GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-10-22 21:02:49 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e Hitachi_HTS541612J9SA00 rev.SBDOC70P 111,79GB Running: b1sz9j3k.exe; Driver: D:\DOCUME~1\aneta\USTAWI~1\Temp\pxtdipow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xF61CEAC4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0xF6880012] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xF61CF5A2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xF6215550] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xF61DB63C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xF61DB688] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xF61DB822] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xF6214F04] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xF61DB5AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xF61DB6CC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xF61DB5F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xF61CFAD8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xF61DB7DC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xF61D0390] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xF61CEB2A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xF6215C16] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xF6215ECC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xF61D3B86] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xF6215A81] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xF62158EC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xF61CE716] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xF68804CC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xF61CEB90] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xF61D3F7C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xF61D0E78] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xF61DB666] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xF61DB6AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xF61DB846] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xF6215260] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xF61DB5D0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xF61D347E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xF61DB75A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xF61DB61A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xF61D386A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xF61DB800] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xF688026A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xF6215767] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xF61D0CEC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xF62155B9] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xF61D0842] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xF688DF28] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwReplaceKey [0xF688E894] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xF6214547] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xF61CEBF6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xF61CEC5C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xF61D020A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xF61CE7B0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xF61CE982] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xF6215D1D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xF61CE910] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xF61D055A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xF61D06BC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xF61CEA0A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xF61D0048] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xF61D01EA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xF61CECC2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xF61CF5FE] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2448 80501CA4 4 Bytes [C4, EA, 1C, F6] .text ntkrnlpa.exe!ZwCallbackReturn + 2770 80501FCC 12 Bytes [F6, EB, 1C, F6, 5C, EC, 1C, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2808 80502064 4 Bytes JMP AD951685 .text ntkrnlpa.exe!ZwCallbackReturn + 2818 80502074 12 Bytes [5A, 05, 1D, F6, BC, 06, 1D, ...] ---- User code sections - GMER 2.1 ---- .text D:\Program Files\AVAST Software\Avast\AvastSvc.exe[224] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text D:\Program Files\AVAST Software\Avast\afwServ.exe[252] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text D:\Program Files\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, DC, A6, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, DF, A6, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, DC, A6, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, DD, A6, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B917CF6 .text D:\Program Files\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, DE, A6, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, DD, A6, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, DE, A6, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B917D67 .text D:\Program Files\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, DC, A6, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B917E95 .text D:\Program Files\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, DD, A6, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, DE, A6, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, DF, A6, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00D401F8 .text D:\Program Files\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00D403FC .text D:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 48, 18, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 4B, 18, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 48, 18, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 49, 18, 00] {TEST AL, 0x49; SBB [EAX], AL} .text D:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EE62 .text D:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 4A, 18, 00] {TEST AL, 0x4a; SBB [EAX], AL} .text D:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 49, 18, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 4A, 18, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EED3 .text D:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 48, 18, 00] {TEST AL, 0x48; SBB [EAX], AL} .text D:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90F001 .text D:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 49, 18, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 4A, 18, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 4B, 18, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 005401F8 .text D:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 005403FC .text D:\Program Files\AVAST Software\Avast\AvastUI.exe[2308] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text D:\Program Files\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 80, 52, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 83, 52, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 80, 52, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 81, 52, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91289A .text D:\Program Files\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 82, 52, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 81, 52, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 