GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-04-16 21:18:41 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD502HJ rev.1AJ10001 465,76GB Running: 7018g7ib.exe; Driver: C:\Users\Wojtek\AppData\Local\Temp\ufdiqpow.sys ---- User code sections - GMER 2.1 ---- .text E:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe[5264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e11465 2 bytes [E1, 76] .text E:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe[5264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e114bb 2 bytes [E1, 76] .text ... * 2 .text E:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.133\deploy\LoLLauncher.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e11465 2 bytes [E1, 76] .text E:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.133\deploy\LoLLauncher.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e114bb 2 bytes [E1, 76] .text ... * 2 .text E:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.0\deploy\LolClient.exe[2384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e11465 2 bytes [E1, 76] .text E:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.0\deploy\LolClient.exe[2384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e114bb 2 bytes [E1, 76] .text ... * 2 .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationFile 0000000077a8f9a0 5 bytes JMP 00000001729284c0 .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 0000000077a8fa38 5 bytes JMP 000000017295c400 .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 0000000077a8fbc8 5 bytes JMP 00000001729283f0 .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 0000000077a8fdec 5 bytes JMP 0000000172928550 .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077a90154 5 bytes JMP 000000017295c490 .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 0000000077a912cc 5 bytes JMP 00000001729286d0 .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[3144] C:\Windows\syswow64\kernel32.dll!CloseHandle 00000000757513d0 5 bytes JMP 00000001729282f0 .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[3144] C:\Windows\syswow64\kernel32.dll!CreateFileW 00000000757522fb 5 bytes JMP 00000001729281b0 .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[3144] C:\Windows\syswow64\kernel32.dll!CreateFileA 000000007575ca6e 5 bytes JMP 0000000172928070 .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e11465 2 bytes [E1, 76] .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e114bb 2 bytes [E1, 76] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [3144] entry point in ".rdata" section 0000000073de71e6 .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a8f941 7 bytes {MOV EDX, 0xd5ea28; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a8fb85 7 bytes {MOV EDX, 0xd5ea68; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a8fbb5 7 bytes {MOV EDX, 0xd5e9a8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a8fbcd 7 bytes {MOV EDX, 0xd5e928; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a8fbe5 7 bytes {MOV EDX, 0xd5eb28; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a8fc15 7 bytes {MOV EDX, 0xd5eb68; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a8fc95 7 bytes {MOV EDX, 0xd5eae8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a8fcad 7 bytes {MOV EDX, 0xd5eaa8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a8fcf9 7 bytes {MOV EDX, 0xd5e868; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a8fdf1 7 bytes {MOV EDX, 0xd5e8a8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a90049 7 bytes {MOV EDX, 0xd5e828; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a91055 7 bytes {MOV EDX, 0xd5e9e8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a910cd 7 bytes {MOV EDX, 0xd5e968; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a912d1 7 bytes {MOV EDX, 0xd5e8e8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[1300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e11465 2 bytes [E1, 76] .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[1300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e114bb 2 bytes [E1, 76] .text ... * 2 .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a8f941 7 bytes {MOV EDX, 0x129628; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a8fb85 7 bytes {MOV EDX, 0x129668; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a8fbb5 7 bytes {MOV EDX, 0x1295a8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a8fbcd 7 bytes {MOV EDX, 0x129528; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a8fbe5 7 bytes {MOV EDX, 0x129728; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a8fc15 7 bytes {MOV EDX, 0x129768; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a8fc95 7 bytes {MOV EDX, 0x1296e8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a8fcad 7 bytes {MOV EDX, 0x1296a8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a8fcf9 7 bytes {MOV EDX, 0x129468; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a8fdf1 7 bytes {MOV EDX, 0x1294a8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a90049 7 bytes {MOV EDX, 0x129428; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a91055 7 bytes {MOV EDX, 0x1295e8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a910cd 7 bytes {MOV EDX, 0x129568; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a912d1 7 bytes {MOV EDX, 0x1294e8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[5816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e11465 2 bytes [E1, 76] .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[5816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e114bb 2 bytes [E1, 76] .text ... * 2 .