GMER 2.0.18454 - http://www.gmer.net Rootkit scan 2013-02-05 20:04:32 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1 465,76GB Running: iksvnov8.exe; Driver: C:\Users\Anna\AppData\Local\Temp\aftcqaog.sys ---- Kernel code sections - GMER 2.0 ---- .text ntoskrnl.exe!ZwRollbackTransaction + 13E9 83443899 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 83463312 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .sptd1 C:\windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x8BF1F346] .text USBPORT.SYS!DllUnload 95EC5D18 5 Bytes JMP 867CC1D8 ---- User code sections - GMER 2.0 ---- .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtCreateFile + 6 77CE46B6 4 Bytes [28, 98, 8E, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtCreateFile + B 77CE46BB 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtMapViewOfSection + 6 77CE4D16 4 Bytes [28, 9B, 8E, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtMapViewOfSection + B 77CE4D1B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenFile + 6 77CE4DC6 4 Bytes [68, 98, 8E, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenFile + B 77CE4DCB 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenProcess + 6 77CE4E76 4 Bytes [A8, 99, 8E, 00] {TEST AL, 0x99; MOV ES, [EAX]} .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenProcess + B 77CE4E7B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenProcessToken + B 77CE4E8B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenProcessTokenEx + 6 77CE4E96 4 Bytes [A8, 9A, 8E, 00] {TEST AL, 0x9a; MOV ES, [EAX]} .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenProcessTokenEx + B 77CE4E9B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenThread + 6 77CE4EF6 4 Bytes [68, 99, 8E, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenThread + B 77CE4EFB 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenThreadToken + 6 77CE4F06 4 Bytes [68, 9A, 8E, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenThreadToken + B 77CE4F0B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenThreadTokenEx + B 77CE4F1B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtQueryAttributesFile + 6 77CE5026 4 Bytes [A8, 98, 8E, 00] {TEST AL, 0x98; MOV ES, [EAX]} .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtQueryAttributesFile + B 77CE502B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtQueryFullAttributesFile + B 77CE50DB 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtSetInformationFile + 6 77CE5726 4 Bytes [28, 99, 8E, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtSetInformationFile + B 77CE572B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtSetInformationThread + 6 77CE5786 4 Bytes [28, 9A, 8E, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtSetInformationThread + B 77CE578B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtUnmapViewOfSection + 6 77CE5AA6 4 Bytes [68, 9B, 8E, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtUnmapViewOfSection + B 77CE5AAB 1 Byte [E2] ÒuÛŠëÔÿÿÿÿcsrss.exentry point in "ÒuÛŠëÔÿÿÿÿcsrss.exentry point in "" section [0x0042E238] C:\Users\Anna\AppData\Local\csrss.exe[2116] C:\Users\Anna\AppData\Local\csrss.exe entry point in "ÒuÛŠëÔÿÿÿÿcsrss.exentry point in "" section [0x0042E238] ÒuÛŠëÔÿÿÿÿcsrss.exunknown last code section [0x00424000, 0x19000, 0xC00000E0] C:\Users\Anna\AppData\Local\csrss.exe[2116] C:\Users\Anna\AppData\Local\csrss.exe unknown last code section [0x00424000, 0x19000, 0xC00000E0] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtCreateFile + 6 77CE46B6 4 Bytes [28, 30, 1E, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtCreateFile + B 77CE46BB 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtMapViewOfSection + 6 77CE4D16 4 Bytes [28, 33, 1E, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtMapViewOfSection + B 77CE4D1B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtOpenFile + 6 77CE4DC6 4 Bytes [68, 30, 1E, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtOpenFile + B 77CE4DCB 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtOpenProcess + 6 77CE4E76 4 Bytes [A8, 31, 1E, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtOpenProcess + B 77CE4E7B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtOpenProcessToken + B 77CE4E8B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtOpenProcessTokenEx + 6 77CE4E96 4 Bytes [A8, 32, 1E, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtOpenProcessTokenEx + B 77CE4E9B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtOpenThread + 6 77CE4EF6 4 Bytes [68, 31, 1E, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtOpenThread + B 77CE4EFB 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtOpenThreadToken + 6 77CE4F06 4 Bytes [68, 32, 1E, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtOpenThreadToken + B 77CE4F0B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtOpenThreadTokenEx + B 77CE4F1B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtQueryAttributesFile + 6 77CE5026 4 Bytes [A8, 30, 1E, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtQueryAttributesFile + B 77CE502B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtQueryFullAttributesFile + B 77CE50DB 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtSetInformationFile + 6 77CE5726 4 Bytes [28, 31, 1E, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtSetInformationFile + B 77CE572B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtSetInformationThread + 6 77CE5786 4 Bytes [28, 32, 1E, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtSetInformationThread + B 77CE578B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtUnmapViewOfSection + 6 77CE5AA6 4 Bytes [68, 33, 