GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-09-23 12:51:06 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5 WDC_WD2500AAJS-00VTA0 rev.01.01B01 Running: mey8wjoi.exe; Driver: C:\Users\KRYSTY~1\AppData\Local\Temp\fxdyqpoc.sys ---- System - GMER 1.0.15 ---- SSDT 90453926 ZwCreateSection SSDT 90453930 ZwRequestWaitReplyPort SSDT 9045392B ZwSetContextThread SSDT 90453935 ZwSetSecurityObject SSDT 9045393A ZwSystemDebugControl SSDT 904538C7 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A7F579 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AA3F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 340 82AAB840 4 Bytes [26, 39, 45, 90] {CMP ES:[EBP-0x70], EAX} .text ntkrnlpa.exe!RtlSidHashLookup + 69C 82AABB9C 4 Bytes [30, 39, 45, 90] {XOR [ECX], BH; INC EBP; NOP } .text ntkrnlpa.exe!RtlSidHashLookup + 6E0 82AABBE0 4 Bytes [2B, 39, 45, 90] {SUB EDI, [ECX]; INC EBP; NOP } .text ntkrnlpa.exe!RtlSidHashLookup + 75C 82AABC5C 4 Bytes [35, 39, 45, 90] .text ntkrnlpa.exe!RtlSidHashLookup + 7B0 82AABCB0 4 Bytes [3A, 39, 45, 90] {CMP BH, [ECX]; INC EBP; NOP } .text ... ---- User code sections - GMER 1.0.15 ---- .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtCreateFile + 6 771E4A16 4 Bytes [28, 00, 44, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtCreateFile + B 771E4A1B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtMapViewOfSection + 6 771E5076 1 Byte [28] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtMapViewOfSection + 6 771E5076 4 Bytes [28, 03, 44, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtMapViewOfSection + B 771E507B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtOpenFile + 6 771E5126 4 Bytes [68, 00, 44, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtOpenFile + B 771E512B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtOpenProcess + 6 771E51D6 4 Bytes [A8, 01, 44, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtOpenProcess + B 771E51DB 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtOpenProcessToken + B 771E51EB 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtOpenProcessTokenEx + 6 771E51F6 4 Bytes [A8, 02, 44, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtOpenProcessTokenEx + B 771E51FB 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtOpenThread + 6 771E5256 4 Bytes [68, 01, 44, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtOpenThread + B 771E525B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtOpenThreadToken + 6 771E5266 4 Bytes [68, 02, 44, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtOpenThreadToken + B 771E526B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtOpenThreadTokenEx + B 771E527B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtQueryAttributesFile + 6 771E5386 4 Bytes [A8, 00, 44, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtQueryAttributesFile + B 771E538B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtQueryFullAttributesFile + B 771E543B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtSetInformationFile + 6 771E5A86 4 Bytes [28, 01, 44, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtSetInformationFile + B 771E5A8B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtSetInformationThread + 6 771E5AE6 4 Bytes [28, 02, 44, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtSetInformationThread + B 771E5AEB 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtUnmapViewOfSection + 6 771E5E06 1 Byte [68] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtUnmapViewOfSection + 6 771E5E06 4 Bytes [68, 03, 44, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtUnmapViewOfSection + B 771E5E0B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtCreateFile + 6 771E4A16 4 Bytes [28, 00, 2E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtCreateFile + B 771E4A1B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtMapViewOfSection + 6 771E5076 1 Byte [28] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtMapViewOfSection + 6 771E5076 4 Bytes [28, 03, 2E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtMapViewOfSection + B 771E507B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenFile + 6 771E5126 4 Bytes [68, 00, 2E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenFile + B 771E512B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenProcess + 6 771E51D6 4 Bytes [A8, 01, 2E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenProcess + B 771E51DB 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenProcessToken + B 771E51EB 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenProcessTokenEx + 6 771E51F6 4 Bytes [A8, 02, 2E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenProcessTokenEx + B 771E51FB 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenThread + 6 771E5256 4 Bytes [68, 01, 2E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenThread + B 771E525B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenThreadToken + 6 771E5266 4 Bytes [68, 02, 2E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenThreadToken + B 771E526B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenThreadTokenEx + B 771E527B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtQueryAttributesFile + 6 771E5386 4 Bytes [A8, 00, 2E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtQueryAttributesFile + B 771E538B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtQueryFullAttributesFile + B 771E543B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtSetInformationFile + 6 771E5A86 4 Bytes [28, 01, 2E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtSetInformationFile + B 771E5A8B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtSetInformationThread + 6 771E5AE6 4 Bytes [28, 02, 2E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtSetInformationThread + B 771E5AEB 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtUnmapViewOfSection + 6 771E5E06 1 Byte [68] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtUnmapViewOfSection + 6 771E5E06 4 Bytes [68, 03, 2E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtUnmapViewOfSection + B 771E5E0B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtCreateFile + 6 771E4A16 4 Bytes [28, 00, 17, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtCreateFile + B 771E4A1B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtMapViewOfSection + 6 771E5076 1 Byte [28] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtMapViewOfSection + 6 771E5076 4 Bytes [28, 03, 17, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtMapViewOfSection + B 771E507B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtOpenFile + 6 771E5126 4 Bytes [68, 00, 17, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtOpenFile + B 771E512B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtOpenProcess + 6 771E51D6 4 Bytes [A8, 01, 17, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtOpenProcess + B 771E51DB 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtOpenProcessToken + B 771E51EB 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtOpenProcessTokenEx + 6 771E51F6 4 Bytes [A8, 02, 17, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtOpenProcessTokenEx + B 771E51FB 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtOpenThread + 6 771E5256 4 Bytes [68, 01, 17, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtOpenThread + B 771E525B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtOpenThreadToken + 6 771E5266 4 Bytes [68, 02, 17, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtOpenThreadToken + B 771E526B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtOpenThreadTokenEx + B 771E527B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtQueryAttributesFile + 6 771E5386 4 Bytes [A8, 00, 17, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtQueryAttributesFile + B 771E538B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtQueryFullAttributesFile + B 771E543B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtSetInformationFile + 6 771E5A86 4 Bytes [28, 01, 17, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtSetInformationFile + B 771E5A8B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtSetInformationThread + 6 771E5AE6 4 Bytes [28, 02, 17, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtSetInformationThread + B 771E5AEB 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtUnmapViewOfSection + 6 771E5E06 1 Byte [68] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtUnmapViewOfSection + 6 771E5E06 4 Bytes [68, 03, 17, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtUnmapViewOfSection + B 771E5E0B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtCreateFile + 6 771E4A16 4 Bytes [28, 00, 2E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtCreateFile + B 771E4A1B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtMapViewOfSection + 6 771E5076 1 Byte [28] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtMapViewOfSection + 6 771E5076 4 Bytes [28, 03, 2E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtMapViewOfSection + B 771E507B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenFile + 6 771E5126 4 Bytes [68, 00, 2E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenFile + B 771E512B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcess + 6 771E51D6 4 Bytes [A8, 01, 2E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcess + B 771E51DB 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcessToken + B 771E51EB 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcessTokenEx + 6 771E51F6 4 Bytes [A8, 02, 2E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcessTokenEx + B 771E51FB 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThread + 6 771E5256 4 Bytes [68, 01, 2E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThread + B 771E525B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThreadToken + 6 771E5266 4 Bytes [68, 02, 2E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThreadToken + B 771E526B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThreadTokenEx + B 771E527B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtQueryAttributesFile + 6 771E5386 4 Bytes [A8, 00, 2E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtQueryAttributesFile + B 771E538B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtQueryFullAttributesFile + B 771E543B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtSetInformationFile + 6 771E5A86 4 Bytes [28, 01, 2E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtSetInformationFile + B 771E5A8B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtSetInformationThread + 6 771E5AE6 4 Bytes [28, 02, 2E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtSetInformationThread + B 771E5AEB 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtUnmapViewOfSection + 6 771E5E06 1 Byte [68] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtUnmapViewOfSection + 6 771E5E06 4 Bytes [68, 03, 2E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtUnmapViewOfSection + B 771E5E0B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtCreateFile + 6 771E4A16 4 Bytes [28, 00, 3E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtCreateFile + B 771E4A1B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtMapViewOfSection + 6 771E5076 1 Byte [28] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtMapViewOfSection + 6 771E5076 4 Bytes [28, 03, 3E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtMapViewOfSection + B 771E507B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenFile + 6 771E5126 4 Bytes [68, 00, 3E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenFile + B 771E512B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenProcess + 6 771E51D6 4 Bytes [A8, 01, 3E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenProcess + B 771E51DB 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenProcessToken + B 771E51EB 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenProcessTokenEx + 6 771E51F6 4 Bytes [A8, 02, 3E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenProcessTokenEx + B 771E51FB 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenThread + 6 771E5256 4 Bytes [68, 01, 3E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenThread + B 771E525B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenThreadToken + 6 771E5266 4 Bytes [68, 02, 3E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenThreadToken + B 771E526B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenThreadTokenEx + B 771E527B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtQueryAttributesFile + 6 771E5386 4 Bytes [A8, 00, 3E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtQueryAttributesFile + B 771E538B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtQueryFullAttributesFile + B 771E543B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtSetInformationFile + 6 771E5A86 4 Bytes [28, 01, 3E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtSetInformationFile + B 771E5A8B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtSetInformationThread + 6 771E5AE6 4 Bytes [28, 02, 3E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtSetInformationThread + B 771E5AEB 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtUnmapViewOfSection + 6 771E5E06 1 Byte [68] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtUnmapViewOfSection + 6 771E5E06 4 Bytes [68, 03, 3E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtUnmapViewOfSection + B 771E5E0B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtCreateFile + 6 771E4A16 4 Bytes [28, 00, 2E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtCreateFile + B 771E4A1B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtMapViewOfSection + 6 771E5076 1 Byte [28] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtMapViewOfSection + 6 771E5076 4 Bytes [28, 03, 2E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtMapViewOfSection + B 771E507B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenFile + 6 771E5126 4 Bytes [68, 00, 2E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenFile + B 771E512B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenProcess + 6 771E51D6 4 Bytes [A8, 01, 2E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenProcess + B 771E51DB 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenProcessToken + B 771E51EB 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenProcessTokenEx + 6 771E51F6 4 Bytes [A8, 02, 2E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenProcessTokenEx + B 771E51FB 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenThread + 6 771E5256 4 Bytes [68, 01, 2E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenThread + B 771E525B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenThreadToken + 6 771E5266 4 Bytes [68, 02, 2E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenThreadToken + B 771E526B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenThreadTokenEx + B 771E527B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtQueryAttributesFile + 6 771E5386 4 Bytes [A8, 00, 2E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtQueryAttributesFile + B 771E538B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtQueryFullAttributesFile + B 771E543B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtSetInformationFile + 6 771E5A86 4 Bytes [28, 01, 2E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtSetInformationFile + B 771E5A8B 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtSetInformationThread + 6 771E5AE6 4 Bytes [28, 02, 2E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtSetInformationThread + B 771E5AEB 1 Byte [E2] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtUnmapViewOfSection + 6 771E5E06 1 Byte [68] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtUnmapViewOfSection + 6 771E5E06 4 Bytes [68, 03, 2E, 00] .text C:\Users\Krystyna Bananówna\AppData\Local\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtUnmapViewOfSection + B 771E5E0B 1 Byte [E2] ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000046 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1797609009-3460997985-156361722-1000@RefCount 7 ---- EOF - GMER 1.0.15 ----