GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-02-11 15:57:19 Windows 5.1.2600 Dodatek Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e WDC_WD1600BEVS-07RST0 rev.04.01G04 149,05GB Running: 2hv89tl0.exe; Driver: C:\DOCUME~1\User\USTAWI~1\Temp\kwtcaaow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xA782F48C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0xA7A74860] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xA782FF6A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xA787667C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xA783C568] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xA783C5B4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xA783C74E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xA7876030] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xA783C4D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xA783C5F8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xA783C51E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xA78304A0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xA783C708] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xA7830D58] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xA782F4F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xA7876D42] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xA7876FF8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xA7833EF4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xA7876BAD] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xA7876A18] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0xA7A74938] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xA782F0DE] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xA7A74D1A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xA782F558] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xA78342EA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xA78318C6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xA783C592] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xA783C5D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xA783C772] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xA787638C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xA783C4FC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xA78337CC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xA783C686] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xA783C546] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xA7833BC2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xA783C72C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xA7A74AB8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xA7876893] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xA78316DE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xA78766E5] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xA783120A] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xA7A82A62] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwReplaceKey [0xA7A8342E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xA7875673] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xA782F5BE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xA782F624] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xA7830BD2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xA782F178] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xA782F34A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xA7876E49] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xA782F2D8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xA7830F22] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xA7831084] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xA782F3D2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xA7830A10] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xA7830BB2] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0xA7A71AF8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xA782F68A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xA782FFC6] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2D54 80503B28 8 Bytes JMP C6A78342 .text ntkrnlpa.exe!ZwCallbackReturn + 2EE4 80503CB8 12 Bytes [BE, F5, 82, A7, 24, F6, 82, ...] {MOV ESI, 0x24a782f5; TEST BYTE [EDX-0x7cf42d59], 0xa7} .text ntkrnlpa.exe!ZwCallbackReturn + 2F8C 80503D60 12 Bytes [22, 0F, 83, A7, 84, 10, 83, ...] PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A4F7C 4 Bytes CALL A7831F1B \SystemRoot\system32\drivers\aswSnx.sys ? aswRvrt.sys Nie można odnaleźć określonego pliku. ! ? aswVmm.sys Nie można odnaleźć określonego pliku. ! ? system32\drivers\aswSP.sys System nie może odnaleźć określonej ścieżki. ! ? system32\drivers\aswRdr.sys System nie może odnaleźć określonej ścieżki. ! ? system32\drivers\aswSnx.sys System nie może odnaleźć określonej ścieżki. ! ? system32\drivers\aswMonFlt.sys System nie może odnaleźć określonej ścieżki. ! ? system32\drivers\aswStmXP.sys System nie może odnaleźć określonej ścieżki. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 18, 34, 00] {SUB [EAX], BL; XOR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 1B, 34, 00] {SUB [EBX], BL; XOR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 18, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 19, 34, 00] {TEST AL, 0x19; XOR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B910A32 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 1A, 34, 00] {TEST AL, 0x1a; XOR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 19, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 1A, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B910AA3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 18, 34, 00] {TEST AL, 0x18; XOR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B910BD1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 19, 34, 00] {SUB [ECX], BL; XOR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 1A, 34, 00] {SUB [EDX], BL; XOR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 1B, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 36EA01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1108] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 36EA03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 98, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 9B, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 98, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 99, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B919FB2 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 9A, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 99, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 9A, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91A023 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 98, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91A151 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 99, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 9A, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 9B, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 5D2901F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 5D2903FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 79, 00] {SUB [EAX], AL; JNS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 79, 00] {SUB [EBX], AL; JNS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 79, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 79, 00] {TEST AL, 0x1; JNS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B914F1A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 79, 00] {TEST AL, 0x2; JNS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 79, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 79, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B914F8B .