GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-22 12:47:50 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-16 ST3320613AS rev.CC2F 298,09GB Running: mn8vl4q5.exe; Driver: C:\DOCUME~1\komputer\USTAWI~1\Temp\pwairaob.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xB45EBAC4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0xB49060BA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xB45EC5A2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xB46325A0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xB45F863C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xB45F8688] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xB45F8822] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xB4631F54] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xB45F85AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xB45F86CC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xB45F85F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xB45ECAD8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xB45F87DC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xB45ED390] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xB45EBB2A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xB4632C66] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xB4632F1C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xB45F0B86] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xB4632AD1] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xB463293C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xB45EB716] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xB4906574] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xB45EBB90] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xB45F0F7C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xB45EDE78] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xB45F8666] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xB45F86AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xB45F8846] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xB46322B0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xB45F85D0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xB45F047E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xB45F875A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xB45F861A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xB45F086A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xB45F8800] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xB4906312] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xB46327B7] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xB45EDCEC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xB4632609] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xB45ED842] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xB4914358] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwReplaceKey [0xB4914CC4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xB4631597] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xB45EBBF6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xB45EBC5C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xB45ED20A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xB45EB7B0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xB45EB982] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xB4632D6D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xB45EB910] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xB45ED55A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xB45ED6BC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xB45EBA0A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xB45ED048] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xB45ED1EA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xB45EBCC2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xB45EC5FE] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2F30 805047CC 12 Bytes [F6, BB, 5E, B4, 5C, BC, 5E, ...] {IDIV BYTE [EBX-0x43a34ba2]; POP ESI; MOV AH, 0xa; RCR [ESI-0x4c], CL} .text ntkrnlpa.exe!ZwCallbackReturn + 2FD8 80504874 12 Bytes [5A, D5, 5E, B4, BC, D6, 5E, ...] PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL B45EE549 \SystemRoot\system32\drivers\aswSnx.sys .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7336380, 0x5414D5, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[192] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [18, 20, C4, 01] {SBB [EAX], AH; LES EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[488] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[488] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1468] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 30, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 33, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 30, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 31, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED4A .text C:\Program Files\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 32, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 31, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 32, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EDBB .text C:\Program Files\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 30, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEE9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 31, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 32, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 33, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 005301F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 005303FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 24, 66, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 27, 66, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 24, 66, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 25, 66, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B913C3E .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 26, 66, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 25, 66, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 26, 66, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B913CAF .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 24, 66, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B913DDD .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 25, 66, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 26, 66, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 27, 66, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 009401F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 009403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 18, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 1B, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 18, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 19, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B917C32 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 1A, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 19, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 1A, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B917CA3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 18, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B917DD1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 19, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 1A, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 1B, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00D401F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2164] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00D403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2196] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 40, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2196] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2196] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 43, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2196] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2196] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 40, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2196] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2196] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 41, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2196] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2196] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B916E5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2196] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2196] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 42, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2196] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2196] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 41, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2196] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2196] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 42, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2196] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2196] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B916ECB .text C:\Program Files\Google\Chrome\Application\chrome.exe[2196] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2196] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 40, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2196] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2196] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B916FF9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2196] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2196] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 41, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2196] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2196] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 42, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2196] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2196] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 43, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2196] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2196] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00C601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2196] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00C603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 78, 01, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 7B, 01, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 78, 01, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 79, 01, 01] {TEST AL, 0x79; ADD [ECX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91D792 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 7A, 01, 01] {TEST AL, 0x7a; ADD [ECX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 79, 01, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 7A, 01, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91D803 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 78, 01, 01] {TEST AL, 0x78; ADD [ECX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91D931 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 79, 01, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 7A, 01, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 7B, 01, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 012F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 012F03FC ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[740] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[740] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys Device \Driver\prodrv06 \Device\ProDrv06 E1912008 Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 prosync1.sys Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys Device \Driver\atapi \Device\Ide\IdePort2 prosync1.sys Device \Driver\atapi \Device\Ide\IdePort3 prosync1.sys Device \Driver\atapi \Device\Ide\IdePort4 prosync1.sys Device \Driver\atapi \Device\Ide\IdePort5 prosync1.sys Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-16 prosync1.sys Device \Driver\prohlp02 \Device\ProHlp02 E101B970 AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x04 0xE5 0x0E 0x72 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x76 0xAD 0x96 0xE1 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x01 0x0F 0x30 0xE5 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x04 0xE5 0x0E 0x72 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x76 0xAD 0x96 0xE1 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x01 0x0F 0x30 0xE5 ... ---- EOF - GMER 2.1 ----