GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2013-01-24 02:21:42 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 Running: gmer.exe; Driver: C:\Users\ja\AppData\Local\Temp\pxldypoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8BF0C4BA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x91D1EC22] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8BF0CED6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8BF17FA8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8BF17FF4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8BF18176] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8BF17F16] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x91D1EFA6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8BF17F5E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8BF0D11C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x8BF0D2F4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8BF18130] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8BF0D93E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8BF0C508] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x91D1ECEA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x91D1D3EC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8BF0C556] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8BF11534] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8BF0E3A6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8BF17FD2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8BF18016] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8BF1819A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8BF17F3C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8BF180BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8BF17F86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8BF18154] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x91D1EE4A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8BF0E272] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x8BF0DF86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8BF0C5A4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8BF0C5F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x8BF0D7BE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8BF0C1FA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8BF0C3AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8BF0C350] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8BF0DAF8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x8BF0DC54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8BF0C41A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x91D1EEFE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x8BF0D636] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x91D1D41C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8BF0C640] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x91D1ED96] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x91D37E56] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ZwSaveKey + 13CD 8284F9C9 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8286F512 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 1393 82876760 4 Bytes [BA, C4, F0, 8B] .text ntoskrnl.exe!KeRemoveQueueEx + 13BB 82876788 4 Bytes [22, EC, D1, 91] .text ntoskrnl.exe!KeRemoveQueueEx + 141B 828767E8 4 Bytes [D6, CE, F0, 8B] .text ntoskrnl.exe!KeRemoveQueueEx + 146F 8287683C 8 Bytes [A8, 7F, F1, 8B, F4, 7F, F1, ...] .text ntoskrnl.exe!KeRemoveQueueEx + 147B 82876848 4 Bytes [76, 81, F1, 8B] .text ... PAGE ntoskrnl.exe!ObMakeTemporaryObject 829FD3A3 5 Bytes JMP 91D34CF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!RtlCompareUnicodeStrings + 50C 82A248B4 5 Bytes JMP 91D36828 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 108 82A2B00D 4 Bytes CALL 8BF0EA8D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 122 82A67BAC 4 Bytes CALL 8BF0EAA3 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntoskrnl.exe!ZwCreateProcessEx 82AED6C6 7 Bytes JMP 91D37E5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x93409340, 0x3E9407, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\csrss.exe[408] kernel32.dll!GetBinaryTypeW + 70 772C4F63 1 Byte [62] .text C:\Windows\system32\wininit.exe[460] kernel32.dll!GetBinaryTypeW + 70 772C4F63 1 Byte [62] .text C:\Windows\system32\csrss.exe[472] kernel32.dll!GetBinaryTypeW + 70 772C4F63 1 Byte [62] .text C:\Windows\system32\services.exe[508] kernel32.dll!GetBinaryTypeW + 70 772C4F63 1 Byte [62] .text C:\Windows\system32\lsass.exe[524] kernel32.dll!GetBinaryTypeW + 70 772C4F63 1 Byte [62] .text ... .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1368] kernel32.dll!SetUnhandledExceptionFilter 772B3D01 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1368] kernel32.dll!GetBinaryTypeW + 70 772C4F63 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1444] kernel32.dll!GetBinaryTypeW + 70 772C4F63 1 Byte [62] .text C:\Windows\system32\svchost.exe[1508] kernel32.dll!GetBinaryTypeW + 70 772C4F63 1 Byte [62] .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1596] kernel32.dll!GetBinaryTypeW + 70 772C4F63 1 Byte [62] .text C:\Windows\system32\agrsmsvc.exe[1628] kernel32.dll!GetBinaryTypeW + 70 772C4F63 1 Byte [62] .text ... .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtCreateFile + 6 778755CE 4 Bytes [28, 70, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtCreateFile + B 778755D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtMapViewOfSection + 6 77875C2E 4 Bytes [28, 73, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtMapViewOfSection + B 77875C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenFile + 6 77875CDE 4 Bytes [68, 70, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenFile + B 77875CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenProcess + 6 77875D8E 4 Bytes [A8, 71, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenProcess + B 77875D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenProcessToken + 6 77875D9E 4 Bytes CALL 76882514 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenProcessToken + B 77875DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenProcessTokenEx + 6 77875DAE 4 Bytes [A8, 72, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenProcessTokenEx + B 77875DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenThread + 6 77875E0E 4 Bytes [68, 71, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenThread + B 77875E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenThreadToken + 6 77875E1E 4 Bytes [68, 72, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenThreadToken + B 77875E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenThreadTokenEx + 6 77875E2E 4 Bytes CALL 768825A5 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenThreadTokenEx + B 77875E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtQueryAttributesFile + 6 77875F3E 4 Bytes [A8, 70, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtQueryAttributesFile + B 77875F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtQueryFullAttributesFile + 6 77875FEE 4 Bytes CALL 76882763 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtQueryFullAttributesFile + B 77875FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtSetInformationFile + 6 7787663E 4 Bytes [28, 71, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtSetInformationFile + B 77876643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtSetInformationThread + 6 7787669E 4 Bytes [28, 72, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtSetInformationThread + B 778766A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtUnmapViewOfSection + 6 778769BE 4 Bytes [68, 73, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtUnmapViewOfSection + B 778769C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!LdrUnloadDll 7788C8DE 5 Bytes JMP 00E403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!LdrLoadDll 778922B8 5 Bytes JMP 00E401F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] KERNEL32.dll!GetBinaryTypeW + 70 772C4F63 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 00E50A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 00E503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 00E50804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 00E501F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 00E50600 .text