GMER 2.0.18444 - http://www.gmer.net Rootkit scan 2013-01-16 00:50:57 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 TOSHIBA_MK2552GSX rev.LV011C 232,89GB Running: k5e0e39e.exe; Driver: C:\Users\tomek\AppData\Local\Temp\ugtdapob.sys ---- Kernel code sections - GMER 2.0 ---- .text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 82C4A839 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C6F3F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x88B95346] .text USBPORT.SYS!DllUnload 8EC4AD18 5 Bytes JMP 860DA410 ---- User code sections - GMER 2.0 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1588] kernel32.dll!SetUnhandledExceptionFilter 771A3122 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1648] ntdll.dll!NtCreateFile + 6 77F046B6 4 Bytes [28, AC, D8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1648] ntdll.dll!NtCreateFile + B 77F046BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1648] ntdll.dll!NtMapViewOfSection + 6 77F04D16 4 Bytes [28, AF, D8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1648] ntdll.dll!NtMapViewOfSection + B 77F04D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1648] ntdll.dll!NtOpenFile + 6 77F04DC6 4 Bytes [68, AC, D8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1648] ntdll.dll!NtOpenFile + B 77F04DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1648] ntdll.dll!NtOpenProcess + 6 77F04E76 4 Bytes [A8, AD, D8, 00] {TEST AL, 0xad; FADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1648] ntdll.dll!NtOpenProcess + B 77F04E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1648] ntdll.dll!NtOpenProcessToken + 6 77F04E86 4 Bytes CALL 76F12738 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1648] ntdll.dll!NtOpenProcessToken + B 77F04E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1648] ntdll.dll!NtOpenProcessTokenEx + 6 77F04E96 4 Bytes [A8, AE, D8, 00] {TEST AL, 0xae; FADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1648] ntdll.dll!NtOpenProcessTokenEx + B 77F04E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1648] ntdll.dll!NtOpenThread + 6 77F04EF6 4 Bytes [68, AD, D8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1648] ntdll.dll!NtOpenThread + B 77F04EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1648] ntdll.dll!NtOpenThreadToken + 6 77F04F06 4 Bytes [68, AE, D8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1648] ntdll.dll!NtOpenThreadToken + B 77F04F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1648] ntdll.dll!NtOpenThreadTokenEx + 6 77F04F16 4 Bytes CALL 76F127C9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1648] ntdll.dll!NtOpenThreadTokenEx + B 77F04F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1648] ntdll.dll!NtQueryAttributesFile + 6 77F05026 4 Bytes [A8, AC, D8, 00] {TEST AL, 0xac; FADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1648] ntdll.dll!NtQueryAttributesFile + B 77F0502B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1648] ntdll.dll!NtQueryFullAttributesFile + 6 77F050D6 4 Bytes CALL 76F12987 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1648] ntdll.dll!NtQueryFullAttributesFile + B 77F050DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1648] ntdll.dll!NtSetInformationFile + 6 77F05726 4 Bytes [28, AD, D8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1648] ntdll.dll!NtSetInformationFile + B 77F0572B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1648] ntdll.dll!NtSetInformationThread + 6 77F05786 4 Bytes [28, AE, D8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1648] ntdll.dll!NtSetInformationThread + B 77F0578B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1648] ntdll.dll!NtUnmapViewOfSection + 6 77F05AA6 4 Bytes [68, AF, D8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1648] ntdll.dll!NtUnmapViewOfSection + B 77F05AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtCreateFile + 6 77F046B6 4 Bytes [28, 4C, D0, 00] {SUB [EAX+EDX*8+0x0], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtCreateFile + B 77F046BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtMapViewOfSection + 6 77F04D16 4 Bytes [28, 4F, D0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtMapViewOfSection + B 77F04D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtOpenFile + 6 77F04DC6 4 Bytes [68, 4C, D0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtOpenFile + B 77F04DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtOpenProcess + 6 77F04E76 4 Bytes [A8, 4D, D0, 00] {TEST AL, 0x4d; ROL BYTE [EAX], 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtOpenProcess + B 77F04E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtOpenProcessToken + 6 77F04E86 4 Bytes CALL 76F11ED8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtOpenProcessToken + B 77F04E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtOpenProcessTokenEx + 6 77F04E96 4 Bytes [A8, 4E, D0, 00] {TEST AL, 0x4e; ROL BYTE [EAX], 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtOpenProcessTokenEx + B 77F04E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtOpenThread + 6 77F04EF6 4 Bytes [68, 4D, D0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtOpenThread + B 77F04EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtOpenThreadToken + 6 77F04F06 4 Bytes [68, 4E, D0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtOpenThreadToken + B 77F04F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtOpenThreadTokenEx + 6 77F04F16 4 Bytes CALL 76F11F69 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtOpenThreadTokenEx + B 77F04F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtQueryAttributesFile + 6 77F05026 4 Bytes [A8, 4C, D0, 00] {TEST AL, 0x4c; ROL BYTE [EAX], 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtQueryAttributesFile + B 77F0502B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtQueryFullAttributesFile + 6 77F050D6 