GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-06-20 14:39:46 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12 Hitachi_HTS722012K9A300 rev.DCCOC7AA 111,79GB Running: l14pf88f.exe; Driver: C:\DOCUME~1\hp\USTAWI~1\Temp\pflyipoc.sys ---- System - GMER 2.1 ---- Code BA75B47C ZwRequestPort Code BA75B51C ZwRequestWaitReplyPort Code BA75B47B NtRequestPort Code BA75B51B NtRequestWaitReplyPort ---- Kernel code sections - GMER 2.1 ---- PAGE ntkrnlpa.exe!NtRequestPort 805A2A7E 5 Bytes JMP BA75B480 PAGE ntkrnlpa.exe!NtRequestWaitReplyPort 805A2DAA 5 Bytes JMP BA75B520 .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8D64380, 0x37E8DD, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Documents and Settings\hp\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[612] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 014755E8 C:\Documents and Settings\hp\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\hp\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[612] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01FAE5F0 C:\Documents and Settings\hp\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\hp\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[612] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01FAE638 C:\Documents and Settings\hp\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\hp\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[612] kernel32.dll!ValidateLocale + B648 7C844EE0 7 Bytes JMP 0148572C C:\Documents and Settings\hp\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\hp\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[612] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01FAE65F C:\Documents and Settings\hp\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[864] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 38, 83, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[864] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[864] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 3B, 83, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[864] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[864] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 38, 83, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[864] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[864] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 39, 83, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[864] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[864] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B915952 .text C:\Program Files\Google\Chrome\Application\chrome.exe[864] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[864] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 3A, 83, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[864] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[864] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 39, 83, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[864] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[864] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 3A, 83, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[864] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[864] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9159C3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[864] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[864] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 38, 83, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[864] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[864] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B915AF1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[864] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[864] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 39, 83, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[864] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[864] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 3A, 83, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[864] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[864] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 3B, 83, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[864] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 14, EB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 17, EB, 00] {SUB [EDI], DL; JMP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 14, EB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 15, EB, 00] {TEST AL, 0x15; JMP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91C12E .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 16, EB, 00] {TEST AL, 0x16; JMP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 15, EB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 16, EB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91C19F .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 14, EB, 00] {TEST AL, 0x14; JMP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91C2CD .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 15, EB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 16, EB, 00] {SUB [ESI], DL; JMP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 17, EB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 88, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 8B, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 88, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 89, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9134A2 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 8A, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 89, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 8A, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B913513 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 88, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B913641 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 89, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 8A, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 8B, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1800] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [18, 10, C4, 01] {SBB [EAX], DL; LES EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1800] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\hp\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe[2200] USER32.dll!DefWindowProcA + 11A 7E37C298 7 Bytes JMP 108C1A04 C:\Documents and Settings\hp\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\hp\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe[2200] USER32.dll!SetWindowLongA + 19 7E37C2B6 7 Bytes JMP 108C1A75 C:\Documents and Settings\hp\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\hp\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe[2200] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 108C56B2 C:\Documents and Settings\hp\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\hp\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe[2200] USER32.dll!GetMenuContextHelpId + 1A 7E3B5319 7 Bytes JMP 108BF029 C:\Documents and Settings\hp\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 1C, B6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 1F, B6, 00] {SUB [EDI], BL; MOV DH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 1C, B6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 1D, B6, 00] {TEST AL, 0x1d; MOV DH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B918C36 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 1E, B6, 00] {TEST AL, 0x1e; MOV DH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 1D, B6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 1E, B6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B918CA7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 1C, B6, 00] {TEST AL, 0x1c; MOV DH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B918DD5 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 1D, B6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 1E, B6, 00] {SUB [ESI], BL; MOV DH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 1F, B6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, E0, D3, 00] {SUB AL, AH; ROL [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, E3, D3, 00] {SUB BL, AH; ROL [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, E0, D3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, E1, D3, 00] {TEST AL, 0xe1; ROL [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91A9FA .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, E2, D3, 00] {TEST AL, 0xe2; ROL [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, E1, D3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, E2, D3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91AA6B .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, E0, D3, 00] {TEST AL, 0xe0; ROL [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91AB99 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, E1, D3, 00] {SUB CL, AH; ROL [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, E2, D3, 00] {SUB DL, AH; ROL [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, E3, D3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 5C, 17, 00] {SUB [EDI+EDX+0x0], BL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 5F, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 5C, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 5D, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED76 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 5E, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 5D, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 5E, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EDE7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 5C, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EF15 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 5D, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 5E, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 5F, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs symlink.sys AttachedDevice \Driver\Tcpip \Device\Ip nethfdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp nethfdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp nethfdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp nethfdrv.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 87067 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF4 0x66 0x5B 0xB4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x19 0x2D 0x2B 0xE2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC1 0x36 0xFF 0x55 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x78 0xE5 0x83 0x43 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x17 0x53 0x86 0x23 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x73 0xA6 0xC0 0xF7 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2EF15997-C70A-4A92-A736-785C3F648CB5}@DhcpRetryTime 291 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF4 0x66 0x5B 0xB4 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x19 0x2D 0x2B 0xE2 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC1 0x36 0xFF 0x55 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x78 0xE5 0x83 0x43 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x17 0x53 0x86 0x23 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x73 0xA6 0xC0 0xF7 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS@StateIndex 0 Reg HKLM\SOFTWARE\Classes\CLSID\{14fa5400-ef4d-4493-a3f6-dbe2e175839d}@Model 353 Reg HKLM\SOFTWARE\Classes\CLSID\{14fa5400-ef4d-4493-a3f6-dbe2e175839d}@Therad 30 Reg HKLM\SOFTWARE\Classes\CLSID\{14fa5400-ef4d-4493-a3f6-dbe2e175839d}@MData 0x2B 0x8F 0x78 0x29 ... Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0x4F 0xCE 0xC6 0x7E ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DFE9AF0C-243F-03F6-092A-F1F97D19EA02} ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----