GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-11-26 17:15:15 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS542516K9A300 rev.BBCOC3EP 149,05GB Running: 6svzgu67.exe; Driver: C:\Users\Gosia\AppData\Local\Temp\uwloqpod.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x8DBE86E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x8DBE8800] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x8DBE8010] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0x8DBE84D0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x8DBE8300] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x8DBE83E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x8DBE8120] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x8DBE8210] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x8DBE85E0] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 3BD 822B7A08 8 Bytes [E0, 86, BE, 8D, 00, 88, BE, ...] .text ntkrnlpa.exe!KeSetEvent + 3F1 822B7A3C 4 Bytes [10, 80, BE, 8D] .text ntkrnlpa.exe!KeSetEvent + 40D 822B7A58 4 Bytes [D0, 84, BE, 8D] .text ntkrnlpa.exe!KeSetEvent + 611 822B7C5C 8 Bytes [00, 83, BE, 8D, E0, 83, BE, ...] .text ntkrnlpa.exe!KeSetEvent + 621 822B7C6C 8 Bytes [20, 81, BE, 8D, 10, 82, BE, ...] .text ... ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtCreateFile + 6 7782426A 4 Bytes [28, 20, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtCreateFile + B 7782426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtMapViewOfSection + 6 778249BA 4 Bytes [28, 23, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtMapViewOfSection + B 778249BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenFile + 6 77824A4A 4 Bytes [68, 20, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenFile + B 77824A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenProcess + 6 77824ACA 4 Bytes [A8, 21, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenProcess + B 77824ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenProcessToken + 6 77824ADA 4 Bytes CALL 76829700 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenProcessToken + B 77824ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenProcessTokenEx + 6 77824AEA 4 Bytes [A8, 22, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenProcessTokenEx + B 77824AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenThread + 6 77824B3A 4 Bytes [68, 21, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenThread + B 77824B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenThreadToken + 6 77824B4A 4 Bytes [68, 22, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenThreadToken + B 77824B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenThreadTokenEx + 6 77824B5A 4 Bytes CALL 76829781 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenThreadTokenEx + B 77824B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtQueryAttributesFile + 6 77824BEA 4 Bytes [A8, 20, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtQueryAttributesFile + B 77824BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtQueryFullAttributesFile + 6 77824C9A 4 Bytes CALL 768298BF .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtQueryFullAttributesFile + B 77824C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtSetInformationFile + 6 7782517A 4 Bytes [28, 21, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtSetInformationFile + B 7782517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtSetInformationThread + 6 778251CA 4 Bytes [28, 22, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtSetInformationThread + B 778251CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtUnmapViewOfSection + 6 7782546A 4 Bytes [68, 23, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtUnmapViewOfSection + B 7782546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5728] ntdll.dll!NtMapViewOfSection + 6 778249BA 4 Bytes [18, 20, 2D, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5728] ntdll.dll!NtMapViewOfSection + B 778249BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7276] ntdll.dll!NtCreateFile + 6 7782426A 4 Bytes [28, 70, 7D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7276] ntdll.dll!NtCreateFile + B 7782426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7276] ntdll.dll!NtMapViewOfSection + 6 778249BA 4 Bytes [28, 73, 7D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7276] ntdll.dll!NtMapViewOfSection + B 778249BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7276] ntdll.dll!NtOpenFile + 6 77824A4A 4 Bytes [68, 70, 7D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7276] ntdll.dll!NtOpenFile + B 77824A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7276] ntdll.dll!NtOpenProcess + 6 77824ACA 4 Bytes [A8, 71, 7D, 00] {TEST AL, 0x71; JGE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7276] ntdll.dll!NtOpenProcess + B 77824ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7276] ntdll.dll!NtOpenProcessToken + 6 77824ADA 4 Bytes CALL 7682C850 .text C:\Program Files\Google\Chrome\Application\chrome.exe[7276] ntdll.dll!NtOpenProcessToken + B 77824ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7276] ntdll.dll!NtOpenProcessTokenEx + 6 77824AEA 4 Bytes [A8, 72, 7D, 00] {TEST AL, 0x72; JGE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7276] ntdll.dll!NtOpenProcessTokenEx + B 77824AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7276] ntdll.dll!NtOpenThread + 6 77824B3A 4 Bytes [68, 71, 7D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7276] ntdll.dll!NtOpenThread + B 77824B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7276] ntdll.dll!NtOpenThreadToken + 6 77824B4A 4 Bytes [68, 72, 7D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7276] ntdll.dll!NtOpenThreadToken + B 77824B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7276] ntdll.dll!NtOpenThreadTokenEx + 6 77824B5A 4 Bytes CALL 7682C8D1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[7276] ntdll.dll!NtOpenThreadTokenEx + B 77824B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7276] ntdll.dll!NtQueryAttributesFile + 6 77824BEA 4 Bytes [A8, 70, 7D, 00] {TEST AL, 0x70; JGE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7276] ntdll.dll!NtQueryAttributesFile + B 77824BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7276] ntdll.dll!NtQueryFullAttributesFile + 6 77824C9A 4 Bytes CALL 7682CA0F .text C:\Program Files\Google\Chrome\Application\chrome.exe[7276] ntdll.dll!NtQueryFullAttributesFile + B 77824C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7276] ntdll.dll!NtSetInformationFile + 6 7782517A 4 Bytes [28, 71, 7D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7276] ntdll.dll!NtSetInformationFile + B 7782517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7276] ntdll.dll!NtSetInformationThread + 6 778251CA 4 Bytes [28, 72, 7D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7276] ntdll.dll!NtSetInformationThread + B 778251CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7276] ntdll.dll!NtUnmapViewOfSection + 6 7782546A 4 Bytes [68, 73, 7D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7276] ntdll.dll!NtUnmapViewOfSection + B 7782546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7344] ntdll.dll!NtCreateFile + 6 7782426A 4 Bytes [28, B8, 85, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7344] ntdll.dll!NtCreateFile + B 7782426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7344] ntdll.dll!NtMapViewOfSection + 6 778249BA 4 Bytes [28, BB, 85, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7344] ntdll.dll!NtMapViewOfSection + B 778249BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7344] ntdll.dll!NtOpenFile + 6 77824A4A 4 Bytes [68, B8, 85, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7344] ntdll.dll!NtOpenFile + B 77824A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7344] ntdll.dll!NtOpenProcess + 6 77824ACA 4 Bytes [A8, B9, 85, 00] {TEST AL, 0xb9; TEST [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7344] ntdll.dll!NtOpenProcess + B 77824ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7344] ntdll.dll!NtOpenProcessToken + 6 77824ADA 4 Bytes CALL 7682D098 .text C:\Program Files\Google\Chrome\Application\chrome.exe[7344] ntdll.dll!NtOpenProcessToken + B 77824ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7344] ntdll.dll!NtOpenProcessTokenEx + 6 77824AEA 4 Bytes [A8, BA, 85, 00] {TEST AL, 0xba; TEST [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7344] ntdll.dll!NtOpenProcessTokenEx + B 77824AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7344] ntdll.dll!NtOpenThread + 6 77824B3A 4 Bytes [68, B9, 85, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7344] ntdll.dll!NtOpenThread + B 77824B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7344] ntdll.dll!NtOpenThreadToken + 6 77824B4A 4 Bytes [68, BA, 85, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7344] ntdll.dll!NtOpenThreadToken + B 77824B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7344] ntdll.dll!NtOpenThreadTokenEx + 6 77824B5A 4 Bytes CALL 7682D119 .text C:\Program Files\Google\Chrome\Application\chrome.exe[7344] ntdll.dll!NtOpenThreadTokenEx + B 77824B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7344] ntdll.dll!NtQueryAttributesFile + 6 77824BEA 4 Bytes [A8, B8, 85, 00] {TEST AL, 0xb8; TEST [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7344] ntdll.dll!NtQueryAttributesFile + B 77824BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7344] ntdll.dll!NtQueryFullAttributesFile + 6 77824C9A 4 Bytes CALL 7682D257 .text C:\Program Files\Google\Chrome\Application\chrome.exe[7344] ntdll.dll!NtQueryFullAttributesFile + B 77824C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7344] ntdll.dll!NtSetInformationFile + 6 7782517A 4 Bytes [28, B9, 85, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7344] ntdll.dll!NtSetInformationFile + B 7782517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7344] ntdll.dll!NtSetInformationThread + 6 778251CA 4 Bytes [28, BA, 85, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7344] ntdll.dll!NtSetInformationThread + B 778251CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7344] ntdll.dll!NtUnmapViewOfSection + 6 7782546A 4 Bytes [68, BB, 85, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7344] ntdll.dll!NtUnmapViewOfSection + B 7782546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7364] ntdll.dll!NtCreateFile + 6 7782426A 4 Bytes [28, 94, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7364] ntdll.dll!NtCreateFile + B 7782426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7364] ntdll.dll!NtMapViewOfSection + 6 778249BA 4 Bytes [28, 97, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7364] ntdll.dll!NtMapViewOfSection + B 778249BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7364] ntdll.dll!NtOpenFile + 6 77824A4A 4 Bytes [68, 94, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7364] ntdll.dll!NtOpenFile + B 77824A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7364] ntdll.dll!NtOpenProcess + 6 77824ACA 4 Bytes [A8, 95, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7364] ntdll.dll!NtOpenProcess + B 77824ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7364] ntdll.dll!NtOpenProcessToken + B 77824ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7364] ntdll.dll!NtOpenProcessTokenEx + 6 77824AEA 4 Bytes [A8, 96, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7364] ntdll.dll!NtOpenProcessTokenEx + B 77824AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7364] ntdll.dll!NtOpenThread + 6 77824B3A 4 Bytes [68, 95, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7364] ntdll.dll!NtOpenThread + B 77824B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7364] ntdll.dll!NtOpenThreadToken + 6 77824B4A 4 Bytes [68, 96, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7364] ntdll.dll!NtOpenThreadToken + B 77824B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7364] ntdll.dll!NtOpenThreadTokenEx + B 77824B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7364] ntdll.dll!NtQueryAttributesFile + 6 77824BEA 4 Bytes [A8, 94, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7364] ntdll.dll!NtQueryAttributesFile + B 77824BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7364] ntdll.dll!NtQueryFullAttributesFile + B 77824C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7364] ntdll.dll!NtSetInformationFile + 6 7782517A 4 Bytes [28, 95, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7364] ntdll.dll!NtSetInformationFile + B 7782517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7364] ntdll.dll!NtSetInformationThread + 6 778251CA 4 Bytes [28, 96, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7364] ntdll.dll!NtSetInformationThread + B 778251CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7364] ntdll.dll!NtUnmapViewOfSection + 6 7782546A 4 Bytes [68, 97, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7364] ntdll.dll!NtUnmapViewOfSection + B 7782546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7396] ntdll.dll!NtCreateFile + 6 7782426A 4 Bytes [28, 50, 70, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7396] ntdll.dll!NtCreateFile + B 7782426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7396] ntdll.dll!NtMapViewOfSection + 6 778249BA 4 Bytes [28, 53, 70, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7396] ntdll.dll!NtMapViewOfSection + B 778249BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7396] ntdll.dll!NtOpenFile + 6 77824A4A 4 Bytes [68, 50, 70, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7396] ntdll.dll!NtOpenFile + B 77824A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7396] ntdll.dll!NtOpenProcess + 6 77824ACA 4 Bytes [A8, 51, 70, 00] {TEST AL, 0x51; JO 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7396] ntdll.dll!NtOpenProcess + B 77824ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7396] ntdll.dll!NtOpenProcessToken + 6 77824ADA 4 Bytes CALL 7682BB30 .text C:\Program Files\Google\Chrome\Application\chrome.exe[7396] ntdll.dll!NtOpenProcessToken + B 77824ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7396] ntdll.dll!NtOpenProcessTokenEx + 6 77824AEA 4 Bytes [A8, 52, 70, 00] {TEST AL, 0x52; JO 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7396] ntdll.dll!NtOpenProcessTokenEx + B 77824AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7396] ntdll.dll!NtOpenThread + 6 77824B3A 4 Bytes [68, 51, 70, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7396] ntdll.dll!NtOpenThread + B 77824B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7396] ntdll.dll!NtOpenThreadToken + 6 77824B4A 4 Bytes [68, 52, 70, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7396] ntdll.dll!NtOpenThreadToken + B 77824B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7396] ntdll.dll!NtOpenThreadTokenEx + 6 77824B5A 4 Bytes CALL 7682BBB1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[7396] ntdll.dll!NtOpenThreadTokenEx + B 77824B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7396] ntdll.dll!NtQueryAttributesFile + 6 77824BEA 4 Bytes [A8, 50, 70, 00] {TEST AL, 0x50; JO 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7396] ntdll.dll!NtQueryAttributesFile + B 77824BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7396] ntdll.dll!NtQueryFullAttributesFile + 6 77824C9A 4 Bytes CALL 7682BCEF .text C:\Program Files\Google\Chrome\Application\chrome.exe[7396] ntdll.dll!NtQueryFullAttributesFile + B 77824C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7396] ntdll.dll!NtSetInformationFile + 6 7782517A 4 Bytes [28, 51, 70, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7396] ntdll.dll!NtSetInformationFile + B 7782517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7396] ntdll.dll!NtSetInformationThread + 6 778251CA 4 Bytes [28, 52, 70, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7396] ntdll.dll!NtSetInformationThread + B 778251CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7396] ntdll.dll!NtUnmapViewOfSection + 6 7782546A 4 Bytes [68, 53, 70, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7396] ntdll.dll!NtUnmapViewOfSection + B 7782546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtCreateFile + 6 7782426A 4 Bytes [28, 60, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtCreateFile + B 7782426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtMapViewOfSection + 6 778249BA 4 Bytes [28, 63, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtMapViewOfSection + B 778249BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtOpenFile + 6 77824A4A 4 Bytes [68, 60, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtOpenFile + B 77824A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtOpenProcess + 6 77824ACA 4 Bytes [A8, 61, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtOpenProcess + B 77824ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtOpenProcessToken + 6 77824ADA 4 Bytes CALL 7682B940 .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtOpenProcessToken + B 77824ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtOpenProcessTokenEx + 6 77824AEA 4 Bytes [A8, 62, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtOpenProcessTokenEx + B 77824AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtOpenThread + 6 77824B3A 4 Bytes [68, 61, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtOpenThread + B 77824B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtOpenThreadToken + 6 77824B4A 4 Bytes [68, 62, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtOpenThreadToken + B 77824B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtOpenThreadTokenEx + 6 77824B5A 4 Bytes CALL 7682B9C1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtOpenThreadTokenEx + B 77824B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtQueryAttributesFile + 6 77824BEA 4 Bytes [A8, 60, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtQueryAttributesFile + B 77824BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtQueryFullAttributesFile + 6 77824C9A 4 Bytes CALL 7682BAFF .