GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-08-08 17:36:10 Windows 5.1.2600 Dodatek Service Pack 3 Running: ee907o1x.exe; Driver: E:\DOCUME~1\A\USTAWI~1\Temp\awpirpoc.sys ---- Kernel code sections - GMER 2.1 ---- .text E:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF679A360, 0x305987, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text E:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, C4, 07, 01] .text E:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, C7, 07, 01] .text E:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, C4, 07, 01] .text E:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, C5, 07, 01] .text E:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91DDDE .text E:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, C6, 07, 01] .text E:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, C5, 07, 01] .text E:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, C6, 07, 01] .text E:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91DE4F .text E:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, C4, 07, 01] .text E:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91DF7D .text E:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, C5, 07, 01] .text E:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, C6, 07, 01] .text E:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, C7, 07, 01] .text E:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text E:\Program Files\CCleaner\CCleaner.exe[820] USER32.dll!SetScrollInfo 7E369056 5 Bytes JMP 0050A13B E:\Program Files\CCleaner\CCleaner.exe .text E:\Program Files\CCleaner\CCleaner.exe[820] USER32.dll!GetScrollInfo 7E37DFE2 5 Bytes JMP 0050A097 E:\Program Files\CCleaner\CCleaner.exe .text E:\Program Files\CCleaner\CCleaner.exe[820] USER32.dll!ShowScrollBar 7E37F2F2 5 Bytes JMP 0050A0CA E:\Program Files\CCleaner\CCleaner.exe .text E:\Program Files\CCleaner\CCleaner.exe[820] USER32.dll!GetScrollPos 7E37F704 5 Bytes JMP 0050A072 E:\Program Files\CCleaner\CCleaner.exe .text E:\Program Files\CCleaner\CCleaner.exe[820] USER32.dll!SetScrollPos 7E37F750 5 Bytes JMP 0050A015 E:\Program Files\CCleaner\CCleaner.exe .text E:\Program Files\CCleaner\CCleaner.exe[820] USER32.dll!GetScrollRange 7E37F787 5 Bytes JMP 0050A03A E:\Program Files\CCleaner\CCleaner.exe .text E:\Program Files\CCleaner\CCleaner.exe[820] USER32.dll!SetScrollRange 7E37F99B 5 Bytes JMP 0050A104 E:\Program Files\CCleaner\CCleaner.exe .text E:\Program Files\CCleaner\CCleaner.exe[820] USER32.dll!EnableScrollBar 7E3B8005 5 Bytes JMP 0050A16F E:\Program Files\CCleaner\CCleaner.exe .text E:\Program Files\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, BC, 23, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, BF, 23, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, BC, 23, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, BD, 23, 00] {TEST AL, 0xbd; AND EAX, [EAX]} .text E:\Program Files\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90F9D6 .text E:\Program Files\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, BE, 23, 00] {TEST AL, 0xbe; AND EAX, [EAX]} .text E:\Program Files\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, BD, 23, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, BE, 23, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90FA47 .text E:\Program Files\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, BC, 23, 00] {TEST AL, 0xbc; AND EAX, [EAX]} .text E:\Program Files\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90FB75 .text E:\Program Files\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, BD, 23, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, BE, 23, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, BF, 23, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[1724] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [18, 20, C4, 01] {SBB [EAX], AH; LES EAX, [ECX]} .text E:\Program Files\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[2816] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 50, 4E, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[2816] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[2816] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 53, 4E, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[2816] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[2816] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 50, 4E, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[2816] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[2816] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 51, 4E, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[2816] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[2816] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91246A .text E:\Program Files\Google\Chrome\Application\chrome.exe[2816] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[2816] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 52, 4E, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[2816] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[2816] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 51, 4E, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[2816] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[2816] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 52, 4E, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[2816] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[2816] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9124DB .text E:\Program Files\Google\Chrome\Application\chrome.exe[2816] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[2816] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 50, 4E, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[2816] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[2816] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912609 .text E:\Program Files\Google\Chrome\Application\chrome.exe[2816] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[2816] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 51, 4E, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[2816] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[2816] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 52, 4E, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[2816] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[2816] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 53, 4E, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[2816] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 58, 99, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 5B, 99, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 58, 99, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 59, 99, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B916F72 .text E:\Program Files\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 5A, 99, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 59, 99, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 5A, 99, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B916FE3 .text E:\Program Files\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 58, 99, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B917111 .text E:\Program Files\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 59, 99, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 5A, 99, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 5B, 99, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 48, F3, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 4B, F3, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 48, F3, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 49, F3, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91C962 .text E:\Program Files\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 4A, F3, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 49, F3, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 4A, F3, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91C9D3 .text E:\Program Files\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 48, F3, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91CB01 .text E:\Program Files\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 49, F3, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 4A, F3, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 4B, F3, 00] .text E:\Program Files\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Classes\CLSID\{59aa628e-5ed7-4396-b300-1f0b97dc8d82}@Model 325 Reg HKLM\SOFTWARE\Classes\CLSID\{59aa628e-5ed7-4396-b300-1f0b97dc8d82}@Therad 30 Reg HKLM\SOFTWARE\Classes\CLSID\{59aa628e-5ed7-4396-b300-1f0b97dc8d82}@MData 0x2B 0x8F 0x78 0x29 ... Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0x19 0x37 0x60 0x0E ... ---- Files - GMER 2.1 ---- File E:\ADSM_PData_0150 0 bytes File E:\ADSM_PData_0150\DB 0 bytes File E:\ADSM_PData_0150\DB\SI.db 624 bytes File E:\ADSM_PData_0150\DB\UL.db 16 bytes File E:\ADSM_PData_0150\DB\VL.db 16 bytes File E:\ADSM_PData_0150\DB\_avt 512 bytes File E:\ADSM_PData_0150\DragWait.exe 253952 bytes executable File E:\ADSM_PData_0150\_avt 512 bytes File E:\Program Files\ASUS\ASUS Data Security Manager\driver\x86 0 bytes File E:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys 29752 bytes executable File E:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt 512 bytes ---- EOF - GMER 2.1 ----