GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-04-06 12:34:03 Windows 6.1.7600 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST9250827AS rev.3.AAA 232,89GB Running: dfoodk5p.exe; Driver: C:\Users\Marcin\AppData\Local\Temp\awrdrpoc.sys ---- System - GMER 2.1 ---- SSDT \??\C:\Users\Marcin\AppData\Local\Temp\7371726A.sys ZwCreateSection [0x9C74D7E8] SSDT \??\C:\Users\Marcin\AppData\Local\Temp\7371726A.sys ZwCreateThread [0x9C74D96C] SSDT \??\C:\Users\Marcin\AppData\Local\Temp\7371726A.sys ZwCreateThreadEx [0x9C74D9FA] SSDT \??\C:\Users\Marcin\AppData\Local\Temp\7371726A.sys ZwMakeTemporaryObject [0x9C74D75E] SSDT \??\C:\Users\Marcin\AppData\Local\Temp\7371726A.sys ZwQueueApcThread [0x9C74DA8A] SSDT \??\C:\Users\Marcin\AppData\Local\Temp\7371726A.sys ZwQueueApcThreadEx [0x9C74DB1A] SSDT \??\C:\Users\Marcin\AppData\Local\Temp\7371726A.sys ZwSetContextThread [0x9C74DBAA] SSDT \??\C:\Users\Marcin\AppData\Local\Temp\7371726A.sys ZwSetSystemInformation [0x9C74A2A8] SSDT \??\C:\Users\Marcin\AppData\Local\Temp\7371726A.sys ZwSetSystemTime [0x9C74A45E] SSDT \??\C:\Users\Marcin\AppData\Local\Temp\7371726A.sys ZwUnmapViewOfSection [0x9C74D6D0] SSDT \??\C:\Users\Marcin\AppData\Local\Temp\7371726A.sys ZwWriteVirtualMemory [0x9C74B98A] ---- Kernel code sections - GMER 2.1 ---- .text ntkrlICE.exe!ZwSaveKeyEx + 13AD 8288D599 1 Byte [06] .text ntkrlICE.exe!KiDispatchInterrupt + 5A2 828B1F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrlICE.exe!RtlSidHashLookup + 340 828B9850 4 Bytes CALL CC280D2C .text ntkrlICE.exe!RtlSidHashLookup + 34C 828B985C 8 Bytes [6C, D9, 74, 9C, FA, D9, 74, ...] .text ntkrlICE.exe!RtlSidHashLookup + 480 828B9990 4 Bytes [5E, D7, 74, 9C] {POP ESI; XLAT BYTE [EBX+AL]; JZ 0xffffffa0} .text ntkrlICE.exe!RtlSidHashLookup + 624 828B9B34 8 Bytes [8A, DA, 74, 9C, 1A, DB, 74, ...] {MOV BL, DL; JZ 0xffffffa0; SBB BL, BL; JZ 0xffffffa4} .text ntkrlICE.exe!RtlSidHashLookup + 6E0 828B9BF0 4 Bytes [AA, DB, 74, 9C] .text ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91E07000, 0x2BFBF0, 0xE8000020] ? C:\Users\Marcin\AppData\Local\Temp\7371726A.sys Nie można odnaleźć określonego pliku. ! ? C:\Users\Marcin\AppData\Local\Temp\748D1137.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[1580] ntdll.dll!NtCreateFile + 6 76EA55E6 4 Bytes [28, 78, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1580] ntdll.dll!NtCreateFile + B 76EA55EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1580] ntdll.dll!NtMapViewOfSection + 6 76EA5C46 4 Bytes [28, 7B, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1580] ntdll.dll!NtMapViewOfSection + B 76EA5C4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1580] ntdll.dll!NtOpenFile + 6 76EA5CF6 4 Bytes [68, 78, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1580] ntdll.dll!NtOpenFile + B 76EA5CFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1580] ntdll.dll!NtOpenProcess + 6 76EA5DA6 4 Bytes [A8, 79, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1580] ntdll.dll!NtOpenProcess + B 76EA5DAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1580] ntdll.dll!NtOpenProcessToken + 6 76EA5DB6 4 Bytes CALL 75EAB234 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1580] ntdll.dll!NtOpenProcessToken + B 76EA5DBB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1580] ntdll.dll!NtOpenProcessTokenEx + 6 76EA5DC6 4 Bytes [A8, 7A, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1580] ntdll.dll!NtOpenProcessTokenEx + B 76EA5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1580] ntdll.dll!NtOpenThread + 6 76EA5E26 4 Bytes [68, 79, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1580] ntdll.dll!NtOpenThread + B 76EA5E2B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1580] ntdll.dll!NtOpenThreadToken + 6 76EA5E36 4 Bytes [68, 7A, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1580] ntdll.dll!NtOpenThreadToken + B 76EA5E3B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1580] ntdll.dll!NtOpenThreadTokenEx + 6 76EA5E46 4 Bytes CALL 75EAB2C5 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1580] ntdll.dll!NtOpenThreadTokenEx + B 76EA5E4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1580] ntdll.dll!NtQueryAttributesFile + 6 76EA5F56 4 Bytes [A8, 78, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1580] ntdll.dll!NtQueryAttributesFile + B 76EA5F5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1580] ntdll.dll!NtQueryFullAttributesFile + 6 76EA6006 4 Bytes CALL 75EAB483 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1580] ntdll.dll!NtQueryFullAttributesFile + B 76EA600B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1580] ntdll.dll!NtSetInformationFile + 6 76EA6656 4 Bytes [28, 79, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1580] ntdll.dll!NtSetInformationFile + B 76EA665B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1580] ntdll.dll!NtSetInformationThread + 6 76EA66B6 4 Bytes [28, 7A, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1580] ntdll.dll!NtSetInformationThread + B 76EA66BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1580] ntdll.dll!NtUnmapViewOfSection + 6 76EA69D6 4 Bytes [68, 7B, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1580] ntdll.dll!NtUnmapViewOfSection + B 76EA69DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1776] ntdll.dll!NtMapViewOfSection + 6 76EA5C46 4 Bytes [18, 20, F7, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1776] ntdll.dll!NtMapViewOfSection + B 76EA5C4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtCreateFile + 6 76EA55E6 4 Bytes [28, 24, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtCreateFile + B 76EA55EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtMapViewOfSection + 6 76EA5C46 4 Bytes [28, 27, 28, 00] {SUB [EDI], AH; SUB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtMapViewOfSection + B 76EA5C4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenFile + 6 76EA5CF6 4 Bytes [68, 24, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenFile + B 76EA5CFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenProcess + 6 76EA5DA6 4 Bytes [A8, 25, 28, 00] {TEST AL, 0x25; SUB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenProcess + B 76EA5DAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenProcessToken + 6 76EA5DB6 4 Bytes CALL 75EA85E0 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenProcessToken + B 76EA5DBB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenProcessTokenEx + 6 76EA5DC6 4 Bytes [A8, 26, 28, 00] {TEST AL, 0x26; SUB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenProcessTokenEx + B 76EA5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenThread + 6 76EA5E26 4 Bytes [68, 25, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenThread + B 76EA5E2B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenThreadToken + 6 76EA5E36 4 Bytes [68, 26, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenThreadToken + B 76EA5E3B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenThreadTokenEx + 6 76EA5E46 4 Bytes CALL 75EA8671 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenThreadTokenEx + B 76EA5E4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtQueryAttributesFile + 6 76EA5F56 4 Bytes [A8, 24, 28, 00] {TEST AL, 0x24; SUB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtQueryAttributesFile + B 76EA5F5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtQueryFullAttributesFile + 6 76EA6006 4 Bytes CALL 75EA882F C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtQueryFullAttributesFile + B 76EA600B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtSetInformationFile + 6 76EA6656 4 Bytes [28, 25, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtSetInformationFile + B 76EA665B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtSetInformationThread + 6 76EA66B6 4 Bytes [28, 26, 28, 00] {SUB [ESI], AH; SUB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtSetInformationThread + B 76EA66BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtUnmapViewOfSection + 6 76EA69D6 4 Bytes [68, 27, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtUnmapViewOfSection + B 76EA69DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtCreateFile + 6 76EA55E6 4 Bytes [28, C4, B6, 00] {SUB AH, AL; MOV DH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtCreateFile + B 76EA55EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtMapViewOfSection + 6 76EA5C46 4 Bytes [28, C7, B6, 00] {SUB BH, AL; MOV DH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtMapViewOfSection + B 76EA5C4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenFile + 6 76EA5CF6 4 Bytes [68, C4, B6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenFile + B 76EA5CFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenProcess + 6 76EA5DA6 4 Bytes [A8, C5, B6, 00] {TEST AL, 0xc5; MOV DH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenProcess + B 76EA5DAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenProcessToken + 6 76EA5DB6 4 Bytes CALL 75EB1480 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenProcessToken + B 76EA5DBB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenProcessTokenEx + 6 76EA5DC6 4 Bytes [A8, C6, B6, 00] {TEST AL, 0xc6; MOV DH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenProcessTokenEx + B 