GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-01-12 08:03:08 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD321KJ rev.CP100-12 298,09GB Running: m758nexi.exe; Driver: C:\DOCUME~1\WACICI~1.010\USTAWI~1\Temp\awddypoc.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xAC3E1BA6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xAC3E2684] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xAC426D80] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xAC3EE6F8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xAC3EE744] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xAC3EE8DE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xAC426734] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xAC3EE666] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xAC3EE788] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xAC3EE6AE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xAC3E2BBA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xAC3EE898] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xAC3E3472] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xAC3E1C0C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xAC427446] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xAC4276FC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xAC3E6C68] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xAC4272B1] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xAC42711C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xAC3E17F8] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xAC6F7E28] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xAC3E1C72] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xAC3E705E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xAC3E3F5A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xAC3EE722] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xAC3EE766] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xAC3EE902] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xAC426A90] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xAC3EE68C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xAC3E6560] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xAC3EE816] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xAC3EE6D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xAC3E694C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xAC3EE8BC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xAC6F7BCC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xAC426F97] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xAC3E3DCE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xAC426DE9] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xAC3E3924] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xAC705D88] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xAC425D77] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xAC3E1CD8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xAC3E1D3E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xAC3E32EC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xAC3E1892] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xAC3E1A64] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xAC42754D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xAC3E19F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xAC3E363C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xAC3E379E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xAC3E1AEC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xAC3E312A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xAC3E32CC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xAC3E1DA4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xAC3E26E0] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2D20 80504608 4 Bytes CALL D6E4F24B .text ntkrnlpa.exe!ZwCallbackReturn + 2E5C 80504744 4 Bytes JMP D86AF387 .text ntkrnlpa.exe!ZwCallbackReturn + 2E7C 80504764 8 Bytes [16, E8, 3E, AC, D6, E6, 3E, ...] {PUSH SS; CALL 0xe6d6ac44; LODSB } .text ntkrnlpa.exe!ZwCallbackReturn + 2E94 8050477C 4 Bytes CALL DEF4F3BF .text ntkrnlpa.exe!ZwCallbackReturn + 2F4C 80504834 4 Bytes [E9, 6D, 42, AC] .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64DC 4 Bytes CALL AC3E462B \SystemRoot\system32\drivers\aswSnx.sys .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB928F000, 0x188AF6, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\wbem\wmiprvse.exe[160] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[160] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[176] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[176] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[328] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[328] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[388] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[460] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[460] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe[484] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe[484] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Browny02\Brother\BrStMonW.exe[580] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Browny02\Brother\BrStMonW.exe[580] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text D:\Wszystko Z Dysku ' C '\Winamp\winampa.exe[592] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text D:\Wszystko Z Dysku ' C '\Winamp\winampa.exe[592] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[652] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[700] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[700] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[732] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[732] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\services.exe[776] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[776] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[788] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\ControlCenter4\BrCtrlCntr.exe[840] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\ControlCenter4\BrCtrlCntr.exe[840] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\Właściciel.DOM-4FFD9B055B7.010\Moje dokumenty\Downloads\m758nexi.exe[912] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Właściciel.DOM-4FFD9B055B7.010\Moje dokumenty\Downloads\m758nexi.exe[912] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[936] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, A8, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[936] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[936] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, AB, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[936] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[936] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, A8, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[936] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[936] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, A9, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[936] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[936] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9125C2 .text C:\Program Files\Google\Chrome\Application\chrome.exe[936] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[936] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, AA, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[936] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[936] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, A9, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[936] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[936] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, AA, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[936] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[936] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912633 .text C:\Program Files\Google\Chrome\Application\chrome.exe[936] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[936] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, A8, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[936] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[936] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912761 .text C:\Program Files\Google\Chrome\Application\chrome.exe[936] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[936] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, A9, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[936] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[936] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, AA, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[936] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[936] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, AB, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[936] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[936] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 008C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[936] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[936] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 008C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[936] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 88, C2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 8B, C2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 88, C2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 89, C2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9198A2 .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 8A, C2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 89, C2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 8A, C2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B919913 .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 88, C2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B919A41 .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 89, C2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 8A, C2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 8B, C2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 010001F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 010003FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[972] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[972] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[1116] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[1116] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1176] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[1332] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[1332] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1336] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1336] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1432] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1432] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1432] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1536] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1536] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1536] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\PSIService.exe[1572] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\PSIService.exe[1572] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\taskmgr.exe[1588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\taskmgr.exe[1588] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1708] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1708] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1900] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1900] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Messenger\msmsgs.exe[2064] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Messenger\msmsgs.exe[2064] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe[2084] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe[2084] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[2152] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[2152] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [18, 00, C3, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2192] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\ControlCenter4\BrCcUxSys.exe[2216] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\ControlCenter4\BrCcUxSys.exe[2216] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, A8, 08, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, AB, 08, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, A8, 08, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, A9, 08, 01] {TEST AL, 0xa9; OR [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91DEC2 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, AA, 08, 01] {TEST AL, 0xaa; OR [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, A9, 08, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, AA, 08, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91DF33 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, A8, 08, 01] {TEST AL, 0xa8; OR [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91E061 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, A9, 08, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, AA, 08, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, AB, 08, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 014601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 014603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 18, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 1B, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 18, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 19, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B917C32 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 1A, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 19, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 1A, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B917CA3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 18, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B917DD1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 19, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 1A, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 1B, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00E401F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00E403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2516] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2916] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2916] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Browny02\BrYNSvc.exe[3092] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Browny02\BrYNSvc.exe[3092] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3292] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3292] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, D0, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, D3, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, D0, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, D1, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912CEA .text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, D2, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, D1, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, D2, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912D5B .text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, D0, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912E89 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, D1, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, D2, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, D3, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 009401F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 009403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 1C, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 1F, 30, 00] {SUB [EDI], BL; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 1C, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 1D, 30, 00] {TEST AL, 0x1d; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B910636 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 1E, 30, 00] {TEST AL, 0x1e; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 1D, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 1E, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9106A7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 1C, 30, 00] {TEST AL, 0x1c; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9107D5 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 1D, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 1E, 30, 00] {SUB [ESI], BL; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 1F, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003F03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3596] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3732] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3732] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, F8, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, FB, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, F8, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, F9, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91CF12 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, FA, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, F9, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, FA, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91CF83 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, F8, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91D0B1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, F9, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, FA, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, FB, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 013601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 013603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3792] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[3876] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[3876] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[3968] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[3968] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\afwServ.exe[3968] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[776] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[776] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip aswNdis2.sys AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Ip {3de9eb9c-a833-42cb-b66f-841b954aebef}t.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswNdis2.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp {3de9eb9c-a833-42cb-b66f-841b954aebef}t.sys AttachedDevice \Driver\Tcpip \Device\Udp aswNdis2.sys AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Udp {3de9eb9c-a833-42cb-b66f-841b954aebef}t.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswNdis2.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp {3de9eb9c-a833-42cb-b66f-841b954aebef}t.sys AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys ---- EOF - GMER 2.1 ----