1E, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtUnmapViewOfSection + B 77CE5AAB 1 Byte [E2] ÒuÛŠëÔÿÿÿÿservicesentry point in "ÒuÛŠëÔÿÿÿÿservicesentry point in "" section [0x0042E238] C:\Users\Anna\AppData\Local\services.exe[2164] C:\Users\Anna\AppData\Local\services.exe entry point in "ÒuÛŠëÔÿÿÿÿservicesentry point in "" section [0x0042E238] ÒuÛŠëÔÿÿÿÿservicesunknown last code section [0x00424000, 0x19000, 0xC00000E0] C:\Users\Anna\AppData\Local\services.exe[2164] C:\Users\Anna\AppData\Local\services.exe unknown last code section [0x00424000, 0x19000, 0xC00000E0] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtCreateFile + 6 77CE46B6 4 Bytes [28, 3C, D0, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtCreateFile + B 77CE46BB 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtMapViewOfSection + 6 77CE4D16 4 Bytes [28, 3F, D0, 00] {SUB [EDI], BH; ROL BYTE [EAX], 0x1} .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtMapViewOfSection + B 77CE4D1B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenFile + 6 77CE4DC6 4 Bytes [68, 3C, D0, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenFile + B 77CE4DCB 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcess + 6 77CE4E76 4 Bytes [A8, 3D, D0, 00] {TEST AL, 0x3d; ROL BYTE [EAX], 0x1} .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcess + B 77CE4E7B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcessToken + B 77CE4E8B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcessTokenEx + 6 77CE4E96 4 Bytes [A8, 3E, D0, 00] {TEST AL, 0x3e; ROL BYTE [EAX], 0x1} .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcessTokenEx + B 77CE4E9B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThread + 6 77CE4EF6 4 Bytes [68, 3D, D0, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThread + B 77CE4EFB 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThreadToken + 6 77CE4F06 4 Bytes [68, 3E, D0, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThreadToken + B 77CE4F0B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThreadTokenEx + B 77CE4F1B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtQueryAttributesFile + 6 77CE5026 4 Bytes [A8, 3C, D0, 00] {TEST AL, 0x3c; ROL BYTE [EAX], 0x1} .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtQueryAttributesFile + B 77CE502B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtQueryFullAttributesFile + B 77CE50DB 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtSetInformationFile + 6 77CE5726 4 Bytes [28, 3D, D0, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtSetInformationFile + B 77CE572B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtSetInformationThread + 6 77CE5786 4 Bytes [28, 3E, D0, 00] {SUB [ESI], BH; ROL BYTE [EAX], 0x1} .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtSetInformationThread + B 77CE578B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtUnmapViewOfSection + 6 77CE5AA6 4 Bytes [68, 3F, D0, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtUnmapViewOfSection + B 77CE5AAB 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2272] ntdll.dll!NtCreateFile + 6 77CE46B6 4 Bytes [28, 94, EE, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2272] ntdll.dll!NtCreateFile + B 77CE46BB 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2272] ntdll.dll!NtMapViewOfSection + 6 77CE4D16 4 Bytes [28, 97, EE, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2272] ntdll.dll!NtMapViewOfSection + B 77CE4D1B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2272] ntdll.dll!NtOpenFile + 6 77CE4DC6 4 Bytes [68, 94, EE, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2272] ntdll.dll!NtOpenFile + B 77CE4DCB 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2272] ntdll.dll!NtOpenProcess + 6 77CE4E76 4 Bytes [A8, 95, EE, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2272] ntdll.dll!NtOpenProcess + B 77CE4E7B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2272] ntdll.dll!NtOpenProcessToken + B 77CE4E8B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2272] ntdll.dll!NtOpenProcessTokenEx + 6 77CE4E96 4 Bytes [A8, 96, EE, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2272] ntdll.dll!NtOpenProcessTokenEx + B 77CE4E9B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2272] ntdll.dll!NtOpenThread + 6 77CE4EF6 4 Bytes [68, 95, EE, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2272] ntdll.dll!NtOpenThread + B 77CE4EFB 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2272] ntdll.dll!NtOpenThreadToken + 6 77CE4F06 4 Bytes [68, 96, EE, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2272] ntdll.dll!NtOpenThreadToken + B 77CE4F0B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2272] ntdll.dll!NtOpenThreadTokenEx + B 77CE4F1B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2272] ntdll.dll!NtQueryAttributesFile + 6 77CE5026 4 Bytes [A8, 94, EE, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2272] ntdll.dll!NtQueryAttributesFile + B 77CE502B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2272] ntdll.dll!NtQueryFullAttributesFile + B 77CE50DB 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2272] ntdll.dll!NtSetInformationFile + 6 77CE5726 4 Bytes [28, 95, EE, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2272] ntdll.dll!NtSetInformationFile + B 77CE572B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2272] ntdll.dll!NtSetInformationThread + 6 77CE5786 4 Bytes [28, 96, EE, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2272] ntdll.dll!NtSetInformationThread + B 77CE578B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2272] ntdll.dll!NtUnmapViewOfSection + 6 77CE5AA6 4 Bytes [68, 97, EE, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2272] ntdll.dll!NtUnmapViewOfSection + B 77CE5AAB 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtCreateFile + 6 77CE46B6 4 Bytes [28, AC, 9E, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtCreateFile + B 77CE46BB 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtMapViewOfSection + 6 77CE4D16 4 Bytes [28, AF, 9E, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtMapViewOfSection + B 77CE4D1B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtOpenFile + 6 77CE4DC6 4 Bytes [68, AC, 9E, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtOpenFile + B 77CE4DCB 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtOpenProcess + 6 77CE4E76 4 Bytes [A8, AD, 9E, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtOpenProcess + B 77CE4E7B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtOpenProcessToken + B 77CE4E8B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtOpenProcessTokenEx + 6 77CE4E96 4 Bytes [A8, AE, 9E, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtOpenProcessTokenEx + B 77CE4E9B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtOpenThread + 6 77CE4EF6 4 Bytes [68, AD, 9E, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtOpenThread + B 77CE4EFB 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtOpenThreadToken + 6 77CE4F06 4 Bytes [68, AE, 9E, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtOpenThreadToken + B 77CE4F0B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtOpenThreadTokenEx + B 77CE4F1B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtQueryAttributesFile + 6 77CE5026 4 Bytes [A8, AC, 9E, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtQueryAttributesFile + B 77CE502B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtQueryFullAttributesFile + B 77CE50DB 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtSetInformationFile + 6 77CE5726 4 Bytes [28, AD, 9E, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtSetInformationFile + B 77CE572B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtSetInformationThread + 6 77CE5786 4 Bytes [28, AE, 9E, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtSetInformationThread + B 77CE578B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtUnmapViewOfSection + 6 77CE5AA6 4 Bytes [68, AF, 9E, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtUnmapViewOfSection + B 77CE5AAB 1 Byte [E2] .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[3684] kernel32.dll!SetUnhandledExceptionFilter 76213122 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtCreateFile + 6 77CE46B6 4 Bytes [28, 50, C2, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtCreateFile + B 77CE46BB 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtMapViewOfSection + 6 77CE4D16 4 Bytes [28, 53, C2, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtMapViewOfSection + B 77CE4D1B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenFile + 6 77CE4DC6 4 Bytes [68, 50, C2, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenFile + B 77CE4DCB 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenProcess + 6 77CE4E76 4 Bytes [A8, 51, C2, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenProcess + B 77CE4E7B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenProcessToken + B 77CE4E8B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenProcessTokenEx + 6 77CE4E96 4 Bytes [A8, 52, C2, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenProcessTokenEx + B 77CE4E9B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenThread + 6 77CE4EF6 4 Bytes [68, 51, C2, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenThread + B 77CE4EFB 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenThreadToken + 6 77CE4F06 4 Bytes [68, 52, C2, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenThreadToken + B 77CE4F0B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenThreadTokenEx + B 77CE4F1B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtQueryAttributesFile + 6 77CE5026 4 Bytes [A8, 50, C2, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtQueryAttributesFile + B 77CE502B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtQueryFullAttributesFile + B 77CE50DB 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtSetInformationFile + 6 77CE5726 4 Bytes [28, 51, C2, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtSetInformationFile + B 77CE572B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtSetInformationThread + 6 77CE5786 4 Bytes [28, 52, C2, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtSetInformationThread + B 77CE578B 1 Byte [E2] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtUnmapViewOfSection + 6 77CE5AA6 4 Bytes [68, 53, C2, 00] .text C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtUnmapViewOfSection + B 77CE5AAB 1 Byte [E2] ÒuÛŠëÔÿÿÿÿwinlogonentry point in "ÒuÛŠëÔÿÿÿÿwinlogonentry point in "" section [0x0042E238] C:\Users\Anna\AppData\Local\winlogon.exe[3824] C:\Users\Anna\AppData\Local\winlogon.exe entry point in "ÒuÛŠëÔÿÿÿÿwinlogonentry point in "" section [0x0042E238] ÒuÛŠëÔÿÿÿÿwinlogonunknown last code section [0x00424000, 0x19000, 0xC00000E0] C:\Users\Anna\AppData\Local\winlogon.exe[3824] C:\Users\Anna\AppData\Local\winlogon.exe unknown last code section [0x00424000, 0x19000, 0xC00000E0] ---- Kernel IAT/EAT - GMER 2.0 ---- IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8BE24730] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8BE24F12] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [8BE25232] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8BE250F0] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8BE24914] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ---- Threads - GMER 2.0 ---- Thread System [4:1936] AFC4FF2E ---- EOF - GMER 2.0 ----