GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-01-24 21:24:07 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e SAMSUNG_HD161HJ rev.JF100-19 149,05GB Running: bj9uzwob.exe; Driver: C:\DOCUME~1\Tomi\USTAWI~1\Temp\fxpiraow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xADF64AC4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xADF655A2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xADFAB5A0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xADF7163C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xADF71688] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xADF71822] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xADFAAF54] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xADF715AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xADF716CC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xADF715F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xADF65AD8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xADF717DC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xADF66390] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xADF64B2A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xADFABC66] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xADFABF1C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xADF69B86] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xADFABAD1] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xADFAB93C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xADF64716] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xADF64B90] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xADF69F7C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xADF66E78] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xADF71666] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xADF716AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xADF71846] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xADFAB2B0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xADF715D0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xADF6947E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xADF7175A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xADF7161A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xADF6986A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xADF71800] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xADFAB7B7] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xADF66CEC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xADFAB609] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xADF66842] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xADFAA597] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xADF64BF6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xADF64C5C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xADF6620A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xADF647B0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xADF64982] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xADFABD6D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xADF64910] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xADF6655A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xADF666BC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xADF64A0A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xADF66048] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xADF661EA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xADF64CC2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xADF655FE] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2F10 8050479C 12 Bytes [F6, 4B, F6, AD, 5C, 4C, F6, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504844 12 Bytes [5A, 65, F6, AD, BC, 66, F6, ...] {POP EDX; IMUL BYTE [GS:EBP-0x52099944]; OR CL, [EDX-0xa]; LODSD } PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A648C 4 Bytes CALL ADF67549 \SystemRoot\system32\drivers\aswSnx.sys .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6B0B000, 0x27EFD7, 0xE8000020] ? C:\WINDOWS\system32\drivers\hiojf.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, A0, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, A3, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, A0, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, A1, B3, 00] {TEST AL, 0xa1; MOV BL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B91899C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, A2, B3, 00] {TEST AL, 0xa2; MOV BL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, A1, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, A2, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B918A0D .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, A0, B3, 00] {TEST AL, 0xa0; MOV BL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B918B3B .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, A1, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, A2, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, A3, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 58, 99, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 5B, 99, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 58, 99, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 59, 99, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B916F54 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 5A, 99, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 59, 99, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 5A, 99, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B916FC5 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 58, 99, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B9170F3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 59, 99, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 5A, 99, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 5B, 99, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [18, 20, C4, 01] {SBB [EAX], AH; LES EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 80, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 83, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 80, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 81, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90EC7C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 82, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 81, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 82, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90ECED .text C:\Program Files\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 80, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90EE1B .text C:\Program Files\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 81, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 82, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 83, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 78, 93, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 7B, 93, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 78, 93, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 79, 93, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B916974 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 7A, 93, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 79, 93, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 7A, 93, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B9169E5 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 78, 93, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B916B13 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 79, 93, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 7A, 93, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 7B, 93, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3900] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 5C, 6E, 00] {SUB [ESI+EBP*2+0x0], BL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 5F, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 5C, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 5D, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B914458 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 5E, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 5D, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 5E, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B9144C9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 5C, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B9145F7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 5D, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 5E, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 5F, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3944] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 24, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 27, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 24, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 25, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B91A020 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 26, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 25, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 26, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B91A091 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 24, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91A1BF .text C:\Program Files\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 25, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 26, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 27, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] ---- Devices - GMER 2.1 ---- Device \Driver\amsint32 \Device\amsint32 hiojf.sys AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys ---- EOF - GMER 2.1 ----