GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-07-09 19:32:55 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-e ST3250318AS rev.CC38 232,89GB Running: e5b3it7d.exe; Driver: C:\DOCUME~1\BM\USTAWI~1\Temp\pwgcrkow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[972] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [18, 10, C4, 01] {SBB [EAX], DL; LES EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[972] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[972] ntdll.dll!NtQueryAttributesFile 7C90D70E 5 Bytes JMP 100A6730 c:\progra~1\websea~1\sprote~1.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[972] ntdll.dll!NtQueryFullAttributesFile 7C90D7AE 5 Bytes JMP 100A68B0 c:\progra~1\websea~1\sprote~1.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[972] ntdll.dll!NtQueryInformationFile 7C90D7CE 5 Bytes JMP 100A66A0 c:\progra~1\websea~1\sprote~1.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[972] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 1002F08A c:\progra~1\websea~1\sprote~1.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[972] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 100A65D0 c:\progra~1\websea~1\sprote~1.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[972] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 1002F0CF c:\progra~1\websea~1\sprote~1.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[972] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 100A6250 c:\progra~1\websea~1\sprote~1.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[972] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 100A64D0 c:\progra~1\websea~1\sprote~1.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[972] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 100A6390 c:\progra~1\websea~1\sprote~1.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 30, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 33, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 30, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 31, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91664A .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 32, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 31, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 32, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9166BB .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 30, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9167E9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 31, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 32, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 33, 90, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe[1452] kernel32.dll!CreateThread + 1A 7C810721 4 Bytes CALL 0044CE15 C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe .text C:\Program Files\Google\Chrome\Application\chrome.exe[1492] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 10, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1492] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1492] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 13, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1492] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1492] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 10, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1492] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1492] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 11, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1492] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1492] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91362A .text C:\Program Files\Google\Chrome\Application\chrome.exe[1492] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1492] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 12, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1492] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1492] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 11, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1492] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1492] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 12, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1492] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1492] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91369B .text C:\Program Files\Google\Chrome\Application\chrome.exe[1492] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1492] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 10, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1492] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1492] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9137C9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1492] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1492] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 11, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1492] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1492] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 12, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1492] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1492] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 13, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1492] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\IObit\Smart Defrag 3\SmartDefrag.exe[1760] kernel32.dll!CreateThread + 1A 7C810721 4 Bytes CALL 00456C79 C:\Program Files\IObit\Smart Defrag 3\SmartDefrag.exe .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 0C, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 0F, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 0C, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 0D, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B910526 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 0E, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 0D, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 0E, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B910597 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 0C, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9106C5 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 0D, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 0E, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 0F, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2256] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 48, 97, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 4B, 97, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 48, 97, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 49, 97, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B916D62 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 4A, 97, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 49, 97, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 4A, 97, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B916DD3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 48, 97, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B916F01 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 49, 97, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 4A, 97, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 4B, 97, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, A8, D4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, AB, D4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, A8, D4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, A9, D4, 00] {TEST AL, 0xa9; AAM 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91AAC2 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, AA, D4, 00] {TEST AL, 0xaa; AAM 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, A9, D4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, AA, D4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91AB33 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, A8, D4, 00] {TEST AL, 0xa8; AAM 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91AC61 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, A9, D4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, AA, D4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, AB, D4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 60, E3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 63, E3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 60, E3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 61, E3, 00] {TEST AL, 0x61; JECXZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91B97A .text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 62, E3, 00] {TEST AL, 0x62; JECXZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 61, E3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 62, E3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91B9EB .text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 60, E3, 00] {TEST AL, 0x60; JECXZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91BB19 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 61, E3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 62, E3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 63, E3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, C8, 64, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, CB, 64, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, C8, 64, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, C9, 64, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B913AE2 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, CA, 64, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, C9, 64, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, CA, 64, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B913B53 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, C8, 64, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B913C81 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, C9, 64, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, CA, 64, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, CB, 64, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip UrlFilter.sys AttachedDevice \Driver\Tcpip \Device\Tcp UrlFilter.sys AttachedDevice \Driver\Tcpip \Device\Udp UrlFilter.sys AttachedDevice \Driver\Tcpip \Device\RawIp UrlFilter.sys Device mrxsmb.sys Device Fastfat.SYS AttachedDevice fltmgr.sys Device Fs_Rec.SYS Device InCDFs.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00158315a310 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00158315a310 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00158315a310@6cd68afbb9c4 0xF0 0x8E 0x65 0x50 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310@6cd68afbb9c4 0xF0 0x8E 0x65 0x50 ... ---- EOF - GMER 2.1 ----