GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-12-02 21:03:58 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD1600JB-00REA0 rev.20.00K20 149,05GB Running: ek7h2kue.exe; Driver: C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\axxirpob.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5A073C0, 0x84E2FA, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB7971300, 0x3AE88, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF7A37300, 0x1B7E, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 64, 4F, 00] {SUB [EDI+ECX*2+0x0], AH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 67, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 64, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 65, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B912560 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 66, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 65, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 66, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B9125D1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 64, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B9126FF .text C:\Program Files\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 65, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 66, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 67, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\WINDOWS\Explorer.EXE[1440] SHELL32.dll!SHFileOperationW 7CA7083C 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, DC, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, DF, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, DC, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, DD, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B9181D8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, DE, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, DD, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, DE, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B918249 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, DC, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B918377 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, DD, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, DE, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, DF, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 48, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 4B, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 48, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 49, 8E, 00] {TEST AL, 0x49; MOV ES, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B916444 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 4A, 8E, 00] {TEST AL, 0x4a; MOV ES, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 49, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 4A, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B9164B5 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 48, 8E, 00] {TEST AL, 0x48; MOV ES, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B9165E3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 49, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 4A, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 4B, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, F4, DB, 00] {SUB AH, DH; FILD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, F7, DB, 00] {SUB BH, DH; FILD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, F4, DB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, F5, DB, 00] {TEST AL, 0xf5; FILD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B91B1F0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, F6, DB, 00] {TEST AL, 0xf6; FILD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, F5, DB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, F6, DB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B91B261 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, F4, DB, 00] {TEST AL, 0xf4; FILD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91B38F .text C:\Program Files\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, F5, DB, 00] {SUB CH, DH; FILD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, F6, DB, 00] {SUB DH, DH; FILD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, F7, DB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [18, 20, C4, 01] {SBB [EAX], AH; LES EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 5C, 5B, 00] {SUB [EBX+EBX*2+0x0], BL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 5F, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 5C, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 5D, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B913158 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 5E, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 5D, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 5E, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B9131C9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 5C, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B9132F7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 5D, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 5E, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 5F, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, A4, EB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, A7, EB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, A4, EB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, A5, EB, 00] {TEST AL, 0xa5; JMP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B91C1A0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, A6, EB, 00] {TEST AL, 0xa6; JMP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, A5, EB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, A6, EB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B91C211 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, A4, EB, 00] {TEST AL, 0xa4; JMP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91C33F .text C:\Program Files\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, A5, EB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, A6, EB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, A7, EB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 34, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 37, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 34, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 35, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B913630 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 36, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 35, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 36, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B9136A1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 34, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B9137CF .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 35, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 36, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 37, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip {55825785-0831-456c-8958-bd781398505d}t.sys AttachedDevice \Driver\Tcpip \Device\Ip {651e31c1-db10-434b-a173-a9b0e6a15ce0}t.sys Device {efa349b9-003c-4506-9e55-957c1cff853c}t.sys Device {397e3208-0393-47ca-9748-370b27e14021}t.sys Device tcpip.sys AttachedDevice \Driver\Tcpip \Device\RawIp {55825785-0831-456c-8958-bd781398505d}t.sys AttachedDevice \Driver\Tcpip \Device\RawIp {651e31c1-db10-434b-a173-a9b0e6a15ce0}t.sys ---- EOF - GMER 2.1 ----