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 79, 00] {TEST AL, 0x0; JNS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9150B9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 79, 00] {SUB [ECX], AL; JNS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 79, 00] {SUB [EDX], AL; JNS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 79, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 7BBA01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 7BBA03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [18, F0, C3, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 781F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 781F03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] WS2_32.dll!WSASocketW 71A539CB 7 Bytes JMP 01B3DCE0 C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\FrothedAntilogs\ReconsolidatingSachet.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] WS2_32.dll!socket 71A53B91 5 Bytes JMP 01B34060 C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\FrothedAntilogs\ReconsolidatingSachet.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] WS2_32.dll!connect 71A5406A 5 Bytes JMP 01B31000 C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\FrothedAntilogs\ReconsolidatingSachet.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] WS2_32.dll!send 71A5428A 5 Bytes JMP 01B33BB0 C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\FrothedAntilogs\ReconsolidatingSachet.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 01B32A50 C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\FrothedAntilogs\ReconsolidatingSachet.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] WS2_32.dll!recv 71A5615A 5 Bytes JMP 01B3D320 C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\FrothedAntilogs\ReconsolidatingSachet.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 01B35830 C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\FrothedAntilogs\ReconsolidatingSachet.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] WS2_32.dll!WSASocketA 71A58769 5 Bytes JMP 01B34C90 C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\FrothedAntilogs\ReconsolidatingSachet.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 01B3CA30 C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\FrothedAntilogs\ReconsolidatingSachet.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] WS2_32.dll!WSAConnect 71A60C69 5 Bytes JMP 01B3A410 C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\FrothedAntilogs\ReconsolidatingSachet.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] CRYPT32.dll!CryptVerifyCertificateSignatureEx 77A86FB4 5 Bytes JMP 02C25029 C:\Program Files\Google\Chrome\Application\48.0.2564.109\chrome.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, D4, 8B, 00] {SUB AH, DL; MOV EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, D7, 8B, 00] {SUB BH, DL; MOV EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, D4, 8B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, D5, 8B, 00] {TEST AL, 0xd5; MOV EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9161EE .text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, D6, 8B, 00] {TEST AL, 0xd6; MOV EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, D5, 8B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, D6, 8B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91625F .text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, D4, 8B, 00] {TEST AL, 0xd4; MOV EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91638D .text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, D5, 8B, 00] {SUB CH, DL; MOV EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, D6, 8B, 00] {SUB DH, DL; MOV EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, D7, 8B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 49FD01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 49FD03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, C4, 4D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, C7, 4D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, C4, 4D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, C5, 4D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9123DE .text C:\Program Files\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, C6, 4D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, C5, 4D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, C6, 4D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91244F .text C:\Program Files\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, C4, 4D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91257D .text C:\Program Files\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, C5, 4D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, C6, 4D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, C7, 4D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 6DA301F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 6DA303FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 7C, 56, 00] {SUB [ESI+EDX*2+0x0], BH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 7F, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 7C, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 7D, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912C96 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 7E, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 7D, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 7E, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912D07 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 7C, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912E35 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 7D, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 7E, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 7F, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 094201F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 094203FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 40, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 43, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 40, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 41, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912A5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 42, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 41, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 42, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912ACB .