GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-04-17 22:41:42 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST1000DM003-9YN162 rev.CC4D 931,51GB Running: oz20y0q8.exe; Driver: C:\USERS\KONDZIU\APPDATA\LOCAL\TEMP\pxliafob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d91465 2 bytes [D9, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d914bb 2 bytes [D9, 76] .text ... * 2 .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1616] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076978799 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d91465 2 bytes [D9, 76] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d914bb 2 bytes [D9, 76] .text ... * 2 .text C:\Users\KonDziu\AppData\Roaming\Dropbox\bin\Dropbox.exe[3136] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076d91465 2 bytes [D9, 76] .text C:\Users\KonDziu\AppData\Roaming\Dropbox\bin\Dropbox.exe[3136] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000076d914bb 2 bytes [D9, 76] .text ... * 2 .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d91465 2 bytes [D9, 76] .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d914bb 2 bytes [D9, 76] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [1468] entry point in ".rdata" section 00000000720d71e6 .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077def991 7 bytes {MOV EDX, 0x73a628; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077defbd5 7 bytes {MOV EDX, 0x73a668; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077defc05 7 bytes {MOV EDX, 0x73a5a8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077defc1d 7 bytes {MOV EDX, 0x73a528; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077defc35 7 bytes {MOV EDX, 0x73a728; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077defc65 7 bytes {MOV EDX, 0x73a768; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077defce5 7 bytes {MOV EDX, 0x73a6e8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077defcfd 7 bytes {MOV EDX, 0x73a6a8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077defd49 7 bytes {MOV EDX, 0x73a468; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077defe41 7 bytes {MOV EDX, 0x73a4a8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077df0099 7 bytes {MOV EDX, 0x73a428; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077df10a5 7 bytes {MOV EDX, 0x73a5e8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077df111d 7 bytes {MOV EDX, 0x73a568; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077df1321 7 bytes {MOV EDX, 0x73a4e8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d91465 2 bytes [D9, 76] .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d914bb 2 bytes [D9, 76] .text ... * 2 .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3164] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077def991 7 bytes {MOV EDX, 0x303628; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3164] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077defbd5 7 bytes {MOV EDX, 0x303668; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3164] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077defc05 7 bytes {MOV EDX, 0x3035a8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3164] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077defc1d 7 bytes {MOV EDX, 0x303528; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3164] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077defc35 7 bytes {MOV EDX, 0x303728; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3164] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077defc65 7 bytes {MOV EDX, 0x303768; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3164] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077defce5 7 bytes {MOV EDX, 0x3036e8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3164] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077defcfd 7 bytes {MOV EDX, 0x3036a8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3164] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077defd49 7 bytes {MOV EDX, 0x303468; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3164] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077defe41 7 bytes {MOV EDX, 0x3034a8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3164] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077df0099 7 bytes {MOV EDX, 0x303428; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3164] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077df10a5 7 bytes {MOV EDX, 0x3035e8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3164] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077df111d 7 bytes {MOV EDX, 0x303568; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3164] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077df1321 7 bytes {MOV EDX, 0x3034e8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d91465 2 bytes [D9, 76] .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d914bb 2 bytes [D9, 76] .text ... * 2 .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077def991 7 bytes {MOV EDX, 0x927a28; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077defbd5 7 bytes {MOV EDX, 0x927a68; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077defc05 7 bytes {MOV EDX, 0x9279a8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077defc1d 7 bytes {MOV EDX, 0x927928; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077defc35 7 bytes {MOV EDX, 0x927b28; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077defc65 7 bytes {MOV EDX, 0x927b68; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077defce5 7 bytes {MOV EDX, 0x927ae8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077defcfd 7 bytes {MOV EDX, 0x927aa8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077defd49 7 bytes {MOV EDX, 0x927868; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077defe41 7 bytes {MOV EDX, 0x9278a8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077df0099 7 bytes {MOV EDX, 0x927828; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077df10a5 7 bytes {MOV EDX, 0x9279e8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077df111d 7 bytes {MOV EDX, 0x927968; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077df1321 7 bytes {MOV EDX, 0x9278e8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d91465 2 bytes [D9, 76] .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d914bb 2 bytes [D9, 76] .text ... * 2 .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[1656] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077def991 7 bytes {MOV EDX, 0x1048228; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[1656] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077defbd5 7 bytes {MOV EDX, 0x1048268; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[1656] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077defc05 7 bytes {MOV EDX, 0x10481a8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[1656] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077defc1d 7 bytes {MOV EDX, 0x1048128; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[1656] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077defc35 7 bytes {MOV EDX, 0x1048328; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[1656] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077defc65 7 bytes {MOV EDX, 0x1048368; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[1656] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077defce5 7 bytes {MOV EDX, 0x10482e8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[1656] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077defcfd 7 bytes {MOV EDX, 0x10482a8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[1656] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077defd49 7 bytes {MOV EDX, 0x1048068; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[1656] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077defe41 7 bytes {MOV EDX, 0x10480a8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[1656] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077df0099 7 bytes {MOV EDX, 0x1048028; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[1656] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077df10a5 7 bytes {MOV EDX, 0x10481e8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[1656] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077df111d 7 bytes {MOV EDX, 0x1048168; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[1656] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077df1321 7 bytes {MOV EDX, 0x10480e8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[1656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d91465 2 bytes [D9, 76] .