GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-19 14:21:08 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\00000089 SAMSUNG_HD322IJ rev.1AC01113 298,09GB Running: o8zv438z.exe; Driver: C:\DOCUME~1\Piotr\USTAWI~1\Temp\uxtdypoc.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB40B0610] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB418C5FA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xB40B10E6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB40F4B36] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB40BCF18] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB40BCF64] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB40BD0FE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB40F44EA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB40BCE86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB40BCFA8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB40BCECE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xB40B15E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB40BD0B8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xB40B1E9C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB40B0676] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB40F51FC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB40F54B2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB40B5596] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB40F5067] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB40F4ED2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB418C6C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB40B025E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB40B06DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB40B598C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB40B292C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB40BCF42] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB40BCF86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB40BD122] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB40F4846] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB40BCEAC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB40B4E78] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB40BD036] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB40BCEF6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB40B526E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB40BD0DC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB418C822] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB40F4D4D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB40B27F8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB40F4B9F] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xB40B234E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB4199744] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB40F3B30] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB40B0742] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB40B07A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xB40B1D16] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB40B02F8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB40B04CE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB40F5303] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB40B045C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xB40B2066] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xB40B21C8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB40B0556] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xB40B1B54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xB40B1CF6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xB418AC42] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB40B080E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xB40B1142] INT 0x63 ? 8A787CB8 INT 0x73 ? 8A787CB8 INT 0x83 ? 8A787CB8 INT 0xB1 ? 8A7CECB8 INT 0xB1 ? 8A7CECB8 INT 0xB4 ? 8A631CB8 Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB41A5E00] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2D2C 80504614 4 Bytes JMP B0B40F44 .text ntkrnlpa.exe!ZwCallbackReturn + 2FD4 805048BC 12 Bytes [42, 07, 0B, B4, A8, 07, 0B, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 307C 80504964 12 Bytes [66, 20, 0B, B4, C8, 21, 0B, ...] PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64DC 4 Bytes CALL B40B2FD9 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC58A 5 Bytes JMP B41A2C9A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805C300E 5 Bytes JMP B41A47B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D11CA 7 Bytes JMP B41A5E04 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text sptd.sys B7E92000 28 Bytes [30, 78, 6E, 80, A6, CB, 6E, ...] .text sptd.sys B7E9201D 3 Bytes [79, 6E, 80] .text sptd.sys B7E92024 40 Bytes [28, 54, 53, 80, 68, B9, 54, ...] .text sptd.sys B7E9204D 83 Bytes [F2, 4E, 80, 96, 67, 52, 80, ...] .text sptd.sys B7E920A1 120 Bytes [9A, 53, 80, 2C, 7C, 50, 80, ...] .text ... .sptd2 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xB7F3C9E3] ? C:\WINDOWS\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .text USBPORT.SYS!DllUnload B762192A 5 Bytes JMP 8A6311C8 .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB68933C0, 0x84E4FA, 0xE8000020] init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xB45B1A00] .text win32k.sys!EngFreeUserMem + 674 BF8099C2 5 Bytes JMP B40B7284 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 35D1 BF80C91F 5 Bytes JMP B40B7162 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF80FDD6 5 Bytes JMP B40B7116 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + 44FC BF81F489 5 Bytes JMP B40B5BF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMulDiv + 197D BF821B96 5 Bytes JMP B40B66EC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPaint + 11A6 BF82E3B0 5 Bytes JMP B40B5D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLockSurface + C09 BF82F52E 5 Bytes JMP B40B73FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + 2E84 BF839EBA 5 Bytes JMP B40B7614 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + B8FE BF842934 5 Bytes JMP B40B700A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + E0BA BF8450F0 5 Bytes JMP B40B66CE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + F636 BF84666C 5 Bytes JMP B40B5DF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 290F BF86910A 5 Bytes JMP B40B67C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 4BED BF86B3E8 5 Bytes JMP B40B622C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 4C78 BF86B473 5 Bytes JMP B40B6508 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 584E BF86C049 5 Bytes JMP B40B5AD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + AC2C BF871427 5 Bytes JMP B40B71B2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnicodeToMultiByteN + 67EE BF878651 5 Bytes JMP B40B733C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 35E9 BF891936 5 Bytes JMP B40B62F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 4126 BF892473 5 Bytes JMP B40B64C2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetLastError + 1606 BF8AF55F 5 Bytes JMP B40B67E2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 2862 BF8B2C7D 5 Bytes JMP B40B756C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAlphaBlend + 3E8 BF8C1A6A 5 Bytes JMP B40B5F24 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + A5B0 BF8EAF87 5 Bytes JMP B40B670A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8EFA48 5 Bytes JMP B40B59C2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 3BBE BF8F1C17 5 Bytes JMP B40B6008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 3E3E BF8F1E97 5 Bytes JMP B40B6150 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1A40 BF914AE8 5 Bytes JMP B40B5CDC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1CEC BF914D94 5 Bytes JMP B40B688C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2614 BF9156BC 5 Bytes JMP B40B5EBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F95 BF91803D 5 Bytes JMP B40B6628 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 191B BF948590 5 Bytes JMP B40B74BE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB2B76300, 0x3B6D8, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB8388300, 0x1BEE, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 88, 23, 00] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 8B, 23, 00] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 88, 23, 00] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 89, 23, 00] {TEST AL, 0x89; AND EAX, [EAX]} .