GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-02-26 20:12:07 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BB-00FJA0 rev.13.03G13 74,53GB Running: 75h7ueq7.exe; Driver: C:\DOCUME~1\Dominik\USTAWI~1\Temp\kftiypod.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0xB5D376E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0xB5D37800] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0xB5D37010] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0xB5D374D0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0xB5D37300] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0xB5D373E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0xB5D37120] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0xB5D37210] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0xB5D375E0] ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB9206360, 0x24BB1D, 0xE8000020] init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xB90FB870] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 0C, 71, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 0F, 71, 00] {SUB [EDI], CL; JNO 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 0C, 71, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 0D, 71, 00] {TEST AL, 0xd; JNO 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B914726 .text C:\Program Files\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 0E, 71, 00] {TEST AL, 0xe; JNO 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 0D, 71, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 0E, 71, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B914797 .text C:\Program Files\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 0C, 71, 00] {TEST AL, 0xc; JNO 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9148C5 .text C:\Program Files\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 0D, 71, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 0E, 71, 00] {SUB [ESI], CL; JNO 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtTerminateProcess 7C90DE6E 5 Bytes JMP 0042EA9B C:\Program Files\Google\Chrome\Application\chrome.exe .text C:\Program Files\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 0F, 71, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 6C, B4, 00] {SUB [ESP+ESI*4+0x0], CH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 6F, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 6C, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 6D, B4, 00] {TEST AL, 0x6d; MOV AH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B918A86 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 6E, B4, 00] {TEST AL, 0x6e; MOV AH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 6D, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 6E, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B918AF7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 6C, B4, 00] {TEST AL, 0x6c; MOV AH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B918C25 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 6D, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 6E, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtTerminateProcess 7C90DE6E 5 Bytes JMP 0042EA9B C:\Program Files\Google\Chrome\Application\chrome.exe .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 6F, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 34, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 37, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 34, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 35, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91254E .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 36, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 35, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 36, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9125BF .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 34, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9126ED .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 35, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 36, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 37, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 6C, 16, 00] {SUB [ESI+EDX+0x0], CH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 6F, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 6C, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 6D, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC86 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 6E, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 6D, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 6E, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ECF7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 6C, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EE25 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 6D, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 6E, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtTerminateProcess 7C90DE6E 5 Bytes JMP 0042EA9B C:\Program Files\Google\Chrome\Application\chrome.exe .text C:\Program Files\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 6F, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2712] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 70, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2712] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2712] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 73, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2712] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2712] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 70, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2712] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2712] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 71, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2712] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2712] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91CB8A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2712] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2712] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 72, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2712] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2712] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 71, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2712] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2712] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 72, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2712] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2712] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91CBFB .text C:\Program Files\Google\Chrome\Application\chrome.exe[2712] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2712] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 70, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2712] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2712] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91CD29 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2712] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2712] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 71, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2712] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2712] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 72, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2712] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2712] ntdll.dll!NtTerminateProcess 7C90DE6E 5 Bytes JMP 0042EA9B C:\Program Files\Google\Chrome\Application\chrome.exe .text C:\Program Files\Google\Chrome\Application\chrome.exe[2712] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 73, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2712] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Dominik\Dane aplikacji\GameRanger\GameRanger\GameRanger.exe[3028] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 5 Bytes JMP 004FD0D0 C:\Documents and Settings\Dominik\Dane aplikacji\GameRanger\GameRanger\GameRanger.exe .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 0C, CD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 0F, CD, 00] {SUB [EDI], CL; INT 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 0C, CD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 0D, CD, 00] {TEST AL, 0xd; INT 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91A326 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 0E, CD, 00] {TEST AL, 0xe; INT 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 0D, CD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 0E, CD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91A397 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 0C, CD, 00] {TEST AL, 0xc; INT 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91A4C5 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 0D, CD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 0E, CD, 00] {SUB [ESI], CL; INT 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtTerminateProcess 7C90DE6E 5 Bytes JMP 0042EA9B C:\Program Files\Google\Chrome\Application\chrome.exe .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 0F, CD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED48A298-5D67-4C5B-96CB-B18F65727E3C}@LeaseObtainedTime 1393439626 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED48A298-5D67-4C5B-96CB-B18F65727E3C}@T1 1393439676 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED48A298-5D67-4C5B-96CB-B18F65727E3C}@T2 1393439713 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED48A298-5D67-4C5B-96CB-B18F65727E3C}@LeaseTerminatesTime 1393439726 Reg HKLM\SYSTEM\CurrentControlSet\Services\{ED48A298-5D67-4C5B-96CB-B18F65727E3C}\Parameters\Tcpip@LeaseObtainedTime 1393439626 Reg HKLM\SYSTEM\CurrentControlSet\Services\{ED48A298-5D67-4C5B-96CB-B18F65727E3C}\Parameters\Tcpip@T1 1393439676 Reg HKLM\SYSTEM\CurrentControlSet\Services\{ED48A298-5D67-4C5B-96CB-B18F65727E3C}\Parameters\Tcpip@T2 1393439713 Reg HKLM\SYSTEM\CurrentControlSet\Services\{ED48A298-5D67-4C5B-96CB-B18F65727E3C}\Parameters\Tcpip@LeaseTerminatesTime 1393439726