 0x2; OR [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6900] ntdll.dll!NtOpenProcessTokenEx + B 77965DB3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6900] ntdll.dll!NtOpenThread + 6 77965E0E 4 Bytes [68, 01, 08, 00] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6900] ntdll.dll!NtOpenThread + B 77965E13 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6900] ntdll.dll!NtOpenThreadToken + 6 77965E1E 4 Bytes [68, 02, 08, 00] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6900] ntdll.dll!NtOpenThreadToken + B 77965E23 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6900] ntdll.dll!NtOpenThreadTokenEx + B 77965E33 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6900] ntdll.dll!NtQueryAttributesFile + 6 77965F3E 4 Bytes [A8, 00, 08, 00] {TEST AL, 0x0; OR [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6900] ntdll.dll!NtQueryAttributesFile + B 77965F43 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6900] ntdll.dll!NtQueryFullAttributesFile + B 77965FF3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6900] ntdll.dll!NtSetInformationFile + 6 7796663E 4 Bytes [28, 01, 08, 00] {SUB [ECX], AL; OR [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6900] ntdll.dll!NtSetInformationFile + B 77966643 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6900] ntdll.dll!NtSetInformationThread + 6 7796669E 4 Bytes [28, 02, 08, 00] {SUB [EDX], AL; OR [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6900] ntdll.dll!NtSetInformationThread + B 779666A3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6900] ntdll.dll!NtUnmapViewOfSection + 6 779669BE 1 Byte [68] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6900] ntdll.dll!NtUnmapViewOfSection + 6 779669BE 4 Bytes [68, 03, 08, 00] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6900] ntdll.dll!NtUnmapViewOfSection + B 779669C3 1 Byte [E2] .text C:\Users\Szkoła\Downloads\OTL.exe[7692] SHELL32.dll!PathIsExe + 1D83 76D2DEC0 4 Bytes [69, 92, 70, 68] .text C:\Users\Szkoła\Downloads\OTL.exe[7692] SHELL32.dll!PathIsExe + 1D8B 76D2DEC8 4 Bytes [84, 91, 70, 68] .text C:\Users\Szkoła\Downloads\OTL.exe[7692] SHELL32.dll!PathIsExe + 1D9F 76D2DEDC 4 Bytes [EE, 66, 6F, 68] .text C:\Users\Szkoła\Downloads\OTL.exe[7692] SHELL32.dll!PathIsExe + 1DA7 76D2DEE4 4 Bytes [5C, 67, 6F, 68] .text C:\Users\Szkoła\Downloads\OTL.exe[7692] SHELL32.dll!PathIsExe + 1DAF 76D2DEEC 4 Bytes [7F, 66, 6F, 68] .text ... .text C:\Users\Szkoła\Downloads\OTL.exe[7692] SHELL32.dll!DAD_AutoScroll + 6EB 76D576B0 4 Bytes [69, 92, 70, 68] .text C:\Users\Szkoła\Downloads\OTL.exe[7692] SHELL32.dll!DAD_AutoScroll + 6F3 76D576B8 4 Bytes [84, 91, 70, 68] .text C:\Users\Szkoła\Downloads\OTL.exe[7692] SHELL32.dll!DAD_AutoScroll + 703 76D576C8 4 Bytes [FD, 69, 6F, 68] .text C:\Users\Szkoła\Downloads\OTL.exe[7692] SHELL32.dll!SHCreateDirectoryExW + 45F 76D7DF98 4 Bytes [69, 92, 70, 68] .text C:\Users\Szkoła\Downloads\OTL.exe[7692] SHELL32.dll!SHCreateDirectoryExW + 467 76D7DFA0 8 Bytes [84, 91, 70, 68, 0C, 93, 70, ...] {TEST [ECX-0x6cf39790], DL; JO 0x70} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[7780] ntdll.dll!NtCreateFile + 6 779655CE 4 Bytes [28, 00, 08, 00] {SUB [EAX], AL; OR [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[7780] ntdll.dll!NtCreateFile + B 779655D3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[7780] ntdll.dll!NtMapViewOfSection + 6 77965C2E 1 Byte [28] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[7780] ntdll.dll!NtMapViewOfSection + 6 77965C2E 4 Bytes [28, 03, 08, 00] {SUB [EBX], AL; OR [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[7780] ntdll.dll!NtMapViewOfSection + B 77965C33 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[7780] ntdll.dll!NtOpenFile + 6 77965CDE 4 Bytes [68, 00, 08, 00] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[7780] ntdll.dll!NtOpenFile + B 77965CE3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[7780] ntdll.dll!NtOpenProcess + 6 77965D8E 4 Bytes [A8, 01, 08, 00] {TEST AL, 0x1; OR [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[7780] ntdll.dll!NtOpenProcess + B 77965D93 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[7780] ntdll.dll!NtOpenProcessToken + B 77965DA3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[7780] ntdll.dll!NtOpenProcessTokenEx + 6 77965DAE 4 Bytes [A8, 02, 08, 00] {TEST AL, 0x2; OR [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[7780] ntdll.dll!NtOpenProcessTokenEx + B 77965DB3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[7780] ntdll.dll!NtOpenThread + 6 77965E0E 4 Bytes [68, 01, 08, 00] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[7780] ntdll.dll!NtOpenThread + B 77965E13 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[7780] ntdll.dll!NtOpenThreadToken + 6 77965E1E 4 Bytes [68, 02, 08, 00] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[7780] ntdll.dll!NtOpenThreadToken + B 77965E23 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[7780] ntdll.dll!NtOpenThreadTokenEx + B 77965E33 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[7780] ntdll.dll!NtQueryAttributesFile + 6 77965F3E 4 Bytes [A8, 00, 08, 00] {TEST AL, 0x0; OR [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[7780] ntdll.dll!NtQueryAttributesFile + B 77965F43 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[7780] ntdll.dll!NtQueryFullAttributesFile + B 77965FF3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[7780] ntdll.dll!NtSetInformationFile + 6 7796663E 4 Bytes [28, 01, 08, 00] {SUB [ECX], AL; OR [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[7780] ntdll.dll!NtSetInformationFile + B 77966643 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[7780] ntdll.dll!NtSetInformationThread + 6 7796669E 4 Bytes [28, 02, 08, 00] {SUB [EDX], AL; OR [EAX], AL} .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[7780] ntdll.dll!NtSetInformationThread + B 779666A3 1 Byte [E2] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[7780] ntdll.dll!NtUnmapViewOfSection + 6 779669BE 1 Byte [68] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[7780] ntdll.dll!NtUnmapViewOfSection + 6 779669BE 4 Bytes [68, 03, 08, 00] .text C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[7780] ntdll.dll!NtUnmapViewOfSection + B 779669C3 1 Byte [E2] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [88A270C0] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [88A27FE0] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [88A27574] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [88A281BC] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [88A27362] \SystemRoot\System32\Drivers\sptd.