GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-10-20 22:24:28 Windows 6.0.6002 Service Pack 2 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD2500YD-01NVB1 rev.10.02E01 233,76GB Running: gmer.exe; Driver: C:\Users\ace2\AppData\Local\Temp\ugldapob.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x90304BA6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x90305684] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x903116F8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x90311744] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x903118DE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x90311666] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x90A1ADF0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x903116AE] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x90A1B080] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x90311898] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x90306472] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x90304C0C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x90309C68] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x903047F8] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x90A1AED0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x90304C72] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x9030A05E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x90306F5A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x90311722] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x90311766] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x90311902] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x9031168C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x90309560] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x90311816] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x903116D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x9030994C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x903118BC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x90A1AC6E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x90306DCE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0x90306924] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x90304CD8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x90304D3E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x90A1AFCC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x90304892] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x90304A64] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x903049F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x9030663C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x9030679E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x90304AEC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x90A1AD3C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x903062CC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x90304DA4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x90A1ABA0] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x90A1B16A] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 10D 828EB758 4 Bytes [A6, 4B, 30, 90] .text ntkrnlpa.exe!KeSetEvent + 191 828EB7DC 4 Bytes [84, 56, 30, 90] {TEST [ESI+0x30], DL; NOP } .text ntkrnlpa.exe!KeSetEvent + 1D1 828EB81C 8 Bytes [F8, 16, 31, 90, 44, 17, 31, ...] {CLC ; PUSH SS; XOR [EAX-0x6fcee8bc], EDX} .text ntkrnlpa.exe!KeSetEvent + 1DD 828EB828 4 Bytes [DE, 18, 31, 90] .text ntkrnlpa.exe!KeSetEvent + 1F5 828EB840 4 Bytes [66, 16, 31, 90] .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82A7900F 4 Bytes CALL 90307641 \SystemRoot\system32\drivers\aswSnx.sys PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82A7CC83 4 Bytes CALL 90307657 \SystemRoot\system32\drivers\aswSnx.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\System32\spoolsv.exe[12] kernel32.dll!GetBinaryTypeW + 70 774D252F 1 Byte [62] .text K:\itunes\iTunesHelper.exe[200] kernel32.dll!GetBinaryTypeW + 70 774D252F 1 Byte [62] .text C:\Program Files\Softland\FBackup 5\bService.exe[284] ntdll.dll!DbgBreakPoint 7772878E 1 Byte [C3] .text C:\Program Files\Softland\FBackup 5\bService.exe[284] ntdll.dll!DbgUiRemoteBreakin 7776CD84 5 Bytes JMP 7771B1F1 C:\Windows\system32\ntdll.dll .text C:\Program Files\Softland\FBackup 5\bService.exe[284] kernel32.dll!GetBinaryTypeW + 70 774D252F 1 Byte [62] .text C:\Windows\system32\taskeng.exe[356] kernel32.dll!GetBinaryTypeW + 70 774D252F 1 Byte [62] .text C:\Windows\system32\csrss.exe[480] KERNEL32.dll!GetBinaryTypeW + 70 774D252F 1 Byte [62] .text C:\Windows\system32\csrss.exe[532] KERNEL32.dll!GetBinaryTypeW + 70 774D252F 1 Byte [62] .text C:\Windows\system32\wininit.exe[540] kernel32.dll!GetBinaryTypeW + 70 774D252F 1 Byte [62] .text ... .text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 001301F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 001303FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] ntdll.dll!NtCreateFile + 6 7774426A 4 Bytes [28, 3C, 0D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] ntdll.dll!NtCreateFile + B 7774426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] ntdll.dll!NtMapViewOfSection + 6 777449BA 4 Bytes [28, 3F, 0D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] ntdll.dll!NtMapViewOfSection + B 777449BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] ntdll.dll!NtOpenFile + 6 77744A4A 4 Bytes [68, 3C, 0D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] ntdll.dll!NtOpenFile + B 77744A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] ntdll.dll!NtOpenProcess + 6 77744ACA 4 Bytes [A8, 3D, 0D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] ntdll.dll!NtOpenProcess + B 77744ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] ntdll.dll!NtOpenProcessToken + B 