GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-12-12 15:41:17 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-1a WDC_WD2500AAKS-00L9A0 rev.01.03E01 232,88GB Running: ttcgn9w7.exe; Driver: C:\DOCUME~1\User4\USTAWI~1\Temp\kgdcapob.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xA7F6B3D4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0xA82F39F4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xA7F6BEB2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xA7FB23FC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xA7F7828A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xA7F782D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xA7F78470] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xA7FB1DB0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xA7F781F8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xA7F7831A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xA7F78240] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xA7F6C3E8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xA7F7842A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xA7F6CCA0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xA7F6B43A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xA7FB2AC2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xA7FB2D78] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xA7F6FE32] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xA7FB292D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xA7FB2798] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0xA82F3ACC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xA7F6B026] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xA82F3EAE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xA7F6B4A0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xA7F70228] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xA7F6D7E4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xA7F782B4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xA7F782F8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xA7F78494] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xA7FB210C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xA7F7821E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xA7F6F72A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xA7F783A8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xA7F78268] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xA7F6FB16] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xA7F7844E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xA82F3C4C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xA7FB2613] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xA7F6D5FC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xA7FB2465] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xA7F6D152] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xA8301F9E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwReplaceKey [0xA830296A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xA7FB13F3] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xA7F6B506] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xA7F6B56C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xA7F6CB1A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xA7F6B0C0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xA7F6B292] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xA7FB2BC9] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xA7F6B220] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xA7F6CE6A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xA7F6CFCC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xA7F6B31A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xA7F6C958] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xA7F6CAFA] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0xA82F0C8C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xA7F6B5D2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xA7F6BF0E] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2D5C 80504644 8 Bytes CALL AAF83D0C .text ntkrnlpa.exe!ZwCallbackReturn + 2FD4 805048BC 12 Bytes [06, B5, F6, A7, 6C, B5, F6, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 307C 80504964 12 Bytes [6A, CE, F6, A7, CC, CF, F6, ...] PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64DC 4 Bytes CALL A7F6DE5D \SystemRoot\system32\drivers\aswSnx.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[472] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[996] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes CALL 5F8FD1BC .text C:\Program Files\Google\Chrome\Application\chrome.exe[996] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[996] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, EB, 03, 01] {SUB BL, CH; ADD EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[996] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[996] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes CALL 5F8FD6AC .text C:\Program Files\Google\Chrome\Application\chrome.exe[996] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[996] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes JMP 5F8FD70C .text C:\Program Files\Google\Chrome\Application\chrome.exe[996] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[996] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91DA02 .text C:\Program Files\Google\Chrome\Application\chrome.exe[996] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[996] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes JMP E2FF0103 .text C:\Program Files\Google\Chrome\Application\chrome.exe[996] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[996] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes JMP 5F8FD76C .text C:\Program Files\Google\Chrome\Application\chrome.exe[996] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[996] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes JMP E2FF0103 .text C:\Program Files\Google\Chrome\Application\chrome.exe[996] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[996] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91DA73 .text C:\Program Files\Google\Chrome\Application\chrome.exe[996] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[996] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes CALL 5F8FD81C .text C:\Program Files\Google\Chrome\Application\chrome.exe[996] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[996] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91DBA1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[996] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[996] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes JMP 5F8FDD6C .text C:\Program Files\Google\Chrome\Application\chrome.exe[996] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[996] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes JMP E2FF0103 .text C:\Program Files\Google\Chrome\Application\chrome.exe[996] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[996] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, EB, 03, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[996] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[996] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 013101F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[996] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 013103FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1032] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 14, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1032] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1032] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 17, 84, 00] {SUB [EDI], DL; TEST [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1032] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1032] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 14, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1032] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1032] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 15, 84, 00] {TEST AL, 0x15; TEST [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1032] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1032] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B915A2E .text C:\Program Files\Google\Chrome\Application\chrome.exe[1032] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1032] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 16, 84, 00] {TEST AL, 0x16; TEST [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1032] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1032] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 15, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1032] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1032] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 16, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1032] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1032] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B915A9F .text C:\Program Files\Google\Chrome\Application\chrome.exe[1032] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1032] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 14, 84, 00] {TEST AL, 0x14; TEST [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1032] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1032] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B915BCD .text C:\Program Files\Google\Chrome\Application\chrome.exe[1032] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1032] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 15, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1032] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1032] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 16, 84, 00] {SUB [ESI], DL; TEST [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1032] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1032] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 17, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1032] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1032] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00B201F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1032] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00B203FC .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1536] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [18, 20, C4, 01] {SBB [EAX], AH; LES EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 9C, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 9F, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 9C, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 9D, 88, 00] {TEST AL, 0x9d; MOV [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B915EB6 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 9E, 88, 00] {TEST AL, 0x9e; MOV [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 9D, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 9E, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B915F27 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 9C, 88, 00] {TEST AL, 0x9c; MOV [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B916055 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 9D, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 9E, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 9F, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00B601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00B603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 68, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 6B, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 68, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 69, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91C482 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 6A, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 69, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 6A, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91C4F3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 68, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91C621 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 69, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 6A, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 6B, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 011C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 011C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, B0, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, B3, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, B0, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, B1, 34, 00] {TEST AL, 0xb1; XOR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B910ACA .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, B2, 34, 00] {TEST AL, 0xb2; XOR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, B1, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, B2, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B910B3B .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, B0, 34, 00] {TEST AL, 0xb0; XOR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B910C69 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, B1, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, B2, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, B3, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003F03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, C0, 03, 01] {SUB AL, AL; ADD EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, C3, 03, 01] {SUB BL, AL; ADD EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, C0, 03, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, C1, 03, 01] {TEST AL, 0xc1; ADD EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91D9DA .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, C2, 03, 01] {TEST AL, 0xc2; ADD EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, C1, 03, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, C2, 03, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91DA4B .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, C0, 03, 01] {TEST AL, 0xc0; ADD EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91DB79 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, C1, 03, 01] {SUB CL, AL; ADD EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, C2, 03, 01] {SUB DL, AL; ADD EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, C3, 03, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 013101F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 013103FC ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[808] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[808] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS Device \Driver\Tcpip \Device\Ip aswStmXP.sys Device \Driver\Tcpip \Device\Tcp aswStmXP.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.sys Device \Driver\Tcpip \Device\Udp aswStmXP.sys Device \Driver\Tcpip \Device\RawIp aswStmXP.sys Device \Driver\Tcpip \Device\IPMULTICAST aswStmXP.sys Device mrxsmb.sys Device Fastfat.SYS AttachedDevice fltMgr.sys Device InCDFs.sys Device Cdfs.SYS ---- EOF - GMER 2.1 ----