76EA5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenThread + 6 76EA5E26 4 Bytes [68, C5, B6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenThread + B 76EA5E2B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenThreadToken + 6 76EA5E36 4 Bytes [68, C6, B6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenThreadToken + B 76EA5E3B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenThreadTokenEx + 6 76EA5E46 4 Bytes CALL 75EB1511 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenThreadTokenEx + B 76EA5E4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtQueryAttributesFile + 6 76EA5F56 4 Bytes [A8, C4, B6, 00] {TEST AL, 0xc4; MOV DH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtQueryAttributesFile + B 76EA5F5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtQueryFullAttributesFile + 6 76EA6006 4 Bytes CALL 75EB16CF C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtQueryFullAttributesFile + B 76EA600B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtSetInformationFile + 6 76EA6656 4 Bytes [28, C5, B6, 00] {SUB CH, AL; MOV DH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtSetInformationFile + B 76EA665B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtSetInformationThread + 6 76EA66B6 4 Bytes [28, C6, B6, 00] {SUB DH, AL; MOV DH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtSetInformationThread + B 76EA66BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtUnmapViewOfSection + 6 76EA69D6 4 Bytes [68, C7, B6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtUnmapViewOfSection + B 76EA69DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtCreateFile + 6 76EA55E6 4 Bytes [28, 00, B5, 00] {SUB [EAX], AL; MOV CH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtCreateFile + B 76EA55EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtMapViewOfSection + 6 76EA5C46 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtMapViewOfSection + 6 76EA5C46 4 Bytes [28, 03, B5, 00] {SUB [EBX], AL; MOV CH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtMapViewOfSection + B 76EA5C4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenFile + 6 76EA5CF6 4 Bytes [68, 00, B5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenFile + B 76EA5CFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenProcess + 6 76EA5DA6 4 Bytes [A8, 01, B5, 00] {TEST AL, 0x1; MOV CH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenProcess + B 76EA5DAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenProcessToken + 6 76EA5DB6 4 Bytes CALL 75EB12BC C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenProcessToken + B 76EA5DBB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenProcessTokenEx + 6 76EA5DC6 4 Bytes [A8, 02, B5, 00] {TEST AL, 0x2; MOV CH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenProcessTokenEx + B 76EA5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenThread + 6 76EA5E26 4 Bytes [68, 01, B5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenThread + B 76EA5E2B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenThreadToken + 6 76EA5E36 4 Bytes [68, 02, B5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenThreadToken + B 76EA5E3B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenThreadTokenEx + 6 76EA5E46 4 Bytes CALL 75EB134D C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenThreadTokenEx + B 76EA5E4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtQueryAttributesFile + 6 76EA5F56 4 Bytes [A8, 00, B5, 00] {TEST AL, 0x0; MOV CH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtQueryAttributesFile + B 76EA5F5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtQueryFullAttributesFile + 6 76EA6006 4 Bytes CALL 75EB150B C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtQueryFullAttributesFile + B 76EA600B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtSetInformationFile + 6 76EA6656 4 Bytes [28, 01, B5, 00] {SUB [ECX], AL; MOV CH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtSetInformationFile + B 76EA665B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtSetInformationThread + 6 76EA66B6 4 Bytes [28, 02, B5, 00] {SUB [EDX], AL; MOV CH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtSetInformationThread + B 76EA66BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtUnmapViewOfSection + 6 76EA69D6 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtUnmapViewOfSection + 6 76EA69D6 4 Bytes [68, 03, B5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtUnmapViewOfSection + B 76EA69DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtCreateFile + 6 76EA55E6 4 Bytes [28, 64, 3E, 00] {SUB [ESI+EDI+0x0], AH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtCreateFile + B 76EA55EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtMapViewOfSection + 6 76EA5C46 4 Bytes [28, 67, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtMapViewOfSection + B 76EA5C4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtOpenFile + 6 76EA5CF6 4 Bytes [68, 64, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtOpenFile + B 76EA5CFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtOpenProcess + 6 76EA5DA6 4 Bytes [A8, 65, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtOpenProcess + B 76EA5DAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtOpenProcessToken + 6 76EA5DB6 4 Bytes CALL 75EA9C20 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtOpenProcessToken + B 76EA5DBB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtOpenProcessTokenEx + 6 76EA5DC6 4 Bytes [A8, 66, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtOpenProcessTokenEx + B 76EA5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtOpenThread + 6 76EA5E26 4 Bytes [68, 65, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtOpenThread + B 76EA5E2B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtOpenThreadToken + 6 76EA5E36 4 Bytes [68, 66, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtOpenThreadToken + B 76EA5E3B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtOpenThreadTokenEx + 6 76EA5E46 4 Bytes CALL 75EA9CB1 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtOpenThreadTokenEx + B 76EA5E4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtQueryAttributesFile + 6 76EA5F56 4 Bytes [A8, 64, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtQueryAttributesFile + B 76EA5F5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtQueryFullAttributesFile + 6 76EA6006 4 Bytes CALL 75EA9E6F C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtQueryFullAttributesFile + B 76EA600B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtSetInformationFile + 6 76EA6656 4 Bytes [28, 65, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtSetInformationFile + B 76EA665B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtSetInformationThread + 6 76EA66B6 4 Bytes [28, 66, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtSetInformationThread + B 76EA66BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtUnmapViewOfSection + 6 76EA69D6 4 Bytes [68, 67, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3668] ntdll.dll!NtUnmapViewOfSection + B 76EA69DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtCreateFile + 6 76EA55E6 4 Bytes [28, 80, 12, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtCreateFile + B 76EA55EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtMapViewOfSection + 6 76EA5C46 4 Bytes [28, 83, 12, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtMapViewOfSection + B 76EA5C4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtOpenFile + 6 76EA5CF6 4 Bytes [68, 80, 12, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtOpenFile + B 76EA5CFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtOpenProcess + 6 76EA5DA6 4 Bytes [A8, 81, 12, 01] {TEST AL, 0x81; ADC AL, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtOpenProcess + B 76EA5DAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtOpenProcessToken + 6 76EA5DB6 4 Bytes CALL 75EB703C C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtOpenProcessToken + B 76EA5DBB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtOpenProcessTokenEx + 6 76EA5DC6 4 Bytes [A8, 82, 12, 01] {TEST AL, 0x82; ADC AL, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtOpenProcessTokenEx + B 76EA5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtOpenThread + 6 76EA5E26 4 Bytes [68, 81, 12, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtOpenThread + B 76EA5E2B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtOpenThreadToken + 6 76EA5E36 4 Bytes [68, 82, 12, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtOpenThreadToken + B 76EA5E3B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtOpenThreadTokenEx + 6 76EA5E46 4 Bytes CALL 75EB70CD C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtOpenThreadTokenEx + B 76EA5E4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtQueryAttributesFile + 6 76EA5F56 4 Bytes [A8, 80, 12, 01] {TEST AL, 0x80; ADC AL, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtQueryAttributesFile + B 76EA5F5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtQueryFullAttributesFile + 6 76EA6006 4 Bytes CALL 75EB728B C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtQueryFullAttributesFile + B 76EA600B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtSetInformationFile + 6 76EA6656 4 Bytes [28, 81, 12, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtSetInformationFile + B 76EA665B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtSetInformationThread + 6 76EA66B6 4 Bytes [28, 82, 12, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtSetInformationThread + B 76EA66BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtUnmapViewOfSection + 6 76EA69D6 4 Bytes [68, 83, 12, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtUnmapViewOfSection + B 76EA69DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtCreateFile + 6 76EA55E6 4 Bytes [28, 60, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtCreateFile + B 76EA55EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtMapViewOfSection + 6 76EA5C46 4 Bytes [28, 63, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtMapViewOfSection + B 76EA5C4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtOpenFile + 6 76EA5CF6 4 Bytes [68, 60, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtOpenFile + B 76EA5CFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtOpenProcess + 6 76EA5DA6 4 Bytes [A8, 61, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtOpenProcess + B 76EA5DAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtOpenProcessToken + 6 76EA5DB6 4 Bytes CALL 75EB521C C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtOpenProcessToken + B 76EA5DBB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtOpenProcessTokenEx + 6 76EA5DC6 4 Bytes [A8, 62, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtOpenProcessTokenEx + B 76EA5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtOpenThread + 6 76EA5E26 4 Bytes [68, 61, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtOpenThread + B 76EA5E2B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtOpenThreadToken + 6 76EA5E36 4 Bytes [68, 62, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtOpenThreadToken + B 76EA5E3B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtOpenThreadTokenEx + 6 76EA5E46 4 Bytes CALL 75EB52AD C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtOpenThreadTokenEx + B 76EA5E4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtQueryAttributesFile + 6 76EA5F56 4 Bytes [A8, 60, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtQueryAttributesFile + B 76EA5F5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtQueryFullAttributesFile + 6 76EA6006 4 Bytes CALL 75EB546B C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtQueryFullAttributesFile + B 76EA600B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtSetInformationFile + 6 76EA6656 4 Bytes [28, 61, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtSetInformationFile + B 76EA665B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtSetInformationThread + 6 76EA66B6 4 Bytes [28, 62, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtSetInformationThread + B 76EA66BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtUnmapViewOfSection + 6 76EA69D6 4 Bytes [68, 63, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtUnmapViewOfSection + B 76EA69DB 1 Byte [E2] ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs 7371726A.sys Device \FileSystem\45872007F0034C6A \Device\45872007F0034C6A 7371726A.sys AttachedDevice \Driver\tdx \Device\Tcp 7371726A.sys AttachedDevice \Driver\tdx \Device\Udp 7371726A.sys AttachedDevice \Driver\tdx \Device\RawIp 7371726A.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ????????Po??czenie lokalne 3????? ???????????????????i?1????????????????????FSFilter Anti-Virus?ja??????????? ?????????????????????1????????????????????? ???????????????????i?1?????????????????????????????A???????e???i??????????????????? ?????????????????????1?????????????????????????????????????????i??????????? ???????????????????i?1????????????????????????????s????????????F?????t25??@oem38.inf,%samsung%;SAMSUNG Electronics Co., Ltd. ????????n???????n????????@hdaudio.inf,%hdaudiofunctiondriver.generic.devicedesc%;Urz?dzenie zgodne ze standardem High Definition Audio????{?{?{?z?v??? ????????????????????????$???6???????????????s?-R???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????,?1????t???X?h??????D???????????????????????????????????? ??????????n??{8ECC055D-047F-11D1-A537-0000F8753ED1}?z?z???z?x?v?z?w??? ???i???'???????E??C:\Users\Marcin\AppData\Local\Temp\2D5A Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Superfetch@VirtualStoreSize 1066 ---- Files - GMER 2.1 ---- ADS C:\Windows\notepad.exe:Zone.Identifier 714240 bytes executable ADS C:\Windows\System32\notepad.exe:Zone.Identifier 714240 bytes executable ---- EOF - GMER 2.1 ----