GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-03-11 18:57:21 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST912082 rev.3.AL 111,79GB Running: kpug5yuu.exe; Driver: C:\DOCUME~1\Admin\USTAWI~1\Temp\pxtdypow.sys ---- System - GMER 2.2 ---- SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwAssignProcessToJobObject [0x9DE27000] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwCreateThread [0x9DE271A0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwDebugActiveProcess [0x9DE27300] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwDuplicateObject [0x9DE27090] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwLoadDriver [0x9DE27200] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwOpenProcess [0x9DE26F50] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwOpenThread [0x9DE26FB0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwProtectVirtualMemory [0x9DE27060] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwQueueApcThread [0x9DE270C0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwReplaceKey [0x9DE273E0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwRestoreKey [0x9DE273C0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetContextThread [0x9DE27040] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetInformationThread [0x9DE27020] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSecurityObject [0x9DE270E0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSystemInformation [0x9DE271E0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSuspendProcess [0x9DE26F80] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSuspendThread [0x9DE26FC0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSystemDebugControl [0x9DE271C0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwTerminateProcess [0x9DE26F60] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwTerminateThread [0x9DE26FE0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwWriteVirtualMemory [0x9DE270A0] ---- Kernel code sections - GMER 2.2 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 307C 80504964 12 Bytes [80, 6F, E2, 9D, C0, 6F, E2, ...] {SUB BYTE [EDI-0x1e], 0x9d; SHR BYTE [EDI-0x1e], 0x9d; SAL BYTE [ECX-0x1e], 0x9d} ---- User code sections - GMER 2.2 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[740] kernel32.dll!SetUnhandledExceptionFilter 7C8449B5 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[916] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, BC, 04, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[916] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[916] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, BF, 04, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[916] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[916] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, BC, 04, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[916] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[916] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, BD, 04, 01] {TEST AL, 0xbd; ADD AL, 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[916] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[916] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91DAD6 .text C:\Program Files\Google\Chrome\Application\chrome.exe[916] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[916] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, BE, 04, 01] {TEST AL, 0xbe; ADD AL, 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[916] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[916] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, BD, 04, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[916] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[916] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, BE, 04, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[916] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[916] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91DB47 .text C:\Program Files\Google\Chrome\Application\chrome.exe[916] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[916] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, BC, 04, 01] {TEST AL, 0xbc; ADD AL, 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[916] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[916] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91DC75 .text C:\Program Files\Google\Chrome\Application\chrome.exe[916] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[916] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, BD, 04, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[916] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[916] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, BE, 04, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[916] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[916] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, BF, 04, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[916] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\WINDOWS\Explorer.EXE[1000] SHELL32.dll!StrStrW 7C9CEF18 8 Bytes [E0, 10, 60, 19, 00, 11, 60, ...] {LOOPNZ 0x12; PUSHA ; SBB [EAX], EAX; ADC [EAX+0x19], ESP} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 3C, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 3F, 39, 00] {SUB [EDI], BH; CMP [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 3C, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 3D, 39, 00] {TEST AL, 0x3d; CMP [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B910F56 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 3E, 39, 00] {TEST AL, 0x3e; CMP [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 3D, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 3E, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B910FC7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 3C, 39, 00] {TEST AL, 0x3c; CMP [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9110F5 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 3D, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 3E, 39, 00] {SUB [ESI], BH; CMP [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 3F, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2152] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 30, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 33, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 30, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 31, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91584A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 32, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 31, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 32, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9158BB .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 30, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9159E9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 31, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 32, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 33, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 20, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 23, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 20, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 21, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91313A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 22, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 21, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 22, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9131AB .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 20, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9132D9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 21, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 22, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 23, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2792] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 4C, D4, 00] {SUB [ESP+EDX*8+0x0], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2792] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2792] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 4F, D4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2792] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2792] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 4C, D4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2792] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2792] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 4D, D4, 00] {TEST AL, 0x4d; AAM 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2792] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2792] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91AA66 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2792] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2792] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 4E, D4, 00] {TEST AL, 0x4e; AAM 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2792] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2792] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 4D, D4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2792] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2792] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 4E, D4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2792] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2792] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91AAD7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2792] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2792] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 4C, D4, 00] {TEST AL, 0x4c; AAM 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2792] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2792] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91AC05 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2792] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2792] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 4D, D4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2792] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2792] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 4E, D4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2792] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2792] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 4F, D4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2792] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, CC, DD, 00] {SUB AH, CL; FLD QWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, CF, DD, 00] {SUB BH, CL; FLD QWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, CC, DD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, CD, DD, 00] {TEST AL, 0xcd; FLD QWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91B3E6 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, CE, DD, 00] {TEST AL, 0xce; FLD QWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, CD, DD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, CE, DD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91B457 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, CC, DD, 00] {TEST AL, 0xcc; FLD QWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91B585 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, CD, DD, 00] {SUB CH, CL; FLD QWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, CE, DD, 00] {SUB DH, CL; FLD QWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, CF, DD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3472] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [18, F0, C3, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3472] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] ---- Devices - GMER 2.2 ---- AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys ---- Registry - GMER 2.2 ---- Reg HKLM\SOFTWARE\Classes\Microsoft.PowerShellScript.1\shell\Uruchom za pomocą programu PowerShell Reg HKLM\SOFTWARE\Classes\Microsoft.PowerShellScript.1\shell\Uruchom za pomocą programu PowerShell\command Reg HKLM\SOFTWARE\Classes\Microsoft.PowerShellScript.1\shell\Uruchom za pomocą programu PowerShell\command@ "C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe" "-file" "%1" ---- EOF - GMER 2.2 ----