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[372] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[372] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[372] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[372] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[372] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[372] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[372] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00180240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 001802B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 00180320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 00180390 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 001807F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 00180860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 00180B00 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 00180B70 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 00180BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 00180C50 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 00780DA0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 00180CC0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 00780E10 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 00780E80 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] 00780EF0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00780F60 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 764D0860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 764D08D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 764D0940 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 764D09B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 00180D30 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 00180DA0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 764D0A20 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 764D0A90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 764D0B00 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 764D0B70 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 764D0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 764D0C50 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 77A60940 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 77A609B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 77A60A20 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 77A60B00 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00790400 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00790470 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 007904E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00790550 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 007905C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00790630 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 007906A0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 77A60CC0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] 00790710 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00790780 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 001906A0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 007A02B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 007A0320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 007A0390 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 00190710 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 001907F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 007A0400 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 007A0470 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 007A04E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 007A0550 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 007A05C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 007A0630 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 007A06A0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 007A0710 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 007A0780 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00190860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 001908D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 00190940 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 007A0B70 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 007A0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 77A602B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualAlloc] 77A60320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 764D04E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 764D01D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 764D0390 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] 764D0320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 764D02B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 764D0240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 764D00F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 764D0470 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 764D0400 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\WININET.dll [KERNEL32.dll!HeapFree] 77A602B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 764D04E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 764D0390 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\WININET.dll [KERNEL32.dll!CreateThread] 77A601D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 764D0240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 764D02B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 764D00F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameW] 764D01D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameA] 764D0160 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryExA] 764D0320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 764D00F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 764D0240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[404] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 764D04E0 IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[2104] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [00407650] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[2104] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [004077C0] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[2104] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [00407850] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[2104] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00407870] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[2104] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [00407850] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[2104] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [00407650] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[2104] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00407650] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[2104] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00407870] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[2104] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [00407850] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[2104] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [004077C0] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[2104] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00407870] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[2104] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00407850] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[2104] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00407850] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[2104] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00407870] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[2104] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00407650] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[2104] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [004077C0] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[2104] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [00407850] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[2104] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00407870] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[2104] @ C:\windows\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExW] [00408AD0] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[2104] @ C:\windows\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExW] [00408DE0] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[2104] @ C:\windows\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExA] [004088F0] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[2104] @ C:\windows\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExA] [00408C40] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[2104] @ C:\windows\system32\WININET.dll [ADVAPI32.dll!RegCloseKey] [004087F0] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[2104] @ C:\windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [00407850] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[2104] @ C:\windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [00407650] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[2104] @ C:\windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [00407870] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 001F0240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 001F02B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 001F0320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 001F0390 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 001F07F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 001F0860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 001F0B00 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 001F0B70 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 001F0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 001F0C50 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 003B0DA0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 001F0CC0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 003B0E10 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 003B0E80 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] 003B0EF0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 003B0F60 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 764D0860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 764D08D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 764D0940 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 764D09B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 001F0D30 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 001F0DA0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 764D0A20 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 764D0A90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 764D0B00 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 764D0B70 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 764D0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 764D0C50 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 77A60940 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 77A609B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 77A60A20 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 77A60B00 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 003C0400 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 003C0470 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 003C04E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 003C0550 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 003C05C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 003C0630 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 003C06A0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 77A60CC0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] 003C0710 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 003C0780 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 002006A0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 003D02B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 003D0320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 003D0390 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 00200710 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 002007F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 003D0400 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 003D0470 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 003D04E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 003D0550 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 003D05C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 003D0630 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 003D06A0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 003D0710 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 003D0780 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00200860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 002008D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 00200940 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 003D0B70 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 003D0BE0 IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[2768] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[2768] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[2768] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[2768] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[2768] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[2768] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[2768] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\Downloads\sf7ld4oc.exe[2864] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\Downloads\sf7ld4oc.exe[2864] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\Downloads\sf7ld4oc.exe[2864] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\Downloads\sf7ld4oc.exe[2864] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\Downloads\sf7ld4oc.exe[2864] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\Downloads\sf7ld4oc.exe[2864] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3016] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [746F2437] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3016] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [746D5600] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3016] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [746D56BE] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3016] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree] [746F24B2] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3016] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [746E8514] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3016] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [746E4CC8] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3016] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [746E506F] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3016] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [746E5144] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3016] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [746E6671] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3016] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [746E826B] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3016] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [746E87BA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3016] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [746E901B] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3016] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [746EE1BE] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3016] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [746E4BFA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[3408] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[3408] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[3408] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[3408] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[3408] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[3408] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[3408] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\System32\rundll32.exe[3708] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\System32\rundll32.exe[3708] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\System32\rundll32.exe[3708] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\System32\rundll32.exe[3708] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[3756] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[3756] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[3756] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[3756] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[3756] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[3756] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[3756] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[4884] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[4884] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[4884] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[4884] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[4884] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[4884] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[4884] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[5980] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[5980] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[5980] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[5980] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[5980] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[5980] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[5980] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\system32\rundll32.exe[6328] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\system32\rundll32.exe[6328] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\system32\rundll32.exe[6328] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\system32\rundll32.exe[6328] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\system32\rundll32.exe[6328] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\system32\rundll32.exe[6328] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6852] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6852] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6852] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6852] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6852] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6852] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6852] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6900] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6900] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6900] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6900] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6900] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6900] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[6900] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\Downloads\OTL.exe[7692] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\Downloads\OTL.exe[7692] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\Downloads\OTL.exe[7692] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\Downloads\OTL.exe[7692] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\Downloads\OTL.exe[7692] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\Downloads\OTL.exe[7692] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\Downloads\OTL.exe[7692] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[7780] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[7780] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[7780] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[7780] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[7780] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[7780] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Szkoła\AppData\Local\Google\Chrome\Application\chrome.exe[7780] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 854AA1F8 Device \FileSystem\fastfat \FatCdrom 88013430 AttachedDevice \Driver\volmgr \Device\HarddiskVolume12 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\NetBT \Device\NetBT_Tcpip_{0D247A8B-615B-4ADA-BF72-28617E043287} 86740430 Device \Driver\usbohci \Device\USBPDO-0 8688C430 Device \Driver\usbohci \Device\USBPDO-1 8688C430 Device \Driver\usbehci \Device\USBPDO-2 865E3430 Device \Driver\usbohci \Device\USBPDO-3 8688C430 Device \Driver\amdsata \Device\00000061 854A81F8 Device \Driver\usbehci \Device\USBPDO-4 865E3430 AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) Device \Driver\ACPI_HAL \Device\00000056 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom0 866471F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 854A71F8 Device \Driver\atapi \Device\Ide\IdePort0 854A71F8 Device \Driver\atapi \Device\Ide\IdePort1 854A71F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\NetBT \Device\NetBT_Tcpip_{27E221DA-AD84-403D-9D26-A53274CAC437} 86740430 Device \Driver\NetBT \Device\NetBT_Tcpip_{CF9BA0E2-F73B-4EA6-A939-8C83FB6BE247} 86740430 Device \Driver\USBSTOR \Device\0000010a 867E01F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 86740430 Device \Driver\USBSTOR \Device\0000010b 867E01F8 Device \Driver\amdsata \Device\RaidPort0 854A81F8 AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) Device \Driver\PCI_PNP7524 \Device\0000005e sptd.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{03AA543A-2890-48C5-B2FC-B96370558E40} 86740430 Device \Driver\usbohci \Device\USBFDO-0 8688C430 Device \Driver\usbohci \Device\USBFDO-1 8688C430 Device \Driver\usbehci \Device\USBFDO-2 865E3430 Device \Driver\usbohci \Device\USBFDO-3 8688C430 Device \Driver\usbehci \Device\USBFDO-4 865E3430 Device \Driver\ajnpwx8v \Device\Scsi\ajnpwx8v1 866541F8 Device \FileSystem\fastfat \Fat 88013430 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) Device \FileSystem\cdfs \Cdfs 87DD2430 ---- Processes - GMER 1.0.15 ---- Library C:\ProgramData\Kaspersky (*** hidden *** ) @ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [404] 0x55580000 Library C:\ProgramData\Kaspersky (*** hidden *** ) @ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [404] 0x0EBF0000 Library C:\ProgramData\Kaspersky (*** hidden *** ) @ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [404] 0x07260000 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002421946b7e Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x62 0x58 0x72 0x6A ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x4A 0x16 0xC0 0xEA ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x41 0xDE 0xB1 0xBB ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002421946b7e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF3 0x60 0x54 0xD8 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x18 0xEB 0xCD 0x57 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x41 0xDE 0xB1 0xBB ... ---- EOF - GMER 1.0.15 ----