77744ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] ntdll.dll!NtOpenProcessTokenEx + 6 77744AEA 4 Bytes [A8, 3E, 0D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] ntdll.dll!NtOpenProcessTokenEx + B 77744AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] ntdll.dll!NtOpenThread + 6 77744B3A 4 Bytes [68, 3D, 0D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] ntdll.dll!NtOpenThread + B 77744B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] ntdll.dll!NtOpenThreadToken + 6 77744B4A 4 Bytes [68, 3E, 0D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] ntdll.dll!NtOpenThreadToken + B 77744B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] ntdll.dll!NtOpenThreadTokenEx + B 77744B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] ntdll.dll!NtQueryAttributesFile + 6 77744BEA 4 Bytes [A8, 3C, 0D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] ntdll.dll!NtQueryAttributesFile + B 77744BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] ntdll.dll!NtQueryFullAttributesFile + B 77744C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] ntdll.dll!NtSetInformationFile + 6 7774517A 4 Bytes [28, 3D, 0D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] ntdll.dll!NtSetInformationFile + B 7774517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] ntdll.dll!NtSetInformationThread + 6 777451CA 4 Bytes [28, 3E, 0D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] ntdll.dll!NtSetInformationThread + B 777451CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] ntdll.dll!NtUnmapViewOfSection + 6 7774546A 4 Bytes [68, 3F, 0D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] ntdll.dll!NtUnmapViewOfSection + B 7774546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] KERNEL32.dll!GetBinaryTypeW + 70 774D252F 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[2548] kernel32.dll!GetBinaryTypeW + 70 774D252F 1 Byte [62] .text C:\Windows\System32\mobsync.exe[2580] kernel32.dll!GetBinaryTypeW + 70 774D252F 1 Byte [62] .text C:\Windows\System32\WUDFHost.exe[2648] kernel32.dll!GetBinaryTypeW + 70 774D252F 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2664] kernel32.dll!GetBinaryTypeW + 70 774D252F 1 Byte [62] .text ... .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 00BA01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 00BA03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtCreateFile + 6 7774426A 4 Bytes [28, D4, B4, 00] {SUB AH, DL; MOV AH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtCreateFile + B 7774426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtMapViewOfSection + 6 777449BA 4 Bytes [28, D7, B4, 00] {SUB BH, DL; MOV AH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtMapViewOfSection + B 777449BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenFile + 6 77744A4A 4 Bytes [68, D4, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenFile + B 77744A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenProcess + 6 77744ACA 4 Bytes [A8, D5, B4, 00] {TEST AL, 0xd5; MOV AH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenProcess + B 77744ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenProcessToken + B 77744ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenProcessTokenEx + 6 77744AEA 4 Bytes [A8, D6, B4, 00] {TEST AL, 0xd6; MOV AH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenProcessTokenEx + B 77744AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenThread + 6 77744B3A 4 Bytes [68, D5, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenThread + B 77744B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenThreadToken + 6 77744B4A 4 Bytes [68, D6, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenThreadToken + B 77744B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenThreadTokenEx + B 77744B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtQueryAttributesFile + 6 77744BEA 4 Bytes [A8, D4, B4, 00] {TEST AL, 0xd4; MOV AH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtQueryAttributesFile + B 77744BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtQueryFullAttributesFile + B 77744C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtSetInformationFile + 6 7774517A 4 Bytes [28, D5, B4, 00] {SUB CH, DL; MOV AH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtSetInformationFile + B 7774517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtSetInformationThread + 6 777451CA 4 Bytes [28, D6, B4, 00] {SUB DH, DL; MOV AH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtSetInformationThread + B 777451CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtUnmapViewOfSection + 6 7774546A 4 Bytes [68, D7, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtUnmapViewOfSection + B 7774546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3420] KERNEL32.dll!GetBinaryTypeW + 70 774D252F 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3540] kernel32.dll!GetBinaryTypeW + 70 774D252F 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtMapViewOfSection + 6 777449BA 4 Bytes [18, 10, D4, 64] {SBB [EAX], DL; AAM 0x64} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtMapViewOfSection + B 777449BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] KERNEL32.dll!GetBinaryTypeW + 70 774D252F 1 Byte [62] .text C:\Program Files\EIZO\ColorNavigator 6 Core\cn6_eacore.exe[3728] kernel32.dll!GetBinaryTypeW + 70 774D252F 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3824] kernel32.dll!GetBinaryTypeW + 70 774D252F 1 Byte [62] .text C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe[3836] kernel32.dll!GetBinaryTypeW + 70 774D252F 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3916] kernel32.dll!GetBinaryTypeW + 70 774D252F 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4028] kernel32.dll!SetUnhandledExceptionFilter 