GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-12-28 12:58:28 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HM500LI rev.2TF00_00 465,76GB Running: m57g1hli.exe; Driver: C:\Users\Mateusz\AppData\Local\Temp\pwriifow.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82A40A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A7A212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 2.1 ---- ÒuÛŠëÔÿÿÿÿwinlogonentry point in "ÒuÛŠëÔÿÿÿÿwinlogonentry point in "" section [0x0042F4A6] C:\Users\Mateusz\AppData\Local\winlogon.exe[2552] C:\Users\Mateusz\AppData\Local\winlogon.exe entry point in "ÒuÛŠëÔÿÿÿÿwinlogonentry point in "" section [0x0042F4A6] ÒuÛŠëÔÿÿÿÿwinlogonunknown last code section [0x00425000, 0x19000, 0xC00000E0] C:\Users\Mateusz\AppData\Local\winlogon.exe[2552] C:\Users\Mateusz\AppData\Local\winlogon.exe unknown last code section [0x00425000, 0x19000, 0xC00000E0] ÒuÛŠëÔÿÿÿÿservicesentry point in "ÒuÛŠëÔÿÿÿÿservicesentry point in "" section [0x0042F4A6] C:\Users\Mateusz\AppData\Local\services.exe[3004] C:\Users\Mateusz\AppData\Local\services.exe entry point in "ÒuÛŠëÔÿÿÿÿservicesentry point in "" section [0x0042F4A6] ÒuÛŠëÔÿÿÿÿservicesunknown last code section [0x00425000, 0x19000, 0xC00000E0] C:\Users\Mateusz\AppData\Local\services.exe[3004] C:\Users\Mateusz\AppData\Local\services.exe unknown last code section [0x00425000, 0x19000, 0xC00000E0] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ntdll.dll!NtCreateFile + 6 76EE560E 4 Bytes [28, 24, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ntdll.dll!NtCreateFile + B 76EE5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ntdll.dll!NtMapViewOfSection + 6 76EE5C6E 4 Bytes [28, 27, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ntdll.dll!NtMapViewOfSection + B 76EE5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ntdll.dll!NtOpenFile + 6 76EE5D1E 4 Bytes [68, 24, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ntdll.dll!NtOpenFile + B 76EE5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ntdll.dll!NtOpenProcess + 6 76EE5DCE 4 Bytes [A8, 25, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ntdll.dll!NtOpenProcess + B 76EE5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ntdll.dll!NtOpenProcessToken + 6 76EE5DDE 4 Bytes CALL 75EE8308 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ntdll.dll!NtOpenProcessToken + B 76EE5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ntdll.dll!NtOpenProcessTokenEx + 6 76EE5DEE 4 Bytes [A8, 26, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ntdll.dll!NtOpenProcessTokenEx + B 76EE5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ntdll.dll!NtOpenThread + 6 76EE5E4E 4 Bytes [68, 25, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ntdll.dll!NtOpenThread + B 76EE5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ntdll.dll!NtOpenThreadToken + 6 76EE5E5E 4 Bytes [68, 26, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ntdll.dll!NtOpenThreadToken + B 76EE5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ntdll.dll!NtOpenThreadTokenEx + 6 76EE5E6E 4 Bytes CALL 75EE8399 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ntdll.dll!NtOpenThreadTokenEx + B 76EE5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ntdll.dll!NtQueryAttributesFile + 6 76EE5F7E 4 Bytes [A8, 24, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ntdll.dll!NtQueryAttributesFile + B 76EE5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ntdll.dll!NtQueryFullAttributesFile + 6 76EE602E 4 Bytes CALL 75EE8557 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ntdll.dll!NtQueryFullAttributesFile + B 76EE6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ntdll.dll!NtSetInformationFile + 6 76EE667E 4 Bytes [28, 25, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ntdll.dll!NtSetInformationFile + B 76EE6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ntdll.dll!NtSetInformationThread + 6 76EE66DE 4 Bytes [28, 26, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ntdll.dll!NtSetInformationThread + B 76EE66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ntdll.dll!NtUnmapViewOfSection + 6 76EE69FE 4 Bytes [68, 27, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ntdll.dll!NtUnmapViewOfSection + B 76EE6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtCreateFile + 6 76EE560E 4 Bytes [28, 5C, 40, 00] {SUB [EAX+EAX*2+0x0], BL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtCreateFile + B 76EE5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtMapViewOfSection + 6 76EE5C6E 4 Bytes [28, 5F, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtMapViewOfSection + B 76EE5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtOpenFile + 6 76EE5D1E 4 Bytes [68, 5C, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtOpenFile + B 76EE5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtOpenProcess + 6 76EE5DCE 4 Bytes [A8, 5D, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtOpenProcess + B 76EE5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtOpenProcessToken + 6 76EE5DDE 4 