4 Bytes CALL 76F12127 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtQueryFullAttributesFile + B 77F050DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtSetInformationFile + 6 77F05726 4 Bytes [28, 4D, D0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtSetInformationFile + B 77F0572B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtSetInformationThread + 6 77F05786 4 Bytes [28, 4E, D0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtSetInformationThread + B 77F0578B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtUnmapViewOfSection + 6 77F05AA6 4 Bytes [68, 4F, D0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtUnmapViewOfSection + B 77F05AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtCreateFile + 6 77F046B6 4 Bytes [28, 64, 53, 00] {SUB [EBX+EDX*2+0x0], AH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtCreateFile + B 77F046BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtMapViewOfSection + 6 77F04D16 4 Bytes [28, 67, 53, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtMapViewOfSection + B 77F04D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenFile + 6 77F04DC6 4 Bytes [68, 64, 53, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenFile + B 77F04DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenProcess + 6 77F04E76 4 Bytes [A8, 65, 53, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenProcess + B 77F04E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenProcessToken + 6 77F04E86 4 Bytes CALL 76F0A1F0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenProcessToken + B 77F04E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenProcessTokenEx + 6 77F04E96 4 Bytes [A8, 66, 53, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenProcessTokenEx + B 77F04E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenThread + 6 77F04EF6 4 Bytes [68, 65, 53, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenThread + B 77F04EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenThreadToken + 6 77F04F06 4 Bytes [68, 66, 53, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenThreadToken + B 77F04F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenThreadTokenEx + 6 77F04F16 4 Bytes CALL 76F0A281 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenThreadTokenEx + B 77F04F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtQueryAttributesFile + 6 77F05026 4 Bytes [A8, 64, 53, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtQueryAttributesFile + B 77F0502B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtQueryFullAttributesFile + 6 77F050D6 4 Bytes CALL 76F0A43F .text C:\Program Files\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtQueryFullAttributesFile + B 77F050DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtSetInformationFile + 6 77F05726 4 Bytes [28, 65, 53, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtSetInformationFile + B 77F0572B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtSetInformationThread + 6 77F05786 4 Bytes [28, 66, 53, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtSetInformationThread + B 77F0578B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtUnmapViewOfSection + 6 77F05AA6 4 Bytes [68, 67, 53, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtUnmapViewOfSection + B 77F05AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtCreateFile + 6 77F046B6 4 Bytes [28, 5C, 44, 00] {SUB [ESP+EAX*2+0x0], BL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtCreateFile + B 77F046BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtMapViewOfSection + 6 77F04D16 4 Bytes [28, 5F, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtMapViewOfSection + B 77F04D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenFile + 6 77F04DC6 4 Bytes [68, 5C, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenFile + B 77F04DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcess + 6 77F04E76 4 Bytes [A8, 5D, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcess + B 77F04E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcessToken + 6 77F04E86 4 Bytes CALL 76F092E8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcessToken + B 77F04E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcessTokenEx + 6 77F04E96 4 Bytes [A8, 5E, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcessTokenEx + B 77F04E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThread + 6 77F04EF6 4 Bytes [68, 5D, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThread + B 77F04EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThreadToken + 6 77F04F06 4 Bytes [68, 5E, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThreadToken + B 77F04F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThreadTokenEx + 6 77F04F16 4 Bytes CALL 76F09379 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThreadTokenEx + B 77F04F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtQueryAttributesFile + 6 77F05026 4 Bytes [A8, 5C, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtQueryAttributesFile + B 77F0502B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtQueryFullAttributesFile + 6 77F050D6 4 Bytes CALL 76F09537 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtQueryFullAttributesFile + B 77F050DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtSetInformationFile + 6 77F05726 4 Bytes [28, 5D, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtSetInformationFile + B 77F0572B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtSetInformationThread + 6 77F05786 4 Bytes [28, 5E, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtSetInformationThread + B 77F0578B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtUnmapViewOfSection + 6 77F05AA6 4 Bytes [68, 5F, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtUnmapViewOfSection + B 77F05AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3804] ntdll.dll!NtCreateFile + 6 77F046B6 4 Bytes [28, E4, C0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3804] ntdll.dll!NtCreateFile + B 77F046BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3804] ntdll.dll!NtMapViewOfSection + 6 77F04D16 4 Bytes [28, E7, C0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3804] ntdll.dll!NtMapViewOfSection + B 77F04D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3804] ntdll.dll!NtOpenFile + 6 77F04DC6 4 Bytes [68, E4, C0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3804] ntdll.dll!NtOpenFile + B 77F04DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3804] ntdll.dll!NtOpenProcess + 6 77F04E76 4 Bytes [A8, E5, C0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3804] ntdll.dll!NtOpenProcess + B 77F04E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3804] ntdll.dll!NtOpenProcessToken + 6 77F04E86 4 Bytes CALL 76F10F70 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3804] ntdll.dll!NtOpenProcessToken + B 77F04E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3804] ntdll.dll!NtOpenProcessTokenEx + 6 77F04E96 4 Bytes [A8, E6, C0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3804] ntdll.dll!NtOpenProcessTokenEx + B 77F04E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3804] ntdll.dll!NtOpenThread + 6 77F04EF6 4 Bytes [68, E5, C0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3804] ntdll.dll!NtOpenThread + B 77F04EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3804] ntdll.dll!NtOpenThreadToken + 6 77F04F06 4 Bytes [68, E6, C0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3804] ntdll.dll!NtOpenThreadToken + B 77F04F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3804] ntdll.dll!NtOpenThreadTokenEx + 6 77F04F16 4 Bytes CALL 76F11001 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3804] ntdll.dll!NtOpenThreadTokenEx + B 77F04F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3804] ntdll.dll!NtQueryAttributesFile + 6 77F05026 4 Bytes [A8, E4, C0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3804] ntdll.dll!NtQueryAttributesFile + B 77F0502B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3804] ntdll.dll!NtQueryFullAttributesFile + 6 77F050D6 4 Bytes CALL 76F111BF .text C:\Program Files\Google\Chrome\Application\chrome.exe[3804] ntdll.dll!NtQueryFullAttributesFile + B 77F050DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3804] ntdll.dll!NtSetInformationFile + 6 77F05726 4 Bytes [28, E5, C0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3804] ntdll.dll!NtSetInformationFile + B 77F0572B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3804] ntdll.dll!NtSetInformationThread + 6 77F05786 4 Bytes [28, E6, C0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3804] ntdll.dll!NtSetInformationThread + B 77F0578B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3804] ntdll.dll!NtUnmapViewOfSection + 6 77F05AA6 4 Bytes [68, E7, C0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3804] ntdll.dll!NtUnmapViewOfSection + B 77F05AAB 1 Byte [E2] ---- Kernel IAT/EAT - GMER 2.0 ---- IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [88A9A730] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [88A9AF12] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [88A9B232] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [88A9B0F0] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [88A9A914] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ---- Files - GMER 2.0 ---- File C:\Users\tomek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0007c2 17485 bytes File C:\Users\tomek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0007c7 0 bytes File C:\Users\tomek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000dcf 58374 bytes File C:\Users\tomek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0018bf 16631 bytes File C:\Users\tomek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0018c0 20462 bytes File C:\Users\tomek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0018c1 16479 bytes File C:\Users\tomek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0018c2 17394 bytes File C:\Users\tomek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0018c3 17525 bytes File C:\Users\tomek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0018c4 17071 bytes File C:\Users\tomek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0018c5 19372 bytes File C:\Users\tomek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0018c6 16475 bytes File C:\Users\tomek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0018c7 16676 bytes File C:\Users\tomek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0018c8 17519 bytes File C:\Users\tomek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0018c9 17555 bytes File C:\Users\tomek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0018cb 26321 bytes File C:\Users\tomek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0018cc 26037 bytes File C:\Users\tomek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0018cd 26037 bytes File C:\Users\tomek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0018ce 22370 bytes File C:\Users\tomek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0018cf 22370 bytes File C:\Users\tomek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0018d0 20971 bytes File C:\Users\tomek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0018d1 17588 bytes File C:\Users\tomek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0018d3 37759 bytes File C:\Users\tomek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0018d4 65731 bytes File C:\Users\tomek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0018d5 19011 bytes File C:\Users\tomek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0018d6 16940 bytes File C:\Users\tomek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0018d2 19236 bytes ---- EOF - GMER 2.0 ----