GMER 2.0.18444 - http://www.gmer.net Rootkit scan 2013-01-19 17:10:19 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000060 Hitachi_ rev.ES2O 298,09GB Running: xtuxzwzh.exe; Driver: C:\Users\Sylwia\AppData\Local\Temp\pwdcrpob.sys ---- User code sections - GMER 2.0 ---- .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b11401 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1972] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b11419 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b11431 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b1144a 2 bytes [B1, 77] .text ... * 9 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1972] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b114dd 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b114f5 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1972] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b1150d 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b11525 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b1153d 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1972] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b11555 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b1156d 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b11585 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1972] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b1159d 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b115b5 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b115cd 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b116b2 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b116bd 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b5f991 7 bytes {MOV EDX, 0xa4de28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b5fbd5 7 bytes {MOV EDX, 0xa4de68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b5fc05 7 bytes {MOV EDX, 0xa4dda8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b5fc1d 7 bytes {MOV EDX, 0xa4dd28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b5fc35 7 bytes {MOV EDX, 0xa4df28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b5fc65 7 bytes {MOV EDX, 0xa4df68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b5fce5 7 bytes {MOV EDX, 0xa4dee8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b5fcfd 7 bytes {MOV EDX, 0xa4dea8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b5fd49 7 bytes {MOV EDX, 0xa4dc68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b5fe41 7 bytes {MOV EDX, 0xa4dca8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b60099 7 bytes {MOV EDX, 0xa4dc28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b610a5 7 bytes {MOV EDX, 0xa4dde8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b6111d 7 bytes {MOV EDX, 0xa4dd68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b61321 7 bytes {MOV EDX, 0xa4dce8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b11401 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b11419 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b11431 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b1144a 2 bytes [B1, 77] .text ... * 9 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b114dd 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b114f5 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b1150d 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b11525 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b1153d 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b11555 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b1156d 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b11585 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b1159d 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b115b5 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b115cd 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b116b2 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b116bd 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b5f991 7 bytes {MOV EDX, 0x8a6a28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b5fbd5 7 bytes {MOV EDX, 0x8a6a68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b5fc05 7 bytes {MOV EDX, 0x8a69a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b5fc1d 7 bytes {MOV EDX, 0x8a6928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b5fc35 7 bytes {MOV EDX, 0x8a6b28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b5fc65 7 bytes {MOV EDX, 0x8a6b68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b5fce5 7 bytes {MOV EDX, 0x8a6ae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b5fcfd 7 bytes {MOV EDX, 0x8a6aa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b5fd49 7 bytes {MOV EDX, 0x8a6868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b5fe41 7 bytes {MOV EDX, 0x8a68a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b60099 7 bytes {MOV EDX, 0x8a6828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b610a5 7 bytes {MOV EDX, 0x8a69e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b6111d 7 bytes {MOV EDX, 0x8a6968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b61321 7 bytes {MOV EDX, 0x8a68e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b11401 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b11419 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b11431 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b1144a 2 bytes [B1, 77] .text ... * 9 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b114dd 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b114f5 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b1150d 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b11525 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b1153d 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b11555 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b1156d 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b11585 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b1159d 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b115b5 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b115cd 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b116b2 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b116bd 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b5f991 7 bytes {MOV EDX, 0x681228; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b5fbd5 7 bytes {MOV EDX, 0x681268; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b5fc05 7 bytes {MOV EDX, 0x6811a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b5fc1d 7 bytes {MOV EDX, 0x681128; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b5fc35 7 bytes {MOV EDX, 0x681328; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b5fc65 7 bytes {MOV EDX, 0x681368; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b5fce5 7 bytes {MOV EDX, 0x6812e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b5fcfd 7 bytes {MOV EDX, 0x6812a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b5fd49 7 bytes {MOV EDX, 0x681068; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b5fe41 7 bytes {MOV EDX, 0x6810a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b60099 7 bytes {MOV EDX, 0x681028; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b610a5 7 bytes {MOV EDX, 0x6811e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b6111d 7 bytes {MOV EDX, 0x681168; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b61321 7 bytes {MOV EDX, 0x6810e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b11401 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b11419 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b11431 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b1144a 2 bytes [B1, 77] .text ... * 9 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b114dd 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b114f5 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b1150d 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b11525 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b1153d 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b11555 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b1156d 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b11585 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b1159d 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b115b5 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b115cd 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b116b2 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b116bd 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1340] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b5f991 7 bytes {MOV EDX, 0x21c228; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1340] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b5fbd5 7 bytes {MOV EDX, 0x21c268; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1340] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b5fc05 7 bytes {MOV EDX, 