GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2014-01-08 23:36:37 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HM320II rev.2AC101C4 298,09GB Running: yx7sh2gc.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\pxtdqpoc.sys ---- System - GMER 2.1 ---- SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwAddBootEntry [0xA827EAD0] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xA827F5AE] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwClose [0xA82C37D0] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateEvent [0xA828B5E0] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateEventPair [0xA828B62C] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xA828B7C6] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateKey [0xA82C3184] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateMutant [0xA828B54E] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateSection [0xA828B670] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xA828B596] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateThread [0xA827FAE4] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateTimer [0xA828B780] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xA828039C] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xA827EB36] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteKey [0xA82C3E96] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xA82C414C] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDuplicateObject [0xA8283B32] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwEnumerateKey [0xA82C3D01] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xA82C3B6C] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwLoadDriver [0xA827E71E] SSDT \??\C:\WINDOWS\system32\drivers\aswSP.sys ZwMapViewOfSection [0xA8594466] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xA827EB9C] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xA8283F28] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xA8280E2C] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenEvent [0xA828B60A] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenEventPair [0xA828B64E] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xA828B7EA] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenKey [0xA82C34E0] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenMutant [0xA828B574] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenProcess [0xA828342C] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenSection [0xA828B6FE] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xA828B5BE] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenThread [0xA8283814] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenTimer [0xA828B7A4] SSDT \??\C:\WINDOWS\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xA859420A] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryKey [0xA82C39E7] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryObject [0xA8280CF8] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryValueKey [0xA82C3839] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueueApcThread [0xA828084E] SSDT \??\C:\WINDOWS\system32\drivers\aswSP.sys ZwRenameKey [0xA85A21EA] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwRestoreKey [0xA82C27CA] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xA827EC02] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetBootOptions [0xA827EC68] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetContextThread [0xA8280216] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xA827E7B8] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xA827E98E] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetValueKey [0xA82C3F9D] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwShutdownSystem [0xA827E91C] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSuspendProcess [0xA8280566] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSuspendThread [0xA82806C8] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xA827EA16] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwTerminateProcess [0xA8280054] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwTerminateThread [0xA82801F6] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwVdmControl [0xA827ECCE] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xA827F60A] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2BE8 80504474 4 Bytes JMP BEDAA827 .text ntkrnlpa.exe!ZwCallbackReturn + 2D98 80504624 4 Bytes [EA, B7, 28, A8] .text ntkrnlpa.exe!ZwCallbackReturn + 2EC4 80504750 4 Bytes [EA, 21, 5A, A8] .text ntkrnlpa.exe!ZwCallbackReturn + 2F10 8050479C 12 Bytes [02, EC, 27, A8, 68, EC, 27, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2FA8 80504834 4 Bytes JMP E7A8F060 .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A648C 4 Bytes CALL A82814FD \??\C:\WINDOWS\system32\drivers\aswSnx.sys ? lsotj.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 2.1 ---- .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[100] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[100] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[292] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[312] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 60, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[312] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[312] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 63, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[312] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[312] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 60, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[312] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[312] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 61, 30, 00] {TEST AL, 0x61; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[312] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[312] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B91065C .text C:\Program Files\Google\Chrome\Application\chrome.exe[312] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[312] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 62, 30, 00] {TEST AL, 0x62; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[312] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[312] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 61, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[312] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[312] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 62, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[312] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[312] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B9106CD .text C:\Program Files\Google\Chrome\Application\chrome.exe[312] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[312] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 60, 30, 00] {TEST AL, 0x60; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[312] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[312] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B9107FB .text C:\Program Files\Google\Chrome\Application\chrome.exe[312] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[312] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 61, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[312] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[312] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 62, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[312] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[312] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 63, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[312] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[312] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[312] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[312] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003F03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[312] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\rundll32.exe[612] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\rundll32.exe[612] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\igfxtray.exe[620] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\igfxtray.exe[620] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\hkcmd.exe[628] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\hkcmd.exe[628] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\igfxpers.exe[636] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\igfxpers.exe[636] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[652] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[652] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[740] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\igfxsrvc.exe[756] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\igfxsrvc.exe[756] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[768] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[768] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[776] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[776] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[784] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[784] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[844] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[844] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\wscript.exe[852] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\wscript.exe[852] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[996] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[996] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[1020] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[1020] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1064] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1076] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1076] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1348] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1348] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1756] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1756] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1860] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1860] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1968] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1968] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\System32\SCardSvr.exe[2008] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\System32\SCardSvr.exe[2008] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\yx7sh2gc.exe[2400] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\yx7sh2gc.exe[2400] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3000] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3000] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3156] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 4C, 6E, 00] {SUB [ESI+EBP*2+0x0], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 4F, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 4C, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 4D, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B914448 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 4E, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 4D, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 4E, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B9144B9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 4C, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B9145E7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 4D, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 4E, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 4F, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00AC01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00AC03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3176] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 78, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 7B, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 78, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 79, B3, 00] {TEST AL, 0x79; MOV BL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B918974 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 7A, B3, 00] {TEST AL, 0x7a; MOV BL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 79, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 7A, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B9189E5 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 78, B3, 00] {TEST AL, 0x78; MOV BL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B918B13 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 79, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 7A, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 7B, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00F101F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00F103FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3748] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[4052] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[4052] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[1064] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[1064] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 2.1 ---- Device \Driver\BTHUSB \Device\0000008f bthport.sys Device \Driver\BTHUSB \Device\0000008f bthport.sys AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys Device \Driver\BTHUSB \Device\0000008d bthport.sys Device \Driver\BTHUSB \Device\0000008d bthport.sys AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00225f0526ce Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00225f0526ce (not active ControlSet) ---- EOF - GMER 2.1 ----