GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-07-02 23:00:50 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS543216L9A300 rev.FB2OC40C 149,05GB Running: l54ryw5b.exe; Driver: C:\DOCUME~1\auto\USTAWI~1\Temp\axtdapod.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[776] USER32.dll!DefWindowProcA + 11A 7E37C298 7 Bytes JMP 1003B780 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[776] USER32.dll!SetWindowRgn + 2BD 7E37E7E5 7 Bytes JMP 1003B3D0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[776] USER32.dll!SetClipboardData + 19D 7E38113B 7 Bytes JMP 1003B340 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[776] USER32.dll!MessageBoxA + 49 7E3A0833 7 Bytes JMP 1003B680 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[776] USER32.dll!MessageBoxExW + 1F 7E3A0857 7 Bytes JMP 1003B570 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[776] USER32.dll!MessageBoxTimeoutA + CA 7E3B64D0 7 Bytes JMP 1003B6D0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3380] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, E4, 19, 00] {SUB AH, AH; SBB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3380] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3380] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, E7, 19, 00] {SUB BH, AH; SBB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3380] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3380] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, E4, 19, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3380] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3380] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, E5, 19, 00] {TEST AL, 0xe5; SBB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3380] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3380] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EFFE .text C:\Program Files\Google\Chrome\Application\chrome.exe[3380] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3380] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, E6, 19, 00] {TEST AL, 0xe6; SBB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3380] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3380] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, E5, 19, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3380] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3380] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, E6, 19, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3380] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3380] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90F06F .text C:\Program Files\Google\Chrome\Application\chrome.exe[3380] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3380] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, E4, 19, 00] {TEST AL, 0xe4; SBB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3380] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3380] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90F19D .text C:\Program Files\Google\Chrome\Application\chrome.exe[3380] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3380] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, E5, 19, 00] {SUB CH, AH; SBB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3380] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3380] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, E6, 19, 00] {SUB DH, AH; SBB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3380] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3380] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, E7, 19, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3380] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 0C, DE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 0F, DE, 00] {SUB [EDI], CL; FIADD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 0C, DE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 0D, DE, 00] {TEST AL, 0xd; FIADD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91B426 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 0E, DE, 00] {TEST AL, 0xe; FIADD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 0D, DE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 0E, DE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91B497 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 0C, DE, 00] {TEST AL, 0xc; FIADD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91B5C5 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 0D, DE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 0E, DE, 00] {SUB [ESI], CL; FIADD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 0F, DE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 74, F5, 00] {SUB [EBP+ESI*8+0x0], DH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 77, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 74, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 75, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91CB8E .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 76, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 75, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 76, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91CBFF .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 74, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91CD2D .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 75, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 76, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 77, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, A8, DD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, AB, DD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, A8, DD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, A9, DD, 00] {TEST AL, 0xa9; FLD QWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91B3C2 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, AA, DD, 00] {TEST AL, 0xaa; FLD QWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, A9, DD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, AA, DD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91B433 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, A8, DD, 00] {TEST AL, 0xa8; FLD QWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91B561 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, A9, DD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, AA, DD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, AB, DD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 88, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 8B, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 88, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 89, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91ADA2 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 8A, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 89, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 8A, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91AE13 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 88, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91AF41 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 89, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 8A, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 8B, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4312] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [18, F0, C3, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4312] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5272] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 44, 17, 00] {SUB [EDI+EDX+0x0], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5272] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5272] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 47, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5272] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5272] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 44, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5272] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5272] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 45, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5272] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5272] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED5E .text C:\Program Files\Google\Chrome\Application\chrome.exe[5272] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5272] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 46, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5272] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5272] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 45, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5272] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5272] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 46, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5272] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5272] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EDCF .text C:\Program Files\Google\Chrome\Application\chrome.exe[5272] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5272] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 44, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5272] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5272] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEFD .text C:\Program Files\Google\Chrome\Application\chrome.exe[5272] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5272] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 45, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5272] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5272] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 46, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5272] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5272] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 47, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5272] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Elex-tech\YAC\iSafeSvc2.exe[5324] kernel32.dll!CreateRemoteThread + 174 7C810670 4 Bytes JMP 71AF0000 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 98, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 9B, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 98, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 99, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9145B2 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 9A, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 99, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 9A, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B914623 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 98, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B914751 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 99, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 9A, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 9B, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5888] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] ---- User IAT/EAT - GMER 2.2 ---- IAT C:\WINDOWS\Explorer.EXE[2000] @ C:\WINDOWS\Explorer.EXE [USER32.dll!MoveWindow] [10001880] C:\Program Files\Elex-tech\YAC\iDskDllPatch.dll IAT C:\WINDOWS\Explorer.EXE[2000] @ C:\WINDOWS\Explorer.EXE [USER32.dll!EndPaint] [10001C80] C:\Program Files\Elex-tech\YAC\iDskDllPatch.dll IAT C:\WINDOWS\Explorer.EXE[2000] @ C:\WINDOWS\Explorer.EXE [USER32.dll!DeferWindowPos] [10001B10] C:\Program Files\Elex-tech\YAC\iDskDllPatch.dll IAT C:\WINDOWS\Explorer.EXE[2000] @ C:\WINDOWS\Explorer.EXE [USER32.dll!SetWindowPos] [100019D0] C:\Program Files\Elex-tech\YAC\iDskDllPatch.dll ---- Devices - GMER 2.2 ---- AttachedDevice \Driver\Tcpip \Device\Ip iSafeNetFilter.sys AttachedDevice \Driver\Tcpip \Device\Tcp iSafeNetFilter.sys AttachedDevice \Driver\Tcpip \Device\Udp iSafeNetFilter.sys AttachedDevice \Driver\Tcpip \Device\RawIp iSafeNetFilter.sys ---- EOF - GMER 2.2 ----