GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2015-02-02 13:27:39 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-6 WDC_WD5000AADS-00S9B0 rev.01.00A01 465,76GB Running: m57g1hli.exe; Driver: C:\Users\Admin\AppData\Local\Temp\uwddakob.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwSaveKey + 13C1 8305A339 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83093D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ? System32\Drivers\spsa.sys System nie może odnaleźć określonej ścieżki. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtCreateFile + 6 779855CE 4 Bytes [28, 24, 79, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtCreateFile + B 779855D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtMapViewOfSection + 6 77985C2E 4 Bytes [28, 27, 79, 00] {SUB [EDI], AH; JNS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtMapViewOfSection + B 77985C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtOpenFile + 6 77985CDE 4 Bytes [68, 24, 79, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtOpenFile + B 77985CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtOpenProcess + 6 77985D8E 4 Bytes [A8, 25, 79, 00] {TEST AL, 0x25; JNS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtOpenProcess + B 77985D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtOpenProcessToken + 6 77985D9E 4 Bytes CALL 7698D6C8 C:\Windows\system32\RPCRT4.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtOpenProcessToken + B 77985DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtOpenProcessTokenEx + 6 77985DAE 4 Bytes [A8, 26, 79, 00] {TEST AL, 0x26; JNS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtOpenProcessTokenEx + B 77985DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtOpenThread + 6 77985E0E 4 Bytes [68, 25, 79, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtOpenThread + B 77985E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtOpenThreadToken + 6 77985E1E 4 Bytes [68, 26, 79, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtOpenThreadToken + B 77985E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtOpenThreadTokenEx + 6 77985E2E 4 Bytes CALL 7698D759 C:\Windows\system32\RPCRT4.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtOpenThreadTokenEx + B 77985E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtQueryAttributesFile + 6 77985F3E 4 Bytes [A8, 24, 79, 00] {TEST AL, 0x24; JNS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtQueryAttributesFile + B 77985F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtQueryFullAttributesFile + 6 77985FEE 4 Bytes CALL 7698D917 C:\Windows\system32\RPCRT4.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtQueryFullAttributesFile + B 77985FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtSetInformationFile + 6 7798663E 4 Bytes [28, 25, 79, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtSetInformationFile + B 77986643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtSetInformationThread + 6 7798669E 4 Bytes [28, 26, 79, 00] {SUB [ESI], AH; JNS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtSetInformationThread + B 779866A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtUnmapViewOfSection + 6 779869BE 4 Bytes [68, 27, 79, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1268] ntdll.dll!NtUnmapViewOfSection + B 779869C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtCreateFile + 6 779855CE 4 Bytes [28, 28, 80, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtCreateFile + B 779855D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtMapViewOfSection + 6 77985C2E 4 Bytes [28, 2B, 80, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtMapViewOfSection + B 77985C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtOpenFile + 6 77985CDE 4 Bytes [68, 28, 80, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtOpenFile + B 77985CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtOpenProcess + 6 77985D8E 4 Bytes [A8, 29, 80, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtOpenProcess + B 77985D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtOpenProcessToken + 6 77985D9E 4 Bytes CALL 7698DDCC C:\Windows\system32\RPCRT4.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtOpenProcessToken + B 77985DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtOpenProcessTokenEx + 6 77985DAE 4 Bytes [A8, 2A, 80, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtOpenProcessTokenEx + B 77985DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtOpenThread + 6 77985E0E 4 Bytes [68, 29, 80, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtOpenThread + B 77985E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtOpenThreadToken + 6 77985E1E 4 Bytes [68, 2A, 80, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtOpenThreadToken + B 77985E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtOpenThreadTokenEx + 6 77985E2E 4 Bytes CALL 7698DE5D C:\Windows\system32\RPCRT4.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtOpenThreadTokenEx + B 77985E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtQueryAttributesFile + 6 77985F3E 4 Bytes [A8, 28, 80, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtQueryAttributesFile + B 77985F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtQueryFullAttributesFile + 6 77985FEE 4 Bytes CALL 7698E01B C:\Windows\system32\RPCRT4.