Bytes CALL 75EE9E40 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtOpenProcessToken + B 76EE5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtOpenProcessTokenEx + 6 76EE5DEE 4 Bytes [A8, 5E, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtOpenProcessTokenEx + B 76EE5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtOpenThread + 6 76EE5E4E 4 Bytes [68, 5D, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtOpenThread + B 76EE5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtOpenThreadToken + 6 76EE5E5E 4 Bytes [68, 5E, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtOpenThreadToken + B 76EE5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtOpenThreadTokenEx + 6 76EE5E6E 4 Bytes CALL 75EE9ED1 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtOpenThreadTokenEx + B 76EE5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtQueryAttributesFile + 6 76EE5F7E 4 Bytes [A8, 5C, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtQueryAttributesFile + B 76EE5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtQueryFullAttributesFile + 6 76EE602E 4 Bytes CALL 75EEA08F C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtQueryFullAttributesFile + B 76EE6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtSetInformationFile + 6 76EE667E 4 Bytes [28, 5D, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtSetInformationFile + B 76EE6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtSetInformationThread + 6 76EE66DE 4 Bytes [28, 5E, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtSetInformationThread + B 76EE66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtUnmapViewOfSection + 6 76EE69FE 4 Bytes [68, 5F, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtUnmapViewOfSection + B 76EE6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5484] ntdll.dll!NtCreateFile + 6 76EE560E 4 Bytes [28, C8, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5484] ntdll.dll!NtCreateFile + B 76EE5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5484] ntdll.dll!NtMapViewOfSection + 6 76EE5C6E 4 Bytes [28, CB, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5484] ntdll.dll!NtMapViewOfSection + B 76EE5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5484] ntdll.dll!NtOpenFile + 6 76EE5D1E 4 Bytes [68, C8, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5484] ntdll.dll!NtOpenFile + B 76EE5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5484] ntdll.dll!NtOpenProcess + 6 76EE5DCE 4 Bytes [A8, C9, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5484] ntdll.dll!NtOpenProcess + B 76EE5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5484] ntdll.dll!NtOpenProcessToken + 6 76EE5DDE 4 Bytes CALL 75EE84AC C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5484] ntdll.dll!NtOpenProcessToken + B 76EE5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5484] ntdll.dll!NtOpenProcessTokenEx + 6 76EE5DEE 4 Bytes [A8, CA, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5484] ntdll.dll!NtOpenProcessTokenEx + B 76EE5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5484] ntdll.dll!NtOpenThread + 6 76EE5E4E 4 Bytes [68, C9, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5484] ntdll.dll!NtOpenThread + B 76EE5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5484] ntdll.dll!NtOpenThreadToken + 6 76EE5E5E 4 Bytes [68, CA, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5484] ntdll.dll!NtOpenThreadToken + B 76EE5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5484] ntdll.dll!NtOpenThreadTokenEx + 6 76EE5E6E 4 Bytes CALL 75EE853D C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5484] ntdll.dll!NtOpenThreadTokenEx + B 76EE5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5484] ntdll.dll!NtQueryAttributesFile + 6 76EE5F7E 4 Bytes [A8, C8, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5484] ntdll.dll!NtQueryAttributesFile + B 76EE5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5484] ntdll.dll!NtQueryFullAttributesFile + 6 76EE602E 4 Bytes CALL 75EE86FB C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5484] ntdll.dll!NtQueryFullAttributesFile + B 76EE6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5484] ntdll.dll!NtSetInformationFile + 6 76EE667E 4 Bytes [28, C9, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5484] ntdll.dll!NtSetInformationFile + B 76EE6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5484] ntdll.dll!NtSetInformationThread + 6 76EE66DE 4 Bytes [28, CA, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5484] ntdll.dll!NtSetInformationThread + B 76EE66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5484] ntdll.dll!NtUnmapViewOfSection + 6 76EE69FE 4 Bytes [68, CB, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5484] ntdll.dll!NtUnmapViewOfSection + B 76EE6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtCreateFile + 6 76EE560E 4 Bytes [28, 9C, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtCreateFile + B 76EE5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtMapViewOfSection + 6 76EE5C6E 4 Bytes [28, 9F, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtMapViewOfSection + B 76EE5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtOpenFile + 6 76EE5D1E 4 Bytes [68, 9C, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtOpenFile + B 76EE5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtOpenProcess + 6 76EE5DCE 4 Bytes [A8, 9D, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtOpenProcess + B 76EE5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtOpenProcessToken + 6 76EE5DDE 4 Bytes CALL 75EEB980 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtOpenProcessToken + B 76EE5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtOpenProcessTokenEx + 6 76EE5DEE 4 Bytes [A8, 9E, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtOpenProcessTokenEx + B 76EE5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtOpenThread + 6 76EE5E4E 4 Bytes [68, 9D, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtOpenThread + B 76EE5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtOpenThreadToken + 6 76EE5E5E 4 Bytes [68, 9E, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtOpenThreadToken + B 76EE5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtOpenThreadTokenEx + 6 76EE5E6E 4 Bytes CALL 75EEBA11 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtOpenThreadTokenEx + B 76EE5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtQueryAttributesFile + 6 76EE5F7E 4 Bytes [A8, 9C, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtQueryAttributesFile + B 76EE5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtQueryFullAttributesFile + 6 76EE602E 4 Bytes CALL 75EEBBCF C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtQueryFullAttributesFile + B 76EE6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtSetInformationFile + 6 76EE667E 4 Bytes [28, 9D, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtSetInformationFile + B 76EE6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtSetInformationThread + 6 76EE66DE 4 Bytes [28, 9E, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtSetInformationThread + B 76EE66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtUnmapViewOfSection + 6 76EE69FE 4 Bytes [68, 9F, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5628] ntdll.dll!NtUnmapViewOfSection + B 76EE6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtCreateFile + 6 76EE560E 4 Bytes [28, E0, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtCreateFile + B 76EE5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtMapViewOfSection + 6 76EE5C6E 4 Bytes [28, E3, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtMapViewOfSection + B 76EE5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenFile + 6 76EE5D1E 4 Bytes [68, E0, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenFile + B 76EE5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenProcess + 6 76EE5DCE 4 Bytes [A8, E1, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenProcess + B 76EE5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenProcessToken + 6 76EE5DDE 4 Bytes CALL 75EEF9C4 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenProcessToken + B 76EE5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenProcessTokenEx + 6 76EE5DEE 4 Bytes [A8, E2, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenProcessTokenEx + B 76EE5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenThread + 6 76EE5E4E 4 Bytes [68, E1, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenThread + B 76EE5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenThreadToken + 6 76EE5E5E 4 Bytes [68, E2, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenThreadToken + B 76EE5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenThreadTokenEx + 6 76EE5E6E 4 Bytes CALL 75EEFA55 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenThreadTokenEx + B 76EE5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtQueryAttributesFile + 6 76EE5F7E 4 Bytes [A8, E0, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtQueryAttributesFile + B 76EE5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtQueryFullAttributesFile + 6 76EE602E 4 Bytes CALL 75EEFC13 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtQueryFullAttributesFile + B 76EE6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtSetInformationFile + 6 76EE667E 4 Bytes [28, E1, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtSetInformationFile + B 76EE6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtSetInformationThread + 6 76EE66DE 4 Bytes [28, E2, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtSetInformationThread + B 76EE66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtUnmapViewOfSection + 6 76EE69FE 4 Bytes [68, E3, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtUnmapViewOfSection + B 76EE6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtCreateFile + 6 76EE560E 4 Bytes [28, 6C, EC, 00] {SUB [ESP+EBP*8+0x0], CH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtCreateFile + B 76EE5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtMapViewOfSection + 6 76EE5C6E 4 Bytes [28, 6F, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtMapViewOfSection + B 76EE5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtOpenFile + 6 76EE5D1E 4 Bytes [68, 6C, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtOpenFile + B 76EE5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtOpenProcess + 6 76EE5DCE 4 Bytes [A8, 6D, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtOpenProcess + B 76EE5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtOpenProcessToken + 6 76EE5DDE 4 Bytes CALL 75EF4A50 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtOpenProcessToken + B 76EE5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtOpenProcessTokenEx + 6 76EE5DEE 4 Bytes [A8, 6E, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtOpenProcessTokenEx + B 76EE5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtOpenThread + 6 76EE5E4E 4 Bytes [68, 6D, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtOpenThread + B 76EE5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtOpenThreadToken + 6 76EE5E5E 4 Bytes [68, 6E, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtOpenThreadToken + B 76EE5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtOpenThreadTokenEx + 6 76EE5E6E 4 Bytes CALL 75EF4AE1 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtOpenThreadTokenEx + B 76EE5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtQueryAttributesFile + 6 76EE5F7E 4 Bytes [A8, 6C, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtQueryAttributesFile + B 76EE5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtQueryFullAttributesFile + 6 76EE602E 4 Bytes CALL 75EF4C9F C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtQueryFullAttributesFile + B 76EE6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtSetInformationFile + 6 76EE667E 4 Bytes [28, 6D, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtSetInformationFile + B 76EE6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtSetInformationThread + 6 76EE66DE 4 Bytes [28, 6E, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtSetInformationThread + B 76EE66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtUnmapViewOfSection + 6 76EE69FE 4 Bytes [68, 6F, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtUnmapViewOfSection + B 76EE6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtCreateFile + 6 76EE560E 4 Bytes [28, D8, 01, 01] {SUB AL, BL; ADD [ECX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtCreateFile + B 76EE5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtMapViewOfSection + 6 76EE5C6E 4 Bytes [28, DB, 01, 01] {SUB BL, BL; ADD [ECX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtMapViewOfSection + B 76EE5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenFile + 6 76EE5D1E 4 Bytes [68, D8, 01, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenFile + B 76EE5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcess + 6 76EE5DCE 4 Bytes [A8, D9, 01, 01] {TEST AL, 0xd9; ADD [ECX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcess + B 76EE5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcessToken + 6 76EE5DDE 4 Bytes CALL 75EF5FBC C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcessToken + B 76EE5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcessTokenEx + 6 76EE5DEE 4 Bytes [A8, DA, 01, 01] {TEST AL, 0xda; ADD [ECX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcessTokenEx + B 76EE5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThread + 6 76EE5E4E 4 Bytes [68, D9, 01, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThread + B 76EE5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThreadToken + 6 76EE5E5E 4 Bytes [68, DA, 01, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThreadToken + B 76EE5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThreadTokenEx + 6 76EE5E6E 4 Bytes CALL 75EF604D C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThreadTokenEx + B 76EE5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtQueryAttributesFile + 6 76EE5F7E 4 Bytes [A8, D8, 01, 01] {TEST AL, 0xd8; ADD [ECX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtQueryAttributesFile + B 76EE5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtQueryFullAttributesFile + 6 76EE602E 4 Bytes CALL 75EF620B C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtQueryFullAttributesFile + B 76EE6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtSetInformationFile + 6 76EE667E 4 Bytes [28, D9, 01, 01] {SUB CL, BL; ADD [ECX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtSetInformationFile + B 76EE6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtSetInformationThread + 6 76EE66DE 4 Bytes [28, DA, 01, 01] {SUB DL, BL; ADD [ECX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtSetInformationThread + B 76EE66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtUnmapViewOfSection + 6 76EE69FE 4 Bytes [68, DB, 01, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtUnmapViewOfSection + B 76EE6A03 1 Byte [E2] ---- EOF - GMER 2.1 ----