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 40, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912BF9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 41, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 42, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 43, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 1C6A01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1C6A03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, A8, D4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, AB, D4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, A8, D4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, A9, D4, 00] {TEST AL, 0xa9; AAM 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91AAC2 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, AA, D4, 00] {TEST AL, 0xaa; AAM 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, A9, D4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, AA, D4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91AB33 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, A8, D4, 00] {TEST AL, 0xa8; AAM 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91AC61 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, A9, D4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, AA, D4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, AB, D4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 558101F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 558103FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, F8, DD, 00] {SUB AL, BH; FLD QWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, FB, DD, 00] {SUB BL, BH; FLD QWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, F8, DD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, F9, DD, 00] {TEST AL, 0xf9; FLD QWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91B412 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, FA, DD, 00] {TEST AL, 0xfa; FLD QWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, F9, DD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, FA, DD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91B483 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, F8, DD, 00] {TEST AL, 0xf8; FLD QWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91B5B1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, F9, DD, 00] {SUB CL, BH; FLD QWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, FA, DD, 00] {SUB DL, BH; FLD QWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, FB, DD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 703101F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 703103FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 6C, E1, 00] {SUB [ECX+0x0], CH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 6F, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 6C, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 6D, E1, 00] {TEST AL, 0x6d; LOOPZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91B786 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 6E, E1, 00] {TEST AL, 0x6e; LOOPZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 6D, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 6E, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91B7F7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 6C, E1, 00] {TEST AL, 0x6c; LOOPZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91B925 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 6D, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 6E, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 6F, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 26FC01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 26FC03FC ---- Devices - GMER 2.1 ---- Device \Driver\Tcpip \Device\Ip aswStmXP.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Wdf01000.sys Device \Driver\Tcpip \Device\Tcp aswStmXP.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.sys Device \Driver\BTHUSB \Device\00000084 bthport.sys Device \Driver\BTHUSB \Device\00000084 bthport.sys Device \Driver\BTHUSB \Device\00000086 bthport.sys Device \Driver\BTHUSB \Device\00000086 bthport.sys Device \Driver\Tcpip \Device\Udp aswStmXP.sys Device \Driver\Tcpip \Device\RawIp aswStmXP.sys Device \Driver\Tcpip \Device\IPMULTICAST aswStmXP.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ?'? ?%????????????????????D??\???v??????Microsoft???volume.inf???h??2.0.3.822????;?;?;?;????{8ECC055D-047F-11D1-A537-0000F8753ED1}\0026??&???????(?$???????? ????????+??? ???B???????????s??C:\DOCUME~1\User\USTAWI~1\Temp\winnmwm.exe:*:Enabled:ipsec?ode???,z??/??? ??????????????????????am???????????????!?(?!?)???? ???????????????????????????????????????C:\DOCUME~1\User\USTAWI~1\Temp\winoefcs.exe:*:Enabled:ipsec?ak???????????1?????????1?1??? ???????*???????????$?????????????????/?R??0.0.0.0??4??NORWAY??WLAN?&???*????????????????????????????????N??*???*???D??Stacja dysk?w?age USB Device???????????????M?????? ??*???%???e??Rodzajowy klasyfikator pakietu????????D??]???v??s???????`????w???????!???(r??/???+???????????????????????????????????????????????????????????????????????g????p??>???????????????????e???????*???%???????????????????????????????????v???????????????????????g????R??Q?????????????????????? ??????g????C:\DOCUME~1\User\USTAWI~1\Temp\yitliv.exe:*:Enabled:ipsec???.NT??????;?;?;?;?;??wdmaud,swmidi,redbook?? Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e370e6e9d Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e370e6e9d@0021080d749a 0x27 0x0C 0x3E 0xD5 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e370e6e9d@000fdec09131 0x75 0x1C 0x00 0x65 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e370e6e9d@0026695917eb 0xA7 0xFC 0x78 0xF1 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e370e6e9d@d4cbaf0e0cc0 0x15 0x0D 0xC4 0x63 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e370e6e9d@0026687f0b0b 0x3C 0xC9 0xC3 0x31 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e370e6e9d@001882253896 0x33 0x70 0x13 0xFC ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e370e6e9d@0025d068aac8 0xD5 0x26 0xDC 0xF6 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e370e6e9d@dccebc15f2fd 0xA9 0xDD 0x3E 0xB5 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e370e6e9d (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e370e6e9d@0021080d749a 0x27 0x0C 0x3E 0xD5 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e370e6e9d@000fdec09131 0x75 0x1C 0x00 0x65 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e370e6e9d@0026695917eb 0xA7 0xFC 0x78 0xF1 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e370e6e9d@d4cbaf0e0cc0 0x15 0x0D 0xC4 0x63 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e370e6e9d@0026687f0b0b 0x3C 0xC9 0xC3 0x31 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e370e6e9d@001882253896 0x33 0x70 0x13 0xFC ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e370e6e9d@0025d068aac8 0xD5 0x26 0xDC 0xF6 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e370e6e9d@dccebc15f2fd 0xA9 0xDD 0x3E 0xB5 ... ---- EOF - GMER 2.1 ----