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[988] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a8f941 7 bytes {MOV EDX, 0x265228; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[988] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a8fb85 7 bytes {MOV EDX, 0x265268; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[988] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a8fbb5 7 bytes {MOV EDX, 0x2651a8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[988] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a8fbcd 7 bytes {MOV EDX, 0x265128; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[988] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a8fbe5 7 bytes {MOV EDX, 0x265328; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[988] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a8fc15 7 bytes {MOV EDX, 0x265368; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[988] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a8fc95 7 bytes {MOV EDX, 0x2652e8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[988] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a8fcad 7 bytes {MOV EDX, 0x2652a8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[988] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a8fcf9 7 bytes {MOV EDX, 0x265068; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[988] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a8fdf1 7 bytes {MOV EDX, 0x2650a8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[988] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a90049 7 bytes {MOV EDX, 0x265028; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[988] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a91055 7 bytes {MOV EDX, 0x2651e8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[988] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a910cd 7 bytes {MOV EDX, 0x265168; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[988] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a912d1 7 bytes {MOV EDX, 0x2650e8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e11465 2 bytes [E1, 76] .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e114bb 2 bytes [E1, 76] .text ... * 2 .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a8f941 7 bytes {MOV EDX, 0x150228; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a8fb85 7 bytes {MOV EDX, 0x150268; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a8fbb5 7 bytes {MOV EDX, 0x1501a8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a8fbcd 7 bytes {MOV EDX, 0x150128; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a8fbe5 7 bytes {MOV EDX, 0x150328; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a8fc15 7 bytes {MOV EDX, 0x150368; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a8fc95 7 bytes {MOV EDX, 0x1502e8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a8fcad 7 bytes {MOV EDX, 0x1502a8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a8fcf9 7 bytes {MOV EDX, 0x150068; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a8fdf1 7 bytes {MOV EDX, 0x1500a8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a90049 7 bytes {MOV EDX, 0x150028; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a91055 7 bytes {MOV EDX, 0x1501e8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a910cd 7 bytes {MOV EDX, 0x150168; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a912d1 7 bytes {MOV EDX, 0x1500e8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[4120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e11465 2 bytes [E1, 76] .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[4120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e114bb 2 bytes [E1, 76] .text ... * 2 .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[6052] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a8f941 7 bytes {MOV EDX, 0x1e8628; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[6052] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a8fb85 7 bytes {MOV EDX, 0x1e8668; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[6052] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a8fbb5 7 bytes {MOV EDX, 0x1e85a8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[6052] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a8fbcd 7 bytes {MOV EDX, 0x1e8528; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[6052] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a8fbe5 7 bytes {MOV EDX, 0x1e8728; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[6052] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a8fc15 7 bytes {MOV EDX, 0x1e8768; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[6052] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a8fc95 7 bytes {MOV EDX, 0x1e86e8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[6052] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a8fcad 7 bytes {MOV EDX, 0x1e86a8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[6052] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a8fcf9 7 bytes {MOV EDX, 0x1e8468; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[6052] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a8fdf1 7 bytes {MOV EDX, 0x1e84a8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[6052] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a90049 7 bytes {MOV EDX, 0x1e8428; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[6052] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a91055 7 bytes {MOV EDX, 0x1e85e8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[6052] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a910cd 7 bytes {MOV EDX, 0x1e8568; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[6052] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a912d1 7 bytes {MOV EDX, 0x1e84e8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e11465 2 bytes [E1, 76] .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e114bb 2 bytes [E1, 76] .text ... * 2 .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a8f941 7 bytes {MOV EDX, 0x35c628; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a8fb85 7 bytes {MOV EDX, 0x35c668; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a8fbb5 7 bytes {MOV EDX, 0x35c5a8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a8fbcd 7 bytes {MOV EDX, 0x35c528; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a8fbe5 7 bytes {MOV EDX, 0x35c728; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a8fc15 7 bytes {MOV EDX, 0x35c768; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a8fc95 7 bytes {MOV EDX, 0x35c6e8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a8fcad 7 bytes {MOV EDX, 0x35c6a8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a8fcf9 7 bytes {MOV EDX, 0x35c468; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a8fdf1 7 bytes {MOV EDX, 0x35c4a8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a90049 7 bytes {MOV EDX, 0x35c428; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a91055 7 bytes {MOV EDX, 0x35c5e8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a910cd 7 bytes {MOV EDX, 0x35c568; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a912d1 7 bytes {MOV EDX, 0x35c4e8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[5372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e11465 2 bytes [E1, 76] .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[5372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e114bb 2 bytes [E1, 76] .text ... * 2 .