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtQueryFullAttributesFile + B 77985FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtSetInformationFile + 6 7798663E 4 Bytes [28, 29, 80, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtSetInformationFile + B 77986643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtSetInformationThread + 6 7798669E 4 Bytes [28, 2A, 80, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtSetInformationThread + B 779866A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtUnmapViewOfSection + 6 779869BE 4 Bytes [68, 2B, 80, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1316] ntdll.dll!NtUnmapViewOfSection + B 779869C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtCreateFile + 6 779855CE 4 Bytes [28, 98, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtCreateFile + B 779855D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtMapViewOfSection + 6 77985C2E 4 Bytes [28, 9B, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtMapViewOfSection + B 77985C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtOpenFile + 6 77985CDE 4 Bytes [68, 98, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtOpenFile + B 77985CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtOpenProcess + 6 77985D8E 4 Bytes [A8, 99, 30, 00] {TEST AL, 0x99; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtOpenProcess + B 77985D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtOpenProcessToken + 6 77985D9E 4 Bytes CALL 76988E3C C:\Windows\system32\RPCRT4.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtOpenProcessToken + B 77985DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtOpenProcessTokenEx + 6 77985DAE 4 Bytes [A8, 9A, 30, 00] {TEST AL, 0x9a; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtOpenProcessTokenEx + B 77985DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtOpenThread + 6 77985E0E 4 Bytes [68, 99, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtOpenThread + B 77985E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtOpenThreadToken + 6 77985E1E 4 Bytes [68, 9A, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtOpenThreadToken + B 77985E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtOpenThreadTokenEx + 6 77985E2E 4 Bytes CALL 76988ECD C:\Windows\system32\RPCRT4.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtOpenThreadTokenEx + B 77985E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtQueryAttributesFile + 6 77985F3E 4 Bytes [A8, 98, 30, 00] {TEST AL, 0x98; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtQueryAttributesFile + B 77985F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtQueryFullAttributesFile + 6 77985FEE 4 Bytes CALL 7698908B C:\Windows\system32\RPCRT4.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtQueryFullAttributesFile + B 77985FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtSetInformationFile + 6 7798663E 4 Bytes [28, 99, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtSetInformationFile + B 77986643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtSetInformationThread + 6 7798669E 4 Bytes [28, 9A, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtSetInformationThread + B 779866A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtUnmapViewOfSection + 6 779869BE 4 Bytes [68, 9B, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtUnmapViewOfSection + B 779869C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtCreateFile + 6 779855CE 4 Bytes [28, 48, F3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtCreateFile + B 779855D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtMapViewOfSection + 6 77985C2E 4 Bytes [28, 4B, F3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtMapViewOfSection + B 77985C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenFile + 6 77985CDE 4 Bytes [68, 48, F3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenFile + B 77985CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcess + 6 77985D8E 4 Bytes [A8, 49, F3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcess + B 77985D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcessToken + 6 77985D9E 4 Bytes CALL 769950EC C:\Windows\system32\RPCRT4.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcessToken + B 77985DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcessTokenEx + 6 77985DAE 4 Bytes [A8, 4A, F3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcessTokenEx + B 77985DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThread + 6 77985E0E 4 Bytes [68, 49, F3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThread + B 77985E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThreadToken + 6 77985E1E 4 Bytes [68, 4A, F3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThreadToken + B 77985E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThreadTokenEx + 6 77985E2E 4 Bytes CALL 7699517D C:\Windows\system32\RPCRT4.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThreadTokenEx + B 77985E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtQueryAttributesFile + 6 77985F3E 4 Bytes [A8, 48, F3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtQueryAttributesFile + B 77985F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtQueryFullAttributesFile + 6 77985FEE 4 Bytes CALL 7699533B C:\Windows\system32\RPCRT4.