GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-10-12 23:31:19 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600BEVT-22ZCT0 rev.11.01A11 149,05GB Running: 8vi2o05o.exe; Driver: C:\DOCUME~1\pip\USTAWI~1\Temp\pxtdapow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xB875CAA0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xB875D57E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xB87A185D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xB87695C8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xB8769614] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xB87697AE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xB87A1211] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xB8769536] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xB8769658] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xB876957E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xB875DAB4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xB8769768] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xB875E36C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xB875CB06] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xB87A1F23] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xB87A21D9] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xB8761B40] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xB87A1D8E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xB87A1BF9] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xB875C6F2] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xB89D27B2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xB875CB6C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xB8761F36] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xB875EE54] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xB87695F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xB8769636] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xB87697D2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xB87A156D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xB876955C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xB876143A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xB87696E6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xB87695A6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xB8761822] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xB876978C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xB89D2556] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xB87A1A74] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xB875ECC8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xB87A18C6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xB875E81E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xB89E0526] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xB87A0857] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xB875CBD2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xB875CC38] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xB875E1E6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xB875C78C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xB875C95E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xB87A202A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xB875C8EC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xB875E536] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xB875E698] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xB875C9E6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xB875E024] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xB875E1C6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xB875CC9E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xB875D5DA] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 26F4 80501F50 4 Bytes CALL 9024D7CA .text ntkrnlpa.exe!ZwCallbackReturn + 2818 80502074 12 Bytes [36, E5, 75, B8, 98, E6, 75, ...] {IN EAX, 0x75; MOV EAX, 0xb875e698; OUT 0xc9, AL; JNZ 0xffffffc4} PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059BA02 4 Bytes CALL B875F501 \SystemRoot\system32\drivers\aswSnx.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[108] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[108] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[208] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\VTTimer.exe[428] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\VTTimer.exe[428] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\S3trayp.exe[524] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\S3trayp.exe[524] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\FixCamera.exe[604] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\FixCamera.exe[604] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\tsnp325.exe[620] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\tsnp325.exe[620] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[636] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[636] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[636] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\vsnp325.exe[648] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\vsnp325.exe[648] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[652] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[652] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[676] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\services.exe[720] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[720] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[732] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\vsnpstd3.exe[888] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\vsnpstd3.exe[888] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[924] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\tsnpstd3.exe[952] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\tsnpstd3.exe[952] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Samsung\Kies\Kies.exe[992] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Samsung\Kies\Kies.exe[992] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1020] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[1060] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[1060] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1084] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1084] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[1100] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[1100] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[1184] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[1184] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1452] ntdll.dll!DbgBreakPoint 7C90120E 1 Byte [C3] .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1452] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1452] ntdll.dll!DbgUiRemoteBreakin 7C9520EC 5 Bytes JMP 7C9225C8 C:\WINDOWS\system32\ntdll.dll .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1452] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1680] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1680] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1680] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1848] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2488] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2488] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2636] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2636] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\pip\Moje dokumenty\8vi2o05o.exe[2860] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\pip\Moje dokumenty\8vi2o05o.exe[2860] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3484] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 40, C2, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3484] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3484] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 43, C2, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3484] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3484] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 40, C2, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3484] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3484] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 41, C2, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3484] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3484] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91985A .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3484] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3484] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 42, C2, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3484] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3484] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 41, C2, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3484] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3484] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 42, C2, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3484] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3484] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9198CB .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3484] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3484] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 40, C2, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3484] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3484] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9199F9 .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3484] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3484] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 41, C2, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3484] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3484] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 42, C2, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3484] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3484] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 43, C2, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3484] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3484] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3484] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3588] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, F4, 78, 00] {SUB AH, DH; JS 0x4} .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3588] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3588] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, F7, 78, 00] {SUB BH, DH; JS 0x4} .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3588] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3588] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, F4, 78, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3588] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3588] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, F5, 78, 00] {TEST AL, 0xf5; JS 0x4} .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3588] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3588] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B914F0E .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3588] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3588] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, F6, 78, 00] {TEST AL, 0xf6; JS 0x4} .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3588] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3588] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, F5, 78, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3588] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3588] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, F6, 78, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3588] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3588] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B914F7F .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3588] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3588] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, F4, 78, 00] {TEST AL, 0xf4; JS 0x4} .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3588] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3588] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9150AD .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3588] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3588] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, F5, 78, 00] {SUB CH, DH; JS 0x4} .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3588] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3588] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, F6, 78, 00] {SUB DH, DH; JS 0x4} .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3588] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3588] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, F7, 78, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3588] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3588] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3604] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes CALL 5F8FD164 .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3604] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3604] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, EB, AB, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3604] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3604] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes CALL 5F8FD654 .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3604] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3604] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes JMP 5F8FD6B4 .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3604] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3604] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B918202 .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3604] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3604] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes JMP E2FF00AB .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3604] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3604] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes JMP 5F8FD714 .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3604] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3604] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes JMP E2FF00AB .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3604] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3604] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B918273 .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3604] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3604] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes CALL 5F8FD7C4 .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3604] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3604] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9183A1 .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3604] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3604] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes JMP 5F8FDD14 .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3604] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3604] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes JMP E2FF00AB .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3604] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3604] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, EB, AB, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3604] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3604] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3604] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[3712] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[3712] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3768] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 40, F3, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3768] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3768] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 43, F3, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3768] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3768] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 40, F3, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3768] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3768] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 41, F3, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3768] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3768] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91C95A .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3768] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3768] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 42, F3, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3768] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3768] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 41, F3, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3768] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3768] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 42, F3, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3768] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3768] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91C9CB .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3768] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3768] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 40, F3, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3768] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3768] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91CAF9 .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3768] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3768] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 41, F3, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3768] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3768] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 42, F3, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3768] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3768] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 43, F3, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3768] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3768] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[3768] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[4072] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, AC, 4F, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[4072] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[4072] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, AF, 4F, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[4072] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[4072] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, AC, 4F, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[4072] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[4072] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, AD, 4F, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[4072] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[4072] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9125C6 .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[4072] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[4072] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, AE, 4F, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[4072] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[4072] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, AD, 4F, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[4072] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[4072] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, AE, 4F, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[4072] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[4072] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912637 .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[4072] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[4072] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, AC, 4F, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[4072] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[4072] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912765 .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[4072] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[4072] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, AD, 4F, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[4072] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[4072] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, AE, 4F, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[4072] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[4072] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, AF, 4F, 00] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[4072] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[4072] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\old_chrome.exe[4072] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[720] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[720] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys ---- EOF - GMER 2.1 ----