0x21c1a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1340] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b5fc1d 7 bytes {MOV EDX, 0x21c128; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1340] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b5fc35 7 bytes {MOV EDX, 0x21c328; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1340] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b5fc65 7 bytes {MOV EDX, 0x21c368; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1340] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b5fce5 7 bytes {MOV EDX, 0x21c2e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1340] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b5fcfd 7 bytes {MOV EDX, 0x21c2a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1340] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b5fd49 7 bytes {MOV EDX, 0x21c068; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1340] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b5fe41 7 bytes {MOV EDX, 0x21c0a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1340] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b60099 7 bytes {MOV EDX, 0x21c028; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1340] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b610a5 7 bytes {MOV EDX, 0x21c1e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1340] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b6111d 7 bytes {MOV EDX, 0x21c168; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1340] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b61321 7 bytes {MOV EDX, 0x21c0e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b11401 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1340] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b11419 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b11431 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b1144a 2 bytes [B1, 77] .text ... * 9 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1340] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b114dd 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b114f5 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b1150d 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b11525 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b1153d 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1340] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b11555 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1340] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b1156d 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1340] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b11585 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b1159d 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b115b5 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b115cd 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b116b2 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b116bd 2 bytes [B1, 77] .text C:\Users\Sylwia\Desktop\OTL.exe[1528] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExW + 17 0000000077b11401 2 bytes [B1, 77] .text C:\Users\Sylwia\Desktop\OTL.exe[1528] C:\Windows\syswow64\PSAPI.dll!EnumProcessModules + 17 0000000077b11419 2 bytes [B1, 77] .text C:\Users\Sylwia\Desktop\OTL.exe[1528] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 17 0000000077b11431 2 bytes [B1, 77] .text C:\Users\Sylwia\Desktop\OTL.exe[1528] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 42 0000000077b1144a 2 bytes [B1, 77] .text ... * 9 .text C:\Users\Sylwia\Desktop\OTL.exe[1528] C:\Windows\syswow64\PSAPI.dll!EnumDeviceDrivers + 17 0000000077b114dd 2 bytes [B1, 77] .text C:\Users\Sylwia\Desktop\OTL.exe[1528] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameA + 17 0000000077b114f5 2 bytes [B1, 77] .text C:\Users\Sylwia\Desktop\OTL.exe[1528] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSetEx + 17 0000000077b1150d 2 bytes [B1, 77] .text C:\Users\Sylwia\Desktop\OTL.exe[1528] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameW + 17 0000000077b11525 2 bytes [B1, 77] .text C:\Users\Sylwia\Desktop\OTL.exe[1528] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameW + 17 0000000077b1153d 2 bytes [B1, 77] .text C:\Users\Sylwia\Desktop\OTL.exe[1528] C:\Windows\syswow64\PSAPI.dll!EnumProcesses + 17 0000000077b11555 2 bytes [B1, 77] .text C:\Users\Sylwia\Desktop\OTL.exe[1528] C:\Windows\syswow64\PSAPI.dll!GetProcessMemoryInfo + 17 0000000077b1156d 2 bytes [B1, 77] .text C:\Users\Sylwia\Desktop\OTL.exe[1528] C:\Windows\syswow64\PSAPI.dll!GetPerformanceInfo + 17 0000000077b11585 2 bytes [B1, 77] .text C:\Users\Sylwia\Desktop\OTL.exe[1528] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSet + 17 0000000077b1159d 2 bytes [B1, 77] .text C:\Users\Sylwia\Desktop\OTL.exe[1528] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameA + 17 0000000077b115b5 2 bytes [B1, 77] .text C:\Users\Sylwia\Desktop\OTL.exe[1528] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExA + 17 0000000077b115cd 2 bytes [B1, 77] .text C:\Users\Sylwia\Desktop\OTL.exe[1528] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 20 0000000077b116b2 2 bytes [B1, 77] .text C:\Users\Sylwia\Desktop\OTL.exe[1528] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 31 0000000077b116bd 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1116] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b5f991 7 bytes {MOV EDX, 0x1ebe28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1116] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b5fbd5 7 bytes {MOV EDX, 0x1ebe68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1116] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b5fc05 7 bytes {MOV EDX, 0x1ebda8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1116] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b5fc1d 7 bytes {MOV EDX, 0x1ebd28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1116] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b5fc35 7 bytes {MOV EDX, 0x1ebf28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1116] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b5fc65 7 bytes {MOV EDX, 0x1ebf68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1116] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b5fce5 7 bytes {MOV EDX, 0x1ebee8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1116] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b5fcfd 7 bytes {MOV EDX, 0x1ebea8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1116] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b5fd49 7 bytes {MOV EDX, 0x1ebc68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1116] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b5fe41 7 bytes {MOV EDX, 0x1ebca8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1116] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b60099 7 bytes {MOV EDX, 0x1ebc28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1116] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b610a5 7 bytes {MOV EDX, 0x1ebde8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1116] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b6111d 7 bytes {MOV EDX, 0x1ebd68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1116] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b61321 7 bytes {MOV EDX, 0x1ebce8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b11401 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1116] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b11419 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b11431 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b1144a 2 bytes [B1, 77] .text ... * 9 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1116] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b114dd 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b114f5 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1116] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b1150d 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b11525 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b1153d 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1116] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b11555 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b1156d 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b11585 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1116] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b1159d 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b115b5 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b115cd 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b116b2 2 bytes [B1, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b116bd 2 bytes [B1, 77] ---- Threads - GMER 2.0 ---- Thread C:\Windows\System32\svchost.exe [1224:1876] 000007fef95c9688 ---- Processes - GMER 2.0 ---- Library ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [1224] 000007fefd850000 ---- EOF - GMER 2.0 ----