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[1656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d914bb 2 bytes [D9, 76] .text ... * 2 .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[2232] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077def991 7 bytes {MOV EDX, 0x104ea28; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[2232] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077defbd5 7 bytes {MOV EDX, 0x104ea68; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[2232] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077defc05 7 bytes {MOV EDX, 0x104e9a8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[2232] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077defc1d 7 bytes {MOV EDX, 0x104e928; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[2232] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077defc35 7 bytes {MOV EDX, 0x104eb28; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[2232] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077defc65 7 bytes {MOV EDX, 0x104eb68; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[2232] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077defce5 7 bytes {MOV EDX, 0x104eae8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[2232] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077defcfd 7 bytes {MOV EDX, 0x104eaa8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[2232] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077defd49 7 bytes {MOV EDX, 0x104e868; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[2232] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077defe41 7 bytes {MOV EDX, 0x104e8a8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[2232] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077df0099 7 bytes {MOV EDX, 0x104e828; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[2232] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077df10a5 7 bytes {MOV EDX, 0x104e9e8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[2232] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077df111d 7 bytes {MOV EDX, 0x104e968; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[2232] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077df1321 7 bytes {MOV EDX, 0x104e8e8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d91465 2 bytes [D9, 76] .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d914bb 2 bytes [D9, 76] .text ... * 2 .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077def991 7 bytes {MOV EDX, 0xcbb228; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077defbd5 7 bytes {MOV EDX, 0xcbb268; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077defc05 7 bytes {MOV EDX, 0xcbb1a8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077defc1d 7 bytes {MOV EDX, 0xcbb128; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077defc35 7 bytes {MOV EDX, 0xcbb328; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077defc65 7 bytes {MOV EDX, 0xcbb368; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077defce5 7 bytes {MOV EDX, 0xcbb2e8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077defcfd 7 bytes {MOV EDX, 0xcbb2a8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077defd49 7 bytes {MOV EDX, 0xcbb068; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077defe41 7 bytes {MOV EDX, 0xcbb0a8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077df0099 7 bytes {MOV EDX, 0xcbb028; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077df10a5 7 bytes {MOV EDX, 0xcbb1e8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077df111d 7 bytes {MOV EDX, 0xcbb168; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077df1321 7 bytes {MOV EDX, 0xcbb0e8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d91465 2 bytes [D9, 76] .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d914bb 2 bytes [D9, 76] .text ... * 2 .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077def991 7 bytes {MOV EDX, 0xd82e28; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077defbd5 7 bytes {MOV EDX, 0xd82e68; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077defc05 7 bytes {MOV EDX, 0xd82da8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077defc1d 7 bytes {MOV EDX, 0xd82d28; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077defc35 7 bytes {MOV EDX, 0xd82f28; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077defc65 7 bytes {MOV EDX, 0xd82f68; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077defce5 7 bytes {MOV EDX, 0xd82ee8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077defcfd 7 bytes {MOV EDX, 0xd82ea8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077defd49 7 bytes {MOV EDX, 0xd82c68; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077defe41 7 bytes {MOV EDX, 0xd82ca8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077df0099 7 bytes {MOV EDX, 0xd82c28; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077df10a5 7 bytes {MOV EDX, 0xd82de8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077df111d 7 bytes {MOV EDX, 0xd82d68; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077df1321 7 bytes {MOV EDX, 0xd82ce8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d91465 2 bytes [D9, 76] .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d914bb 2 bytes [D9, 76] .text ... * 2 .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077def991 7 bytes {MOV EDX, 0x729228; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077defbd5 7 bytes {MOV EDX, 0x729268; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077defc05 7 bytes {MOV EDX, 0x7291a8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077defc1d 7 bytes {MOV EDX, 0x729128; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077defc35 7 bytes {MOV EDX, 0x729328; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077defc65 7 bytes {MOV EDX, 0x729368; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077defce5 7 bytes {MOV EDX, 0x7292e8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077defcfd 7 bytes {MOV EDX, 0x7292a8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077defd49 7 bytes {MOV EDX, 0x729068; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077defe41 7 bytes {MOV EDX, 0x7290a8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077df0099 7 bytes {MOV EDX, 0x729028; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077df10a5 7 bytes {MOV EDX, 0x7291e8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077df111d 7 bytes {MOV EDX, 0x729168; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077df1321 7 bytes {MOV EDX, 0x7290e8; JMP RDX} .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d91465 2 bytes [D9, 76] .text C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d914bb 2 bytes [D9, 76] .text ... * 2 ---- EOF - GMER 2.1 ----