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90F9A2 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 8A, 23, 00] {TEST AL, 0x8a; AND EAX, [EAX]} .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 89, 23, 00] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 8A, 23, 00] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90FA13 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 88, 23, 00] {TEST AL, 0x88; AND EAX, [EAX]} .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90FB41 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 89, 23, 00] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 8A, 23, 00] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 8B, 23, 00] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 006001F8 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 006003FC .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00621014 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00620804 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00620A08 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00620C0C .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00620E10 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 006201F8 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 006203FC .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00620600 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00630804 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00630A08 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00630600 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 006301F8 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 006303FC .text C:\WINDOWS\system32\spoolsv.exe[216] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[216] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[296] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[296] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[396] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[396] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\srvany.exe[408] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\srvany.exe[408] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[520] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [18, 10, C4, 01] {SBB [EAX], DL; LES EAX, [ECX]} .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[520] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[520] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[520] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[520] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[520] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[520] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[520] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[520] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[520] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[520] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[520] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[520] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[520] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[520] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 004E0804 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[520] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 004E0A08 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[520] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 004E0600 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[520] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004E01F8 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[520] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004E03FC .text C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe[552] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe[552] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[708] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[756] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[780] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\services.exe[824] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[824] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[836] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[972] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[972] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1192] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1192] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1256] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1256] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1280] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1280] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[1324] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[1324] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\PnkBstrA.exe[1412] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\PnkBstrA.exe[1412] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1432] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1684] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1684] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\KMService.exe[1744] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\KMService.exe[1744] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Hi-Rez Studios\HiPatchService.exe[1788] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Hi-Rez Studios\HiPatchService.exe[1788] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1880] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1880] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[2040] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[2040] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[2108] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[2108] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2120] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2120] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2136] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2136] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2288] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2288] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, E4, 3C, 00] {SUB AH, AH; CMP AL, 0x0} .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, E7, 3C, 00] {SUB BH, AH; CMP AL, 0x0} .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, E4, 3C, 00] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, E5, 3C, 00] {TEST AL, 0xe5; CMP AL, 0x0} .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9112FE .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, E6, 3C, 00] {TEST AL, 0xe6; CMP AL, 0x0} .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, E5, 3C, 00] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, E6, 3C, 00] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91136F .