774AA9BD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\avastui.exe[4028] kernel32.dll!GetBinaryTypeW + 70 774D252F 1 Byte [62] .text C:\Windows\system32\notepad.exe[4396] kernel32.dll!GetBinaryTypeW + 70 774D252F 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 00C401F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 00C403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtCreateFile + 6 7774426A 4 Bytes [28, 90, BE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtCreateFile + B 7774426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtMapViewOfSection + 6 777449BA 4 Bytes [28, 93, BE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtMapViewOfSection + B 777449BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenFile + 6 77744A4A 4 Bytes [68, 90, BE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenFile + B 77744A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenProcess + 6 77744ACA 4 Bytes [A8, 91, BE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenProcess + B 77744ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenProcessToken + B 77744ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenProcessTokenEx + 6 77744AEA 4 Bytes [A8, 92, BE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenProcessTokenEx + B 77744AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenThread + 6 77744B3A 4 Bytes [68, 91, BE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenThread + B 77744B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenThreadToken + 6 77744B4A 4 Bytes [68, 92, BE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenThreadToken + B 77744B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenThreadTokenEx + B 77744B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtQueryAttributesFile + 6 77744BEA 4 Bytes [A8, 90, BE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtQueryAttributesFile + B 77744BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtQueryFullAttributesFile + B 77744C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtSetInformationFile + 6 7774517A 4 Bytes [28, 91, BE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtSetInformationFile + B 7774517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtSetInformationThread + 6 777451CA 4 Bytes [28, 92, BE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtSetInformationThread + B 777451CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtUnmapViewOfSection + 6 7774546A 4 Bytes [68, 93, BE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtUnmapViewOfSection + B 7774546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] KERNEL32.dll!GetBinaryTypeW + 70 774D252F 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 008A01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 008A03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtCreateFile + 6 7774426A 4 Bytes [28, 98, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtCreateFile + B 7774426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtMapViewOfSection + 6 777449BA 4 Bytes [28, 9B, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtMapViewOfSection + B 777449BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenFile + 6 77744A4A 4 Bytes [68, 98, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenFile + B 77744A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenProcess + 6 77744ACA 4 Bytes [A8, 99, 84, 00] {TEST AL, 0x99; TEST [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenProcess + B 77744ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenProcessToken + B 77744ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenProcessTokenEx + 6 77744AEA 4 Bytes [A8, 9A, 84, 00] {TEST AL, 0x9a; TEST [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenProcessTokenEx + B 77744AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenThread + 6 77744B3A 4 Bytes [68, 99, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenThread + B 77744B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenThreadToken + 6 77744B4A 4 Bytes [68, 9A, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenThreadToken + B 77744B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenThreadTokenEx + B 77744B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtQueryAttributesFile + 6 77744BEA 4 Bytes [A8, 98, 84, 00] {TEST AL, 0x98; TEST [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtQueryAttributesFile + B 77744BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtQueryFullAttributesFile + B 77744C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtSetInformationFile + 6 7774517A 4 Bytes [28, 99, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtSetInformationFile + B 7774517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtSetInformationThread + 6 777451CA 4 Bytes [28, 9A, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtSetInformationThread + B 777451CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtUnmapViewOfSection + 6 7774546A 4 Bytes [68, 9B, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtUnmapViewOfSection + B 7774546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4588] KERNEL32.dll!GetBinaryTypeW + 70 774D252F 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4600] kernel32.dll!SetUnhandledExceptionFilter 774AA9BD 5 Bytes JMP 5A9C53FC C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4600] kernel32.dll!GetBinaryTypeW + 70 774D252F 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4600] ole32.dll!OleLoadFromStream 76BB1E80 5 Bytes JMP 5B48F68E C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll .text C:\Windows\system32\notepad.exe[4608] kernel32.dll!GetBinaryTypeW + 70 774D252F 1 Byte [62] .text C:\Windows\system32\wbem\unsecapp.exe[4752] kernel32.dll!GetBinaryTypeW + 70 774D252F 1 Byte [62] .text