GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-04-09 22:22:43 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST3250310AS rev.3.AAC 232,88GB Running: midfecmh.exe; Driver: C:\DOCUME~1\x\USTAWI~1\Temp\fxlcypog.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0xB84016E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0xB8401800] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0xB8401010] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0xB84014D0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0xB8401300] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0xB84013E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0xB8401120] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0xB8401210] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0xB84015E0] INT 0x62 ? 8A54ECB8 INT 0x63 ? 8A300F00 INT 0x73 ? 8A54ECB8 INT 0x73 ? 8A54ECB8 INT 0x73 ? 8A54ECB8 INT 0x73 ? 8A54ECB8 INT 0x73 ? 8A300F00 INT 0x73 ? 8A54ECB8 INT 0x82 ? 8A54ECB8 INT 0x83 ? 8A300F00 INT 0x94 ? 8A300F00 INT 0xB4 ? 8A300F00 ---- Kernel code sections - GMER 2.1 ---- .sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xB7F8B774] .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6C143C0, 0x84E2FA, 0xE8000020] ? C:\WINDOWS\System32\Drivers\acsavrno.SYS suspicious PE modification .text C:\Program Files\Alcohol Soft\Alcohol 52\Alcoholx.dll section is writeable [0x10001000, 0x152A2, 0xE0000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, C0, 02, 01] {SUB AL, AL; ADD AL, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, C3, 02, 01] {SUB BL, AL; ADD AL, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, C0, 02, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, C1, 02, 01] {TEST AL, 0xc1; ADD AL, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B91D8BC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, C2, 02, 01] {TEST AL, 0xc2; ADD AL, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, C1, 02, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, C2, 02, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B91D92D .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, C0, 02, 01] {TEST AL, 0xc0; ADD AL, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91DA5B .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, C1, 02, 01] {SUB CL, AL; ADD AL, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, C2, 02, 01] {SUB DL, AL; ADD AL, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, C3, 02, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 90, FB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 93, FB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 90, FB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 91, FB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B91D18C .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 92, FB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 91, FB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 92, FB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B91D1FD .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 90, FB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91D32B .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 91, FB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 92, FB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 93, FB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 54, D5, 00] {SUB [EBP+EDX*8+0x0], DL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 57, D5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 54, D5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 55, D5, 00] {TEST AL, 0x55; AAD 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B91AB50 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 56, D5, 00] {TEST AL, 0x56; AAD 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 55, D5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 56, D5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B91ABC1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 54, D5, 00] {TEST AL, 0x54; AAD 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91ACEF .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 55, D5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 56, D5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 57, D5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 2C, B2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 2F, B2, 00] {SUB [EDI], CH; MOV DL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 2C, B2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 2D, B2, 00] {TEST AL, 0x2d; MOV DL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B918828 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 2E, B2, 00] {TEST AL, 0x2e; MOV DL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 2D, B2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 2E, B2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B918899 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 2C, B2, 00] {TEST AL, 0x2c; MOV DL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B9189C7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 2D, B2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 2E, B2, 00] {SUB [ESI], CH; MOV DL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 2F, B2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, E0, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, E3, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, E0, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, E1, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B9124DC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, E2, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, E1, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, E2, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B91254D .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, E0, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91267B .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, E1, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, E2, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, E3, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5788] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, D0, 52, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5788] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5788] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, D3, 52, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5788] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5788] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, D0, 52, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5788] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5788] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, D1, 52, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5788] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5788] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B9128CC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5788] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5788] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, D2, 52, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5788] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5788] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, D1, 52, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5788] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5788] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, D2, 52, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5788] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5788] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B91293D .text C:\Program Files\Google\Chrome\Application\chrome.exe[5788] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5788] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, D0, 52, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5788] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5788] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B912A6B .text C:\Program Files\Google\Chrome\Application\chrome.exe[5788] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5788] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, D1, 52, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5788] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5788] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, D2, 52, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5788] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5788] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, D3, 52, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5788] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5816] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [18, 20, C4, 01] {SBB [EAX], AH; LES EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5816] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5916] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 0C, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5916] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5916] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 0F, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5916] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5916] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 0C, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5916] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5916] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 0D, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5916] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5916] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B918208 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5916] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5916] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 0E, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5916] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5916] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 0D, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5916] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5916] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 0E, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5916] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5916] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B918279 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5916] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5916] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 0C, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5916] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5916] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B9183A7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5916] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5916] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 0D, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5916] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5916] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 0E, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5916] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5916] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 0F, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5916] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 8A54D1F8 Device \FileSystem\Fastfat \FatCdrom 899CD440 Device \FileSystem\Udfs \UdfsCdRom 8A32F1F8 Device \FileSystem\Udfs \UdfsDisk 8A32F1F8 AttachedDevice \Driver\Tcpip \Device\Ip {693a0a5b-aa08-4a3c-b7e8-398a93e02cf2}Gt.sys AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys Device \Driver\usbuhci \Device\USBPDO-0 8A3011F8 Device \Driver\PCI_PNP4978 \Device\00000044 sptd.sys Device \Driver\PCI_PNP4978 \Device\00000044 sptd.sys Device \Driver\usbuhci \Device\USBPDO-1 8A3011F8 Device \Driver\usbehci \Device\USBPDO-2 8A2E91F8 Device \Driver\usbuhci \Device\USBPDO-3 8A3011F8 Device \Driver\usbuhci \Device\USBPDO-4 8A3011F8 AttachedDevice \Driver\Tcpip \Device\Tcp {693a0a5b-aa08-4a3c-b7e8-398a93e02cf2}Gt.sys AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys Device \Driver\usbuhci \Device\USBPDO-5 8A3011F8 Device \Driver\usbehci \Device\USBPDO-6 8A2E91F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{3F33815D-317C-4401-B606-8CB27A95FF17} 89C53440 Device \Driver\Cdrom \Device\CdRom0 8A2D61F8 Device \Driver\atapi \Device\Ide\IdePort0 [B7E68B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B7E68B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B7E68B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [B7E68B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [B7E68B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort4 [B7E68B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort5 [B7E68B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B7E68B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Cdrom \Device\CdRom1 8A2D61F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 89C53440 Device \Driver\NetBT \Device\NetbiosSmb 89C53440 AttachedDevice \Driver\Tcpip \Device\Udp {693a0a5b-aa08-4a3c-b7e8-398a93e02cf2}Gt.sys AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\RawIp {693a0a5b-aa08-4a3c-b7e8-398a93e02cf2}Gt.sys Device \Driver\usbuhci \Device\USBFDO-0 8A3011F8 Device \Driver\usbuhci \Device\USBFDO-1 8A3011F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A252440 Device \Driver\usbehci \Device\USBFDO-2 8A2E91F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A252440 Device \Driver\usbuhci \Device\USBFDO-3 8A3011F8 Device \Driver\usbuhci \Device\USBFDO-4 8A3011F8 Device \Driver\usbuhci \Device\USBFDO-5 8A3011F8 Device \Driver\usbehci \Device\USBFDO-6 8A2E91F8 Device \Driver\acsavrno \Device\Scsi\acsavrno1 8A25F1F8 Device \Driver\acsavrno \Device\Scsi\acsavrno1Port6Path0Target0Lun0 8A25F1F8 Device \FileSystem\Fastfat \Fat 899CD440 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys Device \FileSystem\Cdfs \Cdfs 899C2440 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{E049942F-C8FC-47A8-8E97-1F56E3B0C855}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x88 0xCA 0x3D 0x1C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x26 0xCE 0xC2 0xBE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x48 0xFB 0x68 0x0E ... Reg HKLM\SYSTEM\ControlSet003\Control\Video\{E049942F-C8FC-47A8-8E97-1F56E3B0C855}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x57 0x58 0xC5 0xD8 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x26 0xCE 0xC2 0xBE ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB2 0xD3 0x1D 0x44 ... ---- EOF - GMER 2.1 ----