GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-01-31 12:07:48 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3500320AS rev.SD1A 465,76GB Running: gmer.exe; Driver: C:\Users\Jacek\AppData\Local\Temp\ugloypow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x8D61F406] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0x8D39197C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAlpcSendWaitReceivePort [0x8D6220EE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x8D61FEE4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x8D62C498] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x8D62C4E4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x8D62C67E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x8D62C406] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0x8D62C528] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x8D62C44E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0x8D62041A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x8D62C638] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x8D620CD2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x8D61F46C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x8D623E24] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0x8D391A54] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x8D61F058] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x8D391E36] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x8D61F4D2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x8D62421A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x8D621816] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x8D62C4C2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x8D62C506] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x8D62C6A2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x8D62C42C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x8D62371C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x8D62C5B6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x8D62C476] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x8D623B08] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x8D62C65C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x8D391BD4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x8D62162E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0x8D621184] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwReplyWaitReceivePort [0x8D626344] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwReplyWaitReceivePortEx [0x8D6220C2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x8D61F538] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x8D61F59E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0x8D620B4C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x8D61F0F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x8D61F2C4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x8D61F252] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x8D620E9C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x8D620FFE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x8D61F34C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0x8D62098A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x8D620B2C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0x8D38EC14] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x8D61F604] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x8D61FF40] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x8D620636] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 10E 822C5791 3 Bytes [F4, 61, 8D] .text ntkrnlpa.exe!KeSetEvent + 131 822C57B4 4 Bytes [7C, 19, 39, 8D] .text ntkrnlpa.exe!KeSetEvent + 181 822C5804 4 Bytes [EE, 20, 62, 8D] {OUT DX, AL; AND [EDX-0x73], AH} .text ntkrnlpa.exe!KeSetEvent + 191 822C5814 4 Bytes [E4, FE, 61, 8D] .text ntkrnlpa.exe!KeSetEvent + 1D1 822C5854 8 Bytes [98, C4, 62, 8D, E4, C4, 62, ...] .text ... ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!LdrLoadDll 77479358 5 Bytes JMP 002C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!LdrUnloadDll 7748B630 5 Bytes JMP 002C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtCreateFile + 6 774B41C6 4 Bytes [28, 30, 27, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtCreateFile + B 774B41CB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtMapViewOfSection + 6 774B4916 4 Bytes [28, 33, 27, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtMapViewOfSection + B 774B491B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtOpenFile + 6 774B49A6 4 Bytes [68, 30, 27, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtOpenFile + B 774B49AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtOpenProcess + 6 774B4A26 4 Bytes [A8, 31, 27, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtOpenProcess + B 774B4A2B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtOpenProcessToken + B 774B4A3B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtOpenProcessTokenEx + 6 774B4A46 4 Bytes [A8, 32, 27, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtOpenProcessTokenEx + B 774B4A4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtOpenThread + 6 774B4A96 4 Bytes [68, 31, 27, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtOpenThread + B 774B4A9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtOpenThreadToken + 6 774B4AA6 4 Bytes [68, 32, 27, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtOpenThreadToken + B 774B4AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtOpenThreadTokenEx + B 774B4ABB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtQueryAttributesFile + 6 774B4B46 4 Bytes [A8, 30, 27, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtQueryAttributesFile + B 774B4B4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtQueryFullAttributesFile + B 774B4BFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtSetInformationFile + 6 774B50D6 4 Bytes [28, 31, 27, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtSetInformationFile + B 774B50DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtSetInformationThread + 6 774B5126 4 Bytes [28, 32, 27, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtSetInformationThread + B 774B512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtUnmapViewOfSection + 6 774B53C6 4 Bytes [68, 33, 27, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtUnmapViewOfSection + B 774B53CB 1 Byte [E2] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1680] kernel32.dll!SetUnhandledExceptionFilter 75B3A9BD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!LdrLoadDll 77479358 5 Bytes JMP 001601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!LdrUnloadDll 7748B630 5 Bytes JMP 001603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtMapViewOfSection + 6 774B4916 4 Bytes [18, 20, 58, 6E] {SBB [EAX], AH; POP EAX; OUTS DX, BYTE [ESI]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtMapViewOfSection + B 774B491B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2368] ntdll.dll!LdrLoadDll 77479358 5 Bytes JMP 001C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2368] ntdll.dll!LdrUnloadDll 7748B630 5 Bytes JMP 001C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2368] ntdll.dll!NtCreateFile + 6 774B41C6 4 Bytes [28, 60, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2368] ntdll.dll!NtCreateFile + B 774B41CB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2368] ntdll.dll!NtMapViewOfSection + 6 774B4916 4 Bytes [28, 63, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2368] ntdll.dll!NtMapViewOfSection + B 774B491B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2368] ntdll.dll!NtOpenFile + 6 774B49A6 4 Bytes [68, 60, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2368] ntdll.dll!NtOpenFile + B 774B49AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2368] ntdll.dll!NtOpenProcess + 6 774B4A26 4 Bytes [A8, 61, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2368] ntdll.dll!NtOpenProcess + B 774B4A2B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2368] ntdll.dll!NtOpenProcessToken + B 774B4A3B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2368] ntdll.dll!NtOpenProcessTokenEx + 6 774B4A46 4 Bytes [A8, 62, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2368] ntdll.dll!NtOpenProcessTokenEx + B 774B4A4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2368] ntdll.dll!NtOpenThread + 6 774B4A96 4 Bytes [68, 61, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2368] ntdll.dll!NtOpenThread + B 774B4A9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2368] ntdll.dll!NtOpenThreadToken + 6 774B4AA6 4 Bytes [68, 62, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2368] ntdll.dll!NtOpenThreadToken + B 774B4AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2368] ntdll.dll!NtOpenThreadTokenEx + B 774B4ABB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2368] ntdll.dll!NtQueryAttributesFile + 6 774B4B46 4 Bytes [A8, 60, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2368] ntdll.dll!NtQueryAttributesFile + B 774B4B4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2368] ntdll.dll!NtQueryFullAttributesFile + B 774B4BFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2368] ntdll.dll!NtSetInformationFile + 6 774B50D6 4 Bytes [28, 61, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2368] ntdll.dll!NtSetInformationFile + B 774B50DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2368] ntdll.dll!NtSetInformationThread + 6 774B5126 4 Bytes [28, 62, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2368] ntdll.dll!NtSetInformationThread + B 774B512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2368] ntdll.dll!NtUnmapViewOfSection + 6 774B53C6 4 Bytes [68, 63, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2368] ntdll.dll!NtUnmapViewOfSection + B 774B53CB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!LdrLoadDll 77479358 5 Bytes JMP 006701F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!LdrUnloadDll 7748B630 5 Bytes JMP 006703FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtCreateFile + 6 774B41C6 4 Bytes [28, 84, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtCreateFile + B 774B41CB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtMapViewOfSection + 6 774B4916 4 Bytes [28, 87, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtMapViewOfSection + B 774B491B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenFile + 6 774B49A6 4 Bytes [68, 84, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenFile + B 774B49AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenProcess + 6 774B4A26 4 Bytes [A8, 85, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenProcess + B 774B4A2B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenProcessToken + B 774B4A3B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenProcessTokenEx + 6 774B4A46 4 Bytes [A8, 86, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenProcessTokenEx + B 774B4A4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenThread + 6 774B4A96 4 Bytes [68, 85, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenThread + B 774B4A9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenThreadToken + 6 774B4AA6 4 Bytes [68, 86, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenThreadToken + B 774B4AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenThreadTokenEx + B 774B4ABB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtQueryAttributesFile + 6 774B4B46 4 Bytes [A8, 84, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtQueryAttributesFile + B 774B4B4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtQueryFullAttributesFile + B 774B4BFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtSetInformationFile + 6 774B50D6 4 Bytes [28, 85, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtSetInformationFile + B 774B50DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtSetInformationThread + 6 774B5126 4 Bytes [28, 86, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtSetInformationThread + B 774B512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtUnmapViewOfSection + 6 774B53C6 4 Bytes [68, 87, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtUnmapViewOfSection + B 774B53CB 1 Byte [E2] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3896] kernel32.dll!SetUnhandledExceptionFilter 75B3A9BD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!LdrLoadDll 77479358 5 Bytes JMP 00D001F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!LdrUnloadDll 7748B630 5 Bytes JMP 00D003FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtCreateFile + 6 774B41C6 4 Bytes [28, 0C, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtCreateFile + B 774B41CB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtMapViewOfSection + 6 774B4916 4 Bytes [28, 0F, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtMapViewOfSection + B 774B491B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtOpenFile + 6 774B49A6 4 Bytes [68, 0C, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtOpenFile + B 774B49AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtOpenProcess + 6 774B4A26 4 Bytes [A8, 0D, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtOpenProcess + B 774B4A2B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtOpenProcessToken + B 774B4A3B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtOpenProcessTokenEx + 6 774B4A46 4 Bytes [A8, 0E, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtOpenProcessTokenEx + B 774B4A4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtOpenThread + 6 774B4A96 4 Bytes [68, 0D, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtOpenThread + B 774B4A9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtOpenThreadToken + 6 774B4AA6 4 Bytes [68, 0E, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtOpenThreadToken + B 774B4AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtOpenThreadTokenEx + B 774B4ABB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtQueryAttributesFile + 6 774B4B46 4 Bytes [A8, 0C, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtQueryAttributesFile + B 774B4B4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtQueryFullAttributesFile + B 774B4BFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtSetInformationFile + 6 774B50D6 4 Bytes [28, 0D, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtSetInformationFile + B 774B50DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtSetInformationThread + 6 774B5126 4 Bytes [28, 0E, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtSetInformationThread + B 774B512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtUnmapViewOfSection + 6 774B53C6 4 Bytes [68, 0F, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtUnmapViewOfSection + B 774B53CB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!LdrLoadDll 77479358 5 Bytes JMP 00CD01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!LdrUnloadDll 7748B630 5 Bytes JMP 00CD03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtCreateFile + 6 774B41C6 4 Bytes [28, 18, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtCreateFile + B 774B41CB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtMapViewOfSection + 6 774B4916 4 Bytes [28, 1B, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtMapViewOfSection + B 774B491B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenFile + 6 774B49A6 4 Bytes [68, 18, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenFile + B 774B49AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenProcess + 6 774B4A26 4 Bytes [A8, 19, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenProcess + B 774B4A2B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenProcessToken + B 774B4A3B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenProcessTokenEx + 6 774B4A46 4 Bytes [A8, 1A, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenProcessTokenEx + B 774B4A4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenThread + 6 774B4A96 4 Bytes [68, 19, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenThread + B 774B4A9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenThreadToken + 6 774B4AA6 4 Bytes [68, 1A, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenThreadToken + B 774B4AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenThreadTokenEx + B 774B4ABB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtQueryAttributesFile + 6 774B4B46 4 Bytes [A8, 18, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtQueryAttributesFile + B 774B4B4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtQueryFullAttributesFile + B 774B4BFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtSetInformationFile + 6 774B50D6 4 Bytes [28, 19, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtSetInformationFile + B 774B50DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtSetInformationThread + 6 774B5126 4 Bytes [28, 1A, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtSetInformationThread + B 774B512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtUnmapViewOfSection + 6 774B53C6 4 Bytes [68, 1B, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtUnmapViewOfSection + B 774B53CB 1 Byte [E2] ---- Devices - GMER 2.1 ---- Device \Driver\tdx \Device\Tcp aswStmXP.sys AttachedDevice \Driver\tdx \Device\Tcp aswRdr.sys Device \Driver\tdx \Device\RawIp6 aswStmXP.sys Device \Driver\tdx \Device\Tcp6 aswStmXP.sys Device \Driver\tdx \Device\Tdx aswStmXP.sys Device \Driver\tdx \Device\Udp aswStmXP.sys Device \Driver\tdx \Device\RawIp aswStmXP.sys Device \Driver\tdx \Device\Udp6 aswStmXP.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- EOF - GMER 2.1 ----