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, E4, 3C, 00] {TEST AL, 0xe4; CMP AL, 0x0} .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91149D .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, E5, 3C, 00] {SUB CH, AH; CMP AL, 0x0} .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, E6, 3C, 00] {SUB DH, AH; CMP AL, 0x0} .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, E7, 3C, 00] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 007901F8 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 007903FC .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 007B1014 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 007B0804 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 007B0A08 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 007B0C0C .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 007B0E10 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ADVAPI32.dll!CreateServiceA 77E27211 3 Bytes JMP 007B01F8 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ADVAPI32.dll!CreateServiceA + 4 77E27215 1 Byte [88] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 007B03FC .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 007B0600 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 007C0804 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 007C0A08 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 007C0600 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 007C01F8 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 007C03FC .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2436] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2436] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe[2512] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe[2512] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2896] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2896] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 74, D3, 00] {SUB [EBX+EDX*8+0x0], DH} .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 77, D3, 00] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 74, D3, 00] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 75, D3, 00] {TEST AL, 0x75; ROL [EAX], CL} .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91A98E .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 76, D3, 00] {TEST AL, 0x76; ROL [EAX], CL} .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 75, D3, 00] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 76, D3, 00] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91A9FF .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 74, D3, 00] {TEST AL, 0x74; ROL [EAX], CL} .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91AB2D .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 75, D3, 00] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 76, D3, 00] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 77, D3, 00] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 010201F8 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 010203FC .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 01041014 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 01040804 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 01040A08 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 01040C0C .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 01040E10 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 010401F8 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 010403FC .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 01040600 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01050804 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01050A08 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01050600 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 010501F8 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 010503FC .text C:\WINDOWS\system32\svchost.exe[3132] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[3132] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[3436] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[3436] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[3436] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\svchost.exe[3436] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[3436] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00321014 .text C:\WINDOWS\System32\svchost.exe[3436] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00320804 .text C:\WINDOWS\System32\svchost.exe[3436] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00320A08 .text C:\WINDOWS\System32\svchost.exe[3436] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00320C0C .text C:\WINDOWS\System32\svchost.exe[3436] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00320E10 .text C:\WINDOWS\System32\svchost.exe[3436] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003201F8 .text C:\WINDOWS\System32\svchost.exe[3436] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003203FC .text C:\WINDOWS\System32\svchost.exe[3436] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00320600 .text C:\WINDOWS\System32\svchost.exe[3436] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00470804 .text C:\WINDOWS\System32\svchost.exe[3436] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00470A08 .text C:\WINDOWS\System32\svchost.exe[3436] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00470600 .text C:\WINDOWS\System32\svchost.exe[3436] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004701F8 .text C:\WINDOWS\System32\svchost.exe[3436] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004703FC .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3552] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3552] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\Piotr\Moje dokumenty\Downloads\o8zv438z.exe[3924] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Piotr\Moje dokumenty\Downloads\o8zv438z.exe[3924] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[4028] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[4028] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, D4, AF, 00] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, D7, AF, 00] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, D4, AF, 00] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, D5, AF, 00] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9185EE .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, D6, AF, 00] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, D5, AF, 00] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, D6, AF, 00] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91865F .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, D4, AF, 00] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91878D .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, D5, AF, 00] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, D6, AF, 00] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, D7, AF, 00] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00DE01F8 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00DE03FC .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00E01014 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00E00804 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00E00A08 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00E00C0C .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00E00E10 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00E001F8 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00E003FC .