82, 52, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91290B .text D:\Program Files\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 80, 52, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912A39 .text D:\Program Files\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 81, 52, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 82, 52, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 83, 52, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 008001F8 .text D:\Program Files\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 008003FC .text D:\Program Files\Google\Chrome\Application\chrome.exe[2776] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 10, 01, 01] {SUB [EAX], DL; ADD [ECX], EAX} .text D:\Program Files\Google\Chrome\Application\chrome.exe[2776] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2776] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 13, 01, 01] {SUB [EBX], DL; ADD [ECX], EAX} .text D:\Program Files\Google\Chrome\Application\chrome.exe[2776] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2776] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 10, 01, 01] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2776] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2776] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 11, 01, 01] {TEST AL, 0x11; ADD [ECX], EAX} .text D:\Program Files\Google\Chrome\Application\chrome.exe[2776] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2776] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91D72A .text D:\Program Files\Google\Chrome\Application\chrome.exe[2776] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2776] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 12, 01, 01] {TEST AL, 0x12; ADD [ECX], EAX} .text D:\Program Files\Google\Chrome\Application\chrome.exe[2776] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2776] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 11, 01, 01] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2776] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2776] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 12, 01, 01] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2776] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2776] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91D79B .text D:\Program Files\Google\Chrome\Application\chrome.exe[2776] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2776] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 10, 01, 01] {TEST AL, 0x10; ADD [ECX], EAX} .text D:\Program Files\Google\Chrome\Application\chrome.exe[2776] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2776] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91D8C9 .text D:\Program Files\Google\Chrome\Application\chrome.exe[2776] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2776] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 11, 01, 01] {SUB [ECX], DL; ADD [ECX], EAX} .text D:\Program Files\Google\Chrome\Application\chrome.exe[2776] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2776] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 12, 01, 01] {SUB [EDX], DL; ADD [ECX], EAX} .text D:\Program Files\Google\Chrome\Application\chrome.exe[2776] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2776] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 13, 01, 01] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2776] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2776] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 012F01F8 .text D:\Program Files\Google\Chrome\Application\chrome.exe[2776] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 012F03FC .text D:\Program Files\Google\Chrome\Application\chrome.exe[3328] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [18, 20, C4, 01] {SBB [EAX], AH; LES EAX, [ECX]} .text D:\Program Files\Google\Chrome\Application\chrome.exe[3328] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3328] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003C01F8 .text D:\Program Files\Google\Chrome\Application\chrome.exe[3328] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003C03FC .text D:\Program Files\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 44, CD, 00] {SUB [EBP+ECX*8+0x0], AL} .text D:\Program Files\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 47, CD, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 44, CD, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 45, CD, 00] {TEST AL, 0x45; INT 0x0} .text D:\Program Files\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91A35E .text D:\Program Files\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 46, CD, 00] {TEST AL, 0x46; INT 0x0} .text D:\Program Files\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 45, CD, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 46, CD, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91A3CF .text D:\Program Files\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 44, CD, 00] {TEST AL, 0x44; INT 0x0} .text D:\Program Files\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91A4FD .text D:\Program Files\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 45, CD, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 46, CD, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 47, CD, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00FB01F8 .text D:\Program Files\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00FB03FC .text D:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, A0, 3B, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, A3, 3B, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, A0, 3B, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, A1, 3B, 00] {TEST AL, 0xa1; CMP EAX, [EAX]} .text D:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9111BA .text D:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, A2, 3B, 00] {TEST AL, 0xa2; CMP EAX, [EAX]} .text D:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, A1, 3B, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, A2, 3B, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91122B .text D:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, A0, 3B, 00] {TEST AL, 0xa0; CMP EAX, [EAX]} .text D:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B911359 .text D:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, A1, 3B, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, A2, 3B, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, A3, 3B, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 007701F8 .text D:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 007703FC ---- User IAT/EAT - GMER 2.1 ---- IAT D:\WINDOWS\system32\services.exe[1108] @ D:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT D:\WINDOWS\system32\services.exe[1108] @ D:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip aswNdis2.sys AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswNdis2.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Udp aswNdis2.sys AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswNdis2.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys ---- Processes - GMER 2.1 ---- Library D:\Documents and Settings\aneta\Moje dokumenty\Downloads\FRST.exe (*** hidden *** ) @ D:\Documents and Settings\aneta\Moje dokumenty\Downloads\FRST.exe [2956] 0x00400000 ---- EOF - GMER 2.1 ----