GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-05-06 19:12:18 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD2500AAJS-07M0A0 rev.01.03E01 232,89GB Running: gmer.exe; Driver: C:\DOCUME~1\Magda\USTAWI~1\Temp\fxtdypow.sys ---- System - GMER 2.1 ---- SSDT spsx.sys ZwCreateKey [0xB96B50E0] SSDT spsx.sys ZwEnumerateKey [0xB96CDDA4] SSDT spsx.sys ZwEnumerateValueKey [0xB96CE132] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0xB9C896E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0xB9C89800] SSDT spsx.sys ZwOpenKey [0xB96B50C0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0xB9C89010] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0xB9C894D0] SSDT spsx.sys ZwQueryKey [0xB96CE20A] SSDT spsx.sys ZwQueryValueKey [0xB96CE08A] SSDT spsx.sys ZwSetValueKey [0xB96CE29C] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0xB9C89300] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0xB9C893E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0xB9C89120] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0xB9C89210] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0xB9C895E0] INT 0x62 ? 89D74BF8 INT 0x82 ? 89D74BF8 INT 0x83 ? 89D73BF8 INT 0x83 ? 89D73BF8 INT 0x84 ? 89D73BF8 INT 0x94 ? 89D73BF8 INT 0xA4 ? 89D73BF8 ---- Kernel code sections - GMER 2.1 ---- ? spsx.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, A4, D3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, A7, D3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, A4, D3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, A5, D3, 00] {TEST AL, 0xa5; ROL [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91A9BE .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, A6, D3, 00] {TEST AL, 0xa6; ROL [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, A5, D3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, A6, D3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91AA2F .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, A4, D3, 00] {TEST AL, 0xa4; ROL [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91AB5D .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, A5, D3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, A6, D3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, A7, D3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[268] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[784] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D5545 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[784] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9B99 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[784] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D1CD C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[784] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADC24 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[784] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 406146FC C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[784] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A7997 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[784] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A78C9 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[784] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A7934 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[784] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A779A C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[784] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A77FC C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[784] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A79FA C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[784] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A785E C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[784] ole32.dll!CoCreateInstance 774EF1D4 5 Bytes JMP 406ADC80 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[784] ole32.dll!OleLoadFromStream 7751988B 5 Bytes JMP 407A7CFF C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [18, 20, C4, 01] {SBB [EAX], AH; LES EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3064] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D5545 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3064] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9B99 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3064] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D1CD C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3064] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADC24 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3064] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 406146FC C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3064] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A7997 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3064] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A78C9 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3064] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A7934 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3064] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A779A C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3064] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A77FC C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3064] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A79FA C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3064] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A785E C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3064] ole32.dll!CoCreateInstance 774EF1D4 5 Bytes JMP 406ADC80 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3064] ole32.dll!OleLoadFromStream 7751988B 5 Bytes JMP 407A7CFF C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4648] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D5545 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4648] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADC24 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4648] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A7997 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4648] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A78C9 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4648] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A7934 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4648] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A779A C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4648] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A77FC C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4648] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A79FA C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4648] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A785E C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5292] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, EC, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5292] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5292] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, EF, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5292] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5292] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, EC, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5292] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5292] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, ED, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5292] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5292] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B919306 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5292] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5292] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, EE, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5292] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5292] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, ED, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5292] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5292] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, EE, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5292] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5292] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B919377 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5292] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5292] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, EC, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5292] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5292] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9194A5 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5292] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5292] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, ED, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5292] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5292] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, EE, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5292] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5292] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, EF, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5292] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6076] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, C4, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6076] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6076] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, C7, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6076] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6076] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, C4, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6076] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6076] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, C5, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6076] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6076] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9172DE .text C:\Program Files\Google\Chrome\Application\chrome.exe[6076] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6076] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, C6, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6076] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6076] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, C5, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6076] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6076] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, C6, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6076] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6076] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91734F .text C:\Program Files\Google\Chrome\Application\chrome.exe[6076] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6076] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, C4, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6076] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6076] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91747D .text C:\Program Files\Google\Chrome\Application\chrome.exe[6076] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6076] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, C5, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6076] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6076] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, C6, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6076] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6076] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, C7, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6076] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 10, E0, 00] {SUB [EAX], DL; LOOPNZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 13, E0, 00] {SUB [EBX], DL; LOOPNZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 10, E0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 11, E0, 00] {TEST AL, 0x11; LOOPNZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91B62A .text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 12, E0, 00] {TEST AL, 0x12; LOOPNZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 11, E0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 12, E0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91B69B .text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 10, E0, 00] {TEST AL, 0x10; LOOPNZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91B7C9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 11, E0, 00] {SUB [ECX], DL; LOOPNZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 12, E0, 00] {SUB [EDX], DL; LOOPNZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 13, E0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 64, D6, 00] {SUB [ESI+EDX*8+0x0], AH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 67, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 64, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 65, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91AC7E .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 66, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 65, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 66, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91ACEF .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 64, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91AE1D .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 65, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 66, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 67, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 89D701F8 AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys Device \Driver\usbuhci \Device\USBPDO-0 89AAA1F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 89D041F8 Device \Driver\dmio \Device\DmControl\DmConfig 89D041F8 Device \Driver\dmio \Device\DmControl\DmPnP 89D041F8 Device \Driver\dmio \Device\DmControl\DmInfo 89D041F8 Device \Driver\usbuhci \Device\USBPDO-1 89AAA1F8 Device \Driver\usbuhci \Device\USBPDO-2 89AAA1F8 Device \Driver\usbuhci \Device\USBPDO-3 89AAA1F8 Device \Driver\usbehci \Device\USBPDO-4 89A981F8 AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys Device \Driver\USBSTOR \Device\00000070 89552500 Device \Driver\Ftdisk \Device\HarddiskVolume1 89D751F8 Device \Driver\USBSTOR \Device\00000072 89552500 Device \Driver\Ftdisk \Device\HarddiskVolume2 89D751F8 Device \Driver\Cdrom \Device\CdRom0 89A761F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{FCAE4735-3709-4113-AC98-BEC641D9D5DC} 89AF21F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9608B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 [B9608B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B9608B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B9608B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBt_Wins_Export 89AF21F8 Device \Driver\NetBT \Device\NetbiosSmb 89AF21F8 AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{0A0FAC45-8E25-4A5C-91FD-5E37071E844B} 89AF21F8 Device \Driver\usbuhci \Device\USBFDO-0 89AAA1F8 Device \Driver\usbuhci \Device\USBFDO-1 89AAA1F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89A7A1F8 Device \Driver\usbuhci \Device\USBFDO-2 89AAA1F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 89A7A1F8 Device \Driver\usbuhci \Device\USBFDO-3 89AAA1F8 Device \Driver\usbehci \Device\USBFDO-4 89A981F8 Device \Driver\Ftdisk \Device\FtControl 89D751F8 Device \FileSystem\Cdfs \Cdfs 895C1500 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spsx.sys >>UNKNOWN [0x89d24938]<< 89d24938 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89cd3ab8] 89cd3ab8 Trace 3 CLASSPNP.SYS[b98f8fd7] -> nt!IofCallDriver -> \Device\00000066[0x89cc2f18] 89cc2f18 Trace 5 ACPI.sys[b9673620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89cd6940] 89cd6940 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD0 0x91 0x8B 0x92 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x97 0x69 0x69 0x22 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFF 0x28 0x54 0x8D ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD0 0x91 0x8B 0x92 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x97 0x69 0x69 0x22 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFF 0x28 0x54 0x8D ... ---- EOF - GMER 2.1 ----