C:\Windows\system32\wbem\wmiprvse.exe[2576] kernel32.dll!GetBinaryTypeW + 70 772C4F63 1 Byte [62] .text D:\Programy\Tlen\tlen.exe[3020] kernel32.dll!GetBinaryTypeW + 70 772C4F63 1 Byte [62] .text C:\Windows\system32\ctfmon.exe[3096] kernel32.dll!GetBinaryTypeW + 70 772C4F63 1 Byte [62] .text C:\Windows\system32\svchost.exe[3372] kernel32.dll!GetBinaryTypeW + 70 772C4F63 1 Byte [62] .text C:\Windows\system32\AUDIODG.EXE[3608] kernel32.dll!GetBinaryTypeW + 70 772C4F63 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!LdrUnloadDll 7788C8DE 5 Bytes JMP 001E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!LdrLoadDll 778922B8 5 Bytes JMP 001E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] KERNEL32.dll!GetBinaryTypeW + 70 772C4F63 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 001F03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 001F0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 001F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 001F0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtCreateFile + 6 778755CE 4 Bytes [28, E4, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtCreateFile + B 778755D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtMapViewOfSection + 6 77875C2E 4 Bytes [28, E7, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtMapViewOfSection + B 77875C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtOpenFile + 6 77875CDE 4 Bytes [68, E4, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtOpenFile + B 77875CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtOpenProcess + 6 77875D8E 4 Bytes [A8, E5, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtOpenProcess + B 77875D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtOpenProcessToken + B 77875DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtOpenProcessTokenEx + 6 77875DAE 4 Bytes [A8, E6, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtOpenProcessTokenEx + B 77875DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtOpenThread + 6 77875E0E 4 Bytes [68, E5, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtOpenThread + B 77875E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtOpenThreadToken + 6 77875E1E 4 Bytes [68, E6, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtOpenThreadToken + B 77875E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtOpenThreadTokenEx + B 77875E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtQueryAttributesFile + 6 77875F3E 4 Bytes [A8, E4, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtQueryAttributesFile + B 77875F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtQueryFullAttributesFile + B 77875FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtSetInformationFile + 6 7787663E 4 Bytes [28, E5, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtSetInformationFile + B 77876643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtSetInformationThread + 6 7787669E 4 Bytes [28, E6, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtSetInformationThread + B 778766A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtUnmapViewOfSection + 6 778769BE 4 Bytes [68, E7, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtUnmapViewOfSection + B 778769C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!LdrUnloadDll 7788C8DE 5 Bytes JMP 009C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!LdrLoadDll 778922B8 5 Bytes JMP 009C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3868] KERNEL32.dll!GetBinaryTypeW + 70 772C4F63 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3868] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 009D0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3868] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 009D03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3868] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 009D0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3868] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 009D01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3868] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 009D0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtCreateFile + 6 778755CE 4 Bytes [28, EC, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtCreateFile + B 778755D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtMapViewOfSection + 6 77875C2E 4 Bytes [28, EF, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtMapViewOfSection + B 77875C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenFile + 6 77875CDE 4 Bytes [68, EC, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenFile + B 77875CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcess + 6 77875D8E 4 Bytes [A8, ED, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcess + B 77875D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcessToken + B 77875DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcessTokenEx + 6 77875DAE 4 Bytes [A8, EE, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcessTokenEx + B 77875DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThread + 6 77875E0E 4 Bytes [68, ED, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThread + B 77875E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThreadToken + 6 77875E1E 4 Bytes [68, EE, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThreadToken + B 77875E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThreadTokenEx + B 77875E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryAttributesFile + 6 77875F3E 4 Bytes [A8, EC, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryAttributesFile + B 77875F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryFullAttributesFile + B 77875FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationFile + 6 7787663E 4 Bytes [28, ED, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationFile + B 77876643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationThread + 6 7787669E 4 Bytes [28, EE, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationThread + B 778766A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtUnmapViewOfSection + 6 778769BE 4 Bytes [68, EF, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtUnmapViewOfSection + B 778769C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!LdrUnloadDll 7788C8DE 5 Bytes JMP 007E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!LdrLoadDll 778922B8 5 Bytes JMP 007E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] KERNEL32.dll!GetBinaryTypeW + 70 772C4F63 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 007F0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 007F03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 007F0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 007F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 007F0600 .text C:\Users\ja\Desktop\Pobrane\gm\gmer.exe[4048] kernel32.dll!GetBinaryTypeW + 70 772C4F63 1 Byte [62] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\rundll32.exe[1324] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7516FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[1324] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7516FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[1324] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7516FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[1324] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7516FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1368] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [710AF6D0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2116] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [710AF6D0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Windows\System32\rundll32.exe[2136] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7516FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Windows\System32\rundll32.exe[2136] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7516FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Windows\System32\rundll32.exe[2136] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7516FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Windows\System32\rundll32.exe[2136] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7516FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \Driver\ACPI_HAL \Device\00000043 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- EOF - GMER 1.0.15 ----