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtQueryFullAttributesFile + B 77985FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtSetInformationFile + 6 7798663E 4 Bytes [28, 49, F3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtSetInformationFile + B 77986643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtSetInformationThread + 6 7798669E 4 Bytes [28, 4A, F3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtSetInformationThread + B 779866A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtUnmapViewOfSection + 6 779869BE 4 Bytes [68, 4B, F3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtUnmapViewOfSection + B 779869C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtMapViewOfSection + 6 77985C2E 4 Bytes [18, 20, B8, 6E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtMapViewOfSection + B 77985C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtCreateFile + 6 779855CE 4 Bytes [28, 3C, 10, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtCreateFile + B 779855D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtMapViewOfSection + 6 77985C2E 4 Bytes [28, 3F, 10, 00] {SUB [EDI], BH; ADC [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtMapViewOfSection + B 77985C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenFile + 6 77985CDE 4 Bytes [68, 3C, 10, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenFile + B 77985CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenProcess + 6 77985D8E 4 Bytes [A8, 3D, 10, 00] {TEST AL, 0x3d; ADC [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenProcess + B 77985D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenProcessToken + 6 77985D9E 4 Bytes CALL 76986DE0 C:\Windows\system32\RPCRT4.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenProcessToken + B 77985DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenProcessTokenEx + 6 77985DAE 4 Bytes [A8, 3E, 10, 00] {TEST AL, 0x3e; ADC [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenProcessTokenEx + B 77985DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenThread + 6 77985E0E 4 Bytes [68, 3D, 10, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenThread + B 77985E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenThreadToken + 6 77985E1E 4 Bytes [68, 3E, 10, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenThreadToken + B 77985E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenThreadTokenEx + 6 77985E2E 4 Bytes CALL 76986E71 C:\Windows\system32\RPCRT4.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenThreadTokenEx + B 77985E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtQueryAttributesFile + 6 77985F3E 4 Bytes [A8, 3C, 10, 00] {TEST AL, 0x3c; ADC [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtQueryAttributesFile + B 77985F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtQueryFullAttributesFile + 6 77985FEE 4 Bytes CALL 7698702F C:\Windows\system32\RPCRT4.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtQueryFullAttributesFile + B 77985FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtSetInformationFile + 6 7798663E 4 Bytes [28, 3D, 10, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtSetInformationFile + B 77986643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtSetInformationThread + 6 7798669E 4 Bytes [28, 3E, 10, 00] {SUB [ESI], BH; ADC [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtSetInformationThread + B 779866A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtUnmapViewOfSection + 6 779869BE 4 Bytes [68, 3F, 10, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtUnmapViewOfSection + B 779869C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5696] ntdll.dll!NtCreateFile + 6 779855CE 4 Bytes [28, 28, 7C, 00] {SUB [EAX], CH; JL 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5696] ntdll.dll!NtCreateFile + B 779855D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5696] ntdll.dll!NtMapViewOfSection + 6 77985C2E 4 Bytes [28, 2B, 7C, 00] {SUB [EBX], CH; JL 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5696] ntdll.dll!NtMapViewOfSection + B 77985C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5696] ntdll.dll!NtOpenFile + 6 77985CDE 4 Bytes [68, 28, 7C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5696] ntdll.dll!NtOpenFile + B 77985CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5696] ntdll.dll!NtOpenProcess + 6 77985D8E 4 Bytes [A8, 29, 7C, 00] {TEST AL, 0x29; JL 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5696] ntdll.dll!NtOpenProcess + B 77985D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5696] ntdll.dll!NtOpenProcessToken + 6 77985D9E 4 Bytes CALL 7698D9CC C:\Windows\system32\RPCRT4.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5696] ntdll.dll!NtOpenProcessToken + B 77985DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5696] ntdll.dll!NtOpenProcessTokenEx + 6 77985DAE 4 Bytes [A8, 2A, 7C, 00] {TEST AL, 0x2a; JL 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5696] ntdll.dll!NtOpenProcessTokenEx + B 77985DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5696] ntdll.dll!NtOpenThread + 6 77985E0E 4 Bytes [68, 29, 7C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5696] ntdll.dll!NtOpenThread + B 77985E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5696] ntdll.dll!NtOpenThreadToken + 6 77985E1E 4 Bytes [68, 2A, 7C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5696] ntdll.dll!NtOpenThreadToken + B 77985E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5696] ntdll.dll!NtOpenThreadTokenEx + 6 77985E2E 4 Bytes CALL 7698DA5D C:\Windows\system32\RPCRT4.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5696] ntdll.dll!NtOpenThreadTokenEx + B 77985E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5696] ntdll.dll!NtQueryAttributesFile + 6 77985F3E 4 Bytes [A8, 28, 7C, 00] {TEST AL, 0x28; JL 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5696] ntdll.dll!NtQueryAttributesFile + B 77985F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5696] ntdll.dll!NtQueryFullAttributesFile + 6 77985FEE 4 Bytes CALL 7698DC1B C:\Windows\system32\RPCRT4.