C:\Windows\notepad.exe[4820] kernel32.dll!GetBinaryTypeW + 70 774D252F 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 003101F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 003103FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtCreateFile + 6 7774426A 4 Bytes [28, 9C, 2B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtCreateFile + B 7774426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtMapViewOfSection + 6 777449BA 4 Bytes [28, 9F, 2B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtMapViewOfSection + B 777449BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtOpenFile + 6 77744A4A 4 Bytes [68, 9C, 2B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtOpenFile + B 77744A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtOpenProcess + 6 77744ACA 4 Bytes [A8, 9D, 2B, 00] {TEST AL, 0x9d; SUB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtOpenProcess + B 77744ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtOpenProcessToken + B 77744ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtOpenProcessTokenEx + 6 77744AEA 4 Bytes [A8, 9E, 2B, 00] {TEST AL, 0x9e; SUB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtOpenProcessTokenEx + B 77744AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtOpenThread + 6 77744B3A 4 Bytes [68, 9D, 2B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtOpenThread + B 77744B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtOpenThreadToken + 6 77744B4A 4 Bytes [68, 9E, 2B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtOpenThreadToken + B 77744B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtOpenThreadTokenEx + B 77744B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtQueryAttributesFile + 6 77744BEA 4 Bytes [A8, 9C, 2B, 00] {TEST AL, 0x9c; SUB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtQueryAttributesFile + B 77744BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtQueryFullAttributesFile + B 77744C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtSetInformationFile + 6 7774517A 4 Bytes [28, 9D, 2B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtSetInformationFile + B 7774517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtSetInformationThread + 6 777451CA 4 Bytes [28, 9E, 2B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtSetInformationThread + B 777451CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtUnmapViewOfSection + 6 7774546A 4 Bytes [68, 9F, 2B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5316] ntdll.dll!NtUnmapViewOfSection + B 7774546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5316] KERNEL32.dll!GetBinaryTypeW + 70 774D252F 1 Byte [62] .text C:\Windows\system32\wuauclt.exe[5388] kernel32.dll!GetBinaryTypeW + 70 774D252F 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 003F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 003F03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtCreateFile + 6 7774426A 4 Bytes [28, A0, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtCreateFile + B 7774426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtMapViewOfSection + 6 777449BA 4 Bytes [28, A3, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtMapViewOfSection + B 777449BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenFile + 6 77744A4A 4 Bytes [68, A0, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenFile + B 77744A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenProcess + 6 77744ACA 4 Bytes [A8, A1, 39, 00] {TEST AL, 0xa1; CMP [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenProcess + B 77744ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenProcessToken + B 77744ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenProcessTokenEx + 6 77744AEA 4 Bytes [A8, A2, 39, 00] {TEST AL, 0xa2; CMP [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenProcessTokenEx + B 77744AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenThread + 6 77744B3A 4 Bytes [68, A1, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenThread + B 77744B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenThreadToken + 6 77744B4A 4 Bytes [68, A2, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenThreadToken + B 77744B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenThreadTokenEx + B 77744B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtQueryAttributesFile + 6 77744BEA 4 Bytes [A8, A0, 39, 00] {TEST AL, 0xa0; CMP [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtQueryAttributesFile + B 77744BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtQueryFullAttributesFile + B 77744C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtSetInformationFile + 6 7774517A 4 Bytes [28, A1, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtSetInformationFile + B 7774517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtSetInformationThread + 6 777451CA 4 Bytes [28, A2, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtSetInformationThread + B 777451CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtUnmapViewOfSection + 6 7774546A 4 Bytes [68, A3, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtUnmapViewOfSection + B 7774546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] KERNEL32.dll!GetBinaryTypeW + 70 774D252F 1 Byte [62] .text C:\Windows\notepad.exe[5836] kernel32.dll!GetBinaryTypeW + 70 774D252F 1 Byte [62] .text C:\Windows\system32\notepad.exe[6080] kernel32.dll!GetBinaryTypeW + 70 774D252F 1 Byte [62] ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\tdx \Device\Tcp aswTdi.sys AttachedDevice \Driver\tdx \Device\Udp aswTdi.sys ---- Files - GMER 2.1 ---- File C:\Users\ace2\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000a25 18800 bytes File C:\Users\ace2\AppData\Local\Temp\~DF1CE4.tmp 512 bytes ---- EOF - GMER 2.1 ----