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtQueryFullAttributesFile + B 77824C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtSetInformationFile + 6 7782517A 4 Bytes [28, 61, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtSetInformationFile + B 7782517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtSetInformationThread + 6 778251CA 4 Bytes [28, 62, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtSetInformationThread + B 778251CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtUnmapViewOfSection + 6 7782546A 4 Bytes [68, 63, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtUnmapViewOfSection + B 7782546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[8304] ntdll.dll!NtCreateFile + 6 7782426A 4 Bytes [28, B0, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[8304] ntdll.dll!NtCreateFile + B 7782426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[8304] ntdll.dll!NtMapViewOfSection + 6 778249BA 4 Bytes [28, B3, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[8304] ntdll.dll!NtMapViewOfSection + B 778249BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[8304] ntdll.dll!NtOpenFile + 6 77824A4A 4 Bytes [68, B0, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[8304] ntdll.dll!NtOpenFile + B 77824A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[8304] ntdll.dll!NtOpenProcess + 6 77824ACA 4 Bytes [A8, B1, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[8304] ntdll.dll!NtOpenProcess + B 77824ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[8304] ntdll.dll!NtOpenProcessToken + 6 77824ADA 4 Bytes CALL 7682B990 .text C:\Program Files\Google\Chrome\Application\chrome.exe[8304] ntdll.dll!NtOpenProcessToken + B 77824ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[8304] ntdll.dll!NtOpenProcessTokenEx + 6 77824AEA 4 Bytes [A8, B2, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[8304] ntdll.dll!NtOpenProcessTokenEx + B 77824AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[8304] ntdll.dll!NtOpenThread + 6 77824B3A 4 Bytes [68, B1, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[8304] ntdll.dll!NtOpenThread + B 77824B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[8304] ntdll.dll!NtOpenThreadToken + 6 77824B4A 4 Bytes [68, B2, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[8304] ntdll.dll!NtOpenThreadToken + B 77824B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[8304] ntdll.dll!NtOpenThreadTokenEx + 6 77824B5A 4 Bytes CALL 7682BA11 .text C:\Program Files\Google\Chrome\Application\chrome.exe[8304] ntdll.dll!NtOpenThreadTokenEx + B 77824B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[8304] ntdll.dll!NtQueryAttributesFile + 6 77824BEA 4 Bytes [A8, B0, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[8304] ntdll.dll!NtQueryAttributesFile + B 77824BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[8304] ntdll.dll!NtQueryFullAttributesFile + 6 77824C9A 4 Bytes CALL 7682BB4F .text C:\Program Files\Google\Chrome\Application\chrome.exe[8304] ntdll.dll!NtQueryFullAttributesFile + B 77824C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[8304] ntdll.dll!NtSetInformationFile + 6 7782517A 4 Bytes [28, B1, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[8304] ntdll.dll!NtSetInformationFile + B 7782517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[8304] ntdll.dll!NtSetInformationThread + 6 778251CA 4 Bytes [28, B2, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[8304] ntdll.dll!NtSetInformationThread + B 778251CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[8304] ntdll.dll!NtUnmapViewOfSection + 6 7782546A 4 Bytes [68, B3, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[8304] ntdll.dll!NtUnmapViewOfSection + B 7782546F 1 Byte [E2] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[2292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73757817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[2292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7379B4F1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[2292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7375BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[2292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7374F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[2292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [737575E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[2292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7374E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[2292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [737873F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[2292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7375DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[2292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7374FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[2292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7374FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[2292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [737471CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[2292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [737DCB12] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[2292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7377C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[2292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7374D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[2292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73746853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[2292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7374687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[2292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73752AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000df02e902a Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 3182 Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000df02e902a (not active ControlSet) ---- EOF - GMER 2.1 ----