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00E00600 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00E10804 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00E10A08 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00E10600 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00E101F8 .text C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00E103FC ---- Kernel IAT/EAT - GMER 2.1 ---- IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [B7E9420E] sptd.sys IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [B7E9370C] sptd.sys IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [B7E93EEE] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7E9370C] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7E938F0] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7E93832] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7E940CC] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7E93EEE] sptd.sys ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[176] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00370010 IAT C:\WINDOWS\system32\services.exe[824] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[824] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 IAT C:\Program Files\Alwil Software\Avast5\avastUI.exe[1256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C90790] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1880] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C90790] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2356] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 005E0010 IAT C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3040] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00E70010 IAT C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4052] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00C30010 ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Ntfs \Ntfs 8A7861E8 Device \FileSystem\Fastfat \FatCdrom 8A0271E8 AttachedDevice \Driver\Tcpip \Device\Ip NVTcp.sys (NVIDIA Networking Protocol Driver./NVIDIA Corporation) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\NetBT \Device\NetBT_Tcpip_{DB0E5039-6B0F-4B76-9D4F-B91AA3398F2D} 8A0D21E8 Device \Driver\usbohci \Device\USBPDO-0 8A61D1E8 Device \Driver\usbehci \Device\USBPDO-1 8A6191E8 AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\prodrv06 \Device\ProDrv06 E216B008 Device \Driver\Cdrom \Device\CdRom0 8A5E01E8 Device \Driver\atapi \Device\Ide\IdePort0 [B7E23B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort1 [B7E23B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\Cdrom \Device\CdRom1 8A5E01E8 Device \Driver\PCI_PNP9202 \Device\00000068 sptd.sys Device \Driver\PCI_PNP9202 \Device\00000068 sptd.sys Device \Driver\prohlp02 \Device\ProHlp02 E18B05C8 Device \Driver\PCI_PNP9202 \Device\00000069 sptd.sys Device \Driver\PCI_PNP9202 \Device\00000069 sptd.sys Device \Driver\NetBT \Device\NetBt_Wins_Export 8A0D21E8 Device \Driver\NetBT \Device\NetbiosSmb 8A0D21E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{0158C9B0-42EA-484E-85AF-29CAA31A9C42} 8A0D21E8 Device \Driver\usbstor \Device\00000093 89FE21E8 AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\nvata \Device\00000089 8A7871E8 Device \Driver\nvata \Device\00000089 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbstor \Device\00000097 89FE21E8 Device \Driver\usbstor \Device\00000098 89FE21E8 Device \Driver\usbstor \Device\00000099 89FE21E8 Device \Driver\usbohci \Device\USBFDO-0 8A61D1E8 Device \Driver\usbehci \Device\USBFDO-1 8A6191E8 Device \Driver\nvata \Device\NvAta0 8A7871E8 Device \Driver\nvata \Device\NvAta0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A1561E8 Device \Driver\nvata \Device\NvAta1 8A7871E8 Device \Driver\nvata \Device\NvAta1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A1561E8 Device \Driver\nvata \Device\NvAta2 8A7871E8 Device \Driver\nvata \Device\NvAta2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\nvata \Device\0000008a 8A7871E8 Device \Driver\nvata \Device\0000008a prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\aa0by4e3 \Device\Scsi\aa0by4e31Port6Path0Target0Lun0 8A5831E8 Device \Driver\aa0by4e3 \Device\Scsi\aa0by4e31 8A5831E8 Device \Driver\azqf0wtz \Device\Scsi\azqf0wtz1 8A5591E8 Device \Driver\usbstor \Device\0000009a 89FE21E8 Device \FileSystem\Fastfat \Fat 8A0271E8 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 8A08D1E8 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys >>UNKNOWN [0x8a7871e8]<< 8a7871e8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a755ab8] 8a755ab8 Trace 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000008b[0x8a73bf18] 8a73bf18 Trace 5 ACPI.sys[b7e68620] -> nt!IofCallDriver -> \Device\00000089[0x8a755030] 8a755030 Trace \Driver\nvata[0x8a74bf38] -> IRP_MJ_CREATE -> 0x8a7871e8 8a7871e8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAA 0x40 0x05 0x39 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x94 0x2D 0x14 0x28 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xC2 0x1E 0x6A 0x69 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA3 0x8A 0xB4 0x20 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x87 0x51 0x00 0x12 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x04 0xF5 0xA4 0x04 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xEB 0x9E 0xF9 0x0C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAA 0x40 0x05 0x39 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x94 0x2D 0x14 0x28 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xC2 0x1E 0x6A 0x69 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3C 0xE1 0x94 0x63 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x87 0x51 0x00 0x12 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x94 0x2B 0x76 0xB8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xEB 0x9E 0xF9 0x0C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xEB 0x9E 0xF9 0x0C ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAA 0x40 0x05 0x39 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x94 0x2D 0x14 0x28 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xC2 0x1E 0x6A 0x69 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3C 0xE1 0x94 0x63 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x87 0x51 0x00 0x12 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x94 0x2B 0x76 0xB8 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xEB 0x9E 0xF9 0x0C ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xEB 0x9E 0xF9 0x0C ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Balance_of_Chaos.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Blood_on_the_Snow.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Castle_of_the_Gods.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Emerge.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\General_Conflict.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Hightower.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Killing_Fields.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Range.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Refill_Conflict.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Reinforcement_Conflict.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Stielstand.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Struggle.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Two_Hills.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Village_in_Squeeze.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Watch_over_Ford.scn 1 Reg HKLM\SOFTWARE\Classes\CLSID\{48d6e29b-91a0-41e2-8d61-e2f7da039916}@Model 202 Reg HKLM\SOFTWARE\Classes\CLSID\{48d6e29b-91a0-41e2-8d61-e2f7da039916}@Therad 30 Reg HKLM\SOFTWARE\Classes\CLSID\{48d6e29b-91a0-41e2-8d61-e2f7da039916}@MData 0x2B 0x8F 0x78 0x29 ... Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0xB4 0xE0 0x52 0x6C ... ---- EOF - GMER 2.1 ----