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a8f941 7 bytes {MOV EDX, 0xd37228; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a8fb85 7 bytes {MOV EDX, 0xd37268; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a8fbb5 7 bytes {MOV EDX, 0xd371a8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a8fbcd 7 bytes {MOV EDX, 0xd37128; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a8fbe5 7 bytes {MOV EDX, 0xd37328; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a8fc15 7 bytes {MOV EDX, 0xd37368; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a8fc95 7 bytes {MOV EDX, 0xd372e8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a8fcad 7 bytes {MOV EDX, 0xd372a8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a8fcf9 7 bytes {MOV EDX, 0xd37068; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a8fdf1 7 bytes {MOV EDX, 0xd370a8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a90049 7 bytes {MOV EDX, 0xd37028; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a91055 7 bytes {MOV EDX, 0xd371e8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a910cd 7 bytes {MOV EDX, 0xd37168; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a912d1 7 bytes {MOV EDX, 0xd370e8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[3412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e11465 2 bytes [E1, 76] .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[3412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e114bb 2 bytes [E1, 76] .text ... * 2 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3580] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 000000007575d03c 5 bytes [33, C0, C2, 04, 00] .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e11465 2 bytes [E1, 76] .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e114bb 2 bytes [E1, 76] .text ... * 2 .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a8f941 7 bytes {MOV EDX, 0x826a28; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a8fb85 7 bytes {MOV EDX, 0x826a68; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a8fbb5 7 bytes {MOV EDX, 0x8269a8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a8fbcd 7 bytes {MOV EDX, 0x826928; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a8fbe5 7 bytes {MOV EDX, 0x826b28; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a8fc15 7 bytes {MOV EDX, 0x826b68; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a8fc95 7 bytes {MOV EDX, 0x826ae8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a8fcad 7 bytes {MOV EDX, 0x826aa8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a8fcf9 7 bytes {MOV EDX, 0x826868; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a8fdf1 7 bytes {MOV EDX, 0x8268a8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a90049 7 bytes {MOV EDX, 0x826828; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a91055 7 bytes {MOV EDX, 0x8269e8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a910cd 7 bytes {MOV EDX, 0x826968; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a912d1 7 bytes {MOV EDX, 0x8268e8; JMP RDX} .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[4564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e11465 2 bytes [E1, 76] .text C:\Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe[4564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e114bb 2 bytes [E1, 76] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Program Files\EslWire\service\WireHelperSvc.exe [1924:1988] 0000000073742ffc Thread C:\Program Files\EslWire\service\WireHelperSvc.exe [1924:1992] 0000000180001b1d Thread C:\Program Files\EslWire\service\WireHelperSvc.exe [1924:1996] 0000000073742ffc Thread C:\Windows\System32\svchost.exe [3164:3632] 000007feee89fd00 Thread C:\Windows\System32\svchost.exe [3164:5756] 000007fef8d99874 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3308:5052] 000007fefc282a88 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3308:5060] 000007fee92ec0b0 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3308:2800] 000007fef8d95124 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x84 0xDB 0x70 0x3E ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x28 0xC1 0x8A 0x4B ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x66 0x61 0xB4 0x81 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2F 0x63 0x07 0x5D ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x23 0xE4 0x74 0x60 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFB 0x14 0xC1 0x4C ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x84 0xDB 0x70 0x3E ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x28 0xC1 0x8A 0x4B ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x66 0x61 0xB4 0x81 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2F 0x63 0x07 0x5D ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x23 0xE4 0x74 0x60 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFB 0x14 0xC1 0x4C ... ---- Files - GMER 2.1 ---- File C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\575.tmp 150798 bytes File C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\585.tmp 0 bytes File C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\586.tmp 150798 bytes File C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\587.tmp 150798 bytes File C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\588.tmp 150798 bytes File C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\589.tmp 150798 bytes File C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\58A.tmp 150798 bytes File C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\59B.tmp 150798 bytes File C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\59C.tmp 150798 bytes File C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\59D.tmp 150798 bytes File C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\59E.tmp 150798 bytes File C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\59F.tmp 150798 bytes File C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\5A0.tmp 150798 bytes File C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\5B1.tmp 150798 bytes File C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\5B2.tmp 150798 bytes File C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\5B3.tmp 150798 bytes File C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\5B4.tmp 150798 bytes File C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\5B5.tmp 150798 bytes File C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\5B6.tmp 0 bytes ---- EOF - GMER 2.1 ----