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5696] ntdll.dll!NtQueryFullAttributesFile + B 77985FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5696] ntdll.dll!NtSetInformationFile + 6 7798663E 4 Bytes [28, 29, 7C, 00] {SUB [ECX], CH; JL 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5696] ntdll.dll!NtSetInformationFile + B 77986643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5696] ntdll.dll!NtSetInformationThread + 6 7798669E 4 Bytes [28, 2A, 7C, 00] {SUB [EDX], CH; JL 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5696] ntdll.dll!NtSetInformationThread + B 779866A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5696] ntdll.dll!NtUnmapViewOfSection + 6 779869BE 4 Bytes [68, 2B, 7C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5696] ntdll.dll!NtUnmapViewOfSection + B 779869C3 1 Byte [E2] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[2056] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74572437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[2056] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74555600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[2056] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [745556BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[2056] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [745724B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[2056] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74568514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[2056] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74564CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[2056] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7456506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[2056] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74565144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[2056] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74566671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[2056] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7456826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[2056] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [745687BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[2056] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7456901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[2056] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7456E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[2056] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74564BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 859421F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{F3229206-94E2-44F3-8BE8-07B78225DD5F} 86A62500 Device \Driver\NetBT \Device\NetBT_Tcpip_{3D624865-1582-4357-B0DD-937BDD4BA7A3} 86A62500 Device \Driver\PCI_PNP5146 \Device\00000050 spsa.sys Device \Driver\usbohci \Device\USBPDO-0 869CE500 Device \Driver\usbohci \Device\USBPDO-1 869CE500 Device \Driver\usbehci \Device\USBPDO-2 86B84500 Device \Driver\usbohci \Device\USBPDO-3 869CE500 Device \Driver\usbohci \Device\USBPDO-4 869CE500 Device \Driver\usbehci \Device\USBPDO-5 86B84500 Device \Driver\usbohci \Device\USBPDO-6 869CE500 Device \Driver\volmgr \Device\HarddiskVolume1 8593E1F8 Device \Driver\volmgr \Device\HarddiskVolume2 8593E1F8 Device \Driver\cdrom \Device\CdRom0 869FB500 Device \Driver\volmgr \Device\HarddiskVolume3 8593E1F8 Device \Driver\atapi \Device\Ide\IdePort0 859401F8 Device \Driver\atapi \Device\Ide\IdePort1 859401F8 Device \Driver\atapi \Device\Ide\IdePort2 859401F8 Device \Driver\atapi \Device\Ide\IdePort3 859401F8 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-3 859401F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-6 859401F8 Device \Driver\cdrom \Device\CdRom1 869FB500 Device \Driver\volmgr \Device\HarddiskVolume4 8593E1F8 Device \Driver\cdrom \Device\CdRom2 869FB500 Device \Driver\volmgr \Device\HarddiskVolume5 8593E1F8 Device \Driver\volmgr \Device\HarddiskVolume6 8593E1F8 Device \Driver\USBSTOR \Device\00000076 878E81F8 Device \Driver\USBSTOR \Device\00000077 878E81F8 Device \Driver\volmgr \Device\HarddiskVolume7 8593E1F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 86A62500 Device \Driver\USBSTOR \Device\00000078 878E81F8 Device \Driver\USBSTOR \Device\00000079 878E81F8 Device \Driver\sptd \Device\2382137146 spsa.sys Device \Driver\usbohci \Device\USBFDO-0 869CE500 Device \Driver\USBSTOR \Device\0000007a 878E81F8 Device \Driver\usbohci \Device\USBFDO-1 869CE500 Device \Driver\usbehci \Device\USBFDO-2 86B84500 Device \Driver\usbohci \Device\USBFDO-3 869CE500 Device \Driver\usbohci \Device\USBFDO-4 869CE500 Device \Driver\usbehci \Device\USBFDO-5 86B84500 Device \Driver\usbohci \Device\USBFDO-6 869CE500 Device \Driver\apnngu7f \Device\Scsi\apnngu7f1Port4Path0Target1Lun0 86C3C500 Device \Driver\apnngu7f \Device\Scsi\apnngu7f1 86C3C500 Device \Driver\apnngu7f \Device\Scsi\apnngu7f1Port4Path0Target0Lun0 86C3C500 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x859401f8]<< 859401f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86843030] 86843030 Trace 3 CLASSPNP.SYS[8c4f159e] -> nt!IofCallDriver -> [0x86680870] 86680870 Trace 5 ACPI.sys[8bd473d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-6[0x86688030] 86688030 Trace \Driver\atapi[0x866a17b0] -> IRP_MJ_CREATE -> 0x859401f8 859401f8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x85 0xA1 0x5C 0x2E ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD9 0x84 0x23 0x50 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8B 0xE9 0x83 0xB9 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xA3 0xC0 0xEB 0x57 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x85 0xA1 0x5C 0x2E ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD9 0x84 0x23 0x50 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8B 0xE9 0x83 0xB9 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xA3 0xC0 0xEB 0x57 ... Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\BD42F974-7197-4E5E-8475-33209D9D20F7@IPAddress 192.168.0.105 Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{D8F980C2-A66F-11E4-9D6D-806E6F6E6963} 152701808 ---- EOF - GMER 2.1 ----