GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-05-01 13:46:52 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS543225L9A300 rev.FBEOC4CC 232,89GB Running: m6kexhhp.exe; Driver: C:\DOCUME~1\WYCHOW~1\USTAWI~1\Temp\afniyaoc.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwAssignProcessToJobObject [0xB4BCC000] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwCreateThread [0xB4BCC1A0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwDebugActiveProcess [0xB4BCC300] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwDuplicateObject [0xB4BCC090] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwLoadDriver [0xB4BCC200] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwOpenProcess [0xB4BCBF50] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwOpenThread [0xB4BCBFB0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwProtectVirtualMemory [0xB4BCC060] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwQueueApcThread [0xB4BCC0C0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwReplaceKey [0xB4BCC3E0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwRestoreKey [0xB4BCC3C0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetContextThread [0xB4BCC040] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetInformationThread [0xB4BCC020] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSecurityObject [0xB4BCC0E0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSystemInformation [0xB4BCC1E0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSuspendProcess [0xB4BCBF80] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSuspendThread [0xB4BCBFC0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSystemDebugControl [0xB4BCC1C0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwTerminateProcess [0xB4BCBF60] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwTerminateThread [0xB4BCBFE0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwWriteVirtualMemory [0xB4BCC0A0] ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!ZwYieldExecution + 46A 804E4C14 12 Bytes [80, BF, BC, B4, C0, BF, BC, ...] .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB94F6380, 0x38BEBD, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[404] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 70, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[404] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[404] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 73, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[404] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[404] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 70, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[404] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[404] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 71, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[404] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[404] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91A18A .text C:\Program Files\Google\Chrome\Application\chrome.exe[404] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[404] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 72, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[404] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[404] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 71, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[404] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[404] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 72, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[404] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[404] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91A1FB .text C:\Program Files\Google\Chrome\Application\chrome.exe[404] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[404] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 70, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[404] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[404] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91A329 .text C:\Program Files\Google\Chrome\Application\chrome.exe[404] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[404] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 71, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[404] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[404] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 72, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[404] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[404] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 73, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[404] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[804] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, F0, 1C, 00] {SUB AL, DH; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, F3, 1C, 00] {SUB BL, DH; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, F0, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, F1, 1C, 00] {TEST AL, 0xf1; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90F30A .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, F2, 1C, 00] {TEST AL, 0xf2; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, F1, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, F2, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90F37B .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, F0, 1C, 00] {TEST AL, 0xf0; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90F4A9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, F1, 1C, 00] {SUB CL, DH; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, F2, 1C, 00] {SUB DL, DH; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, F3, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, A0, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, A3, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, A0, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, A1, 30, 00] {TEST AL, 0xa1; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9106BA .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, A2, 30, 00] {TEST AL, 0xa2; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, A1, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, A2, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91072B .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, A0, 30, 00] {TEST AL, 0xa0; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B910859 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, A1, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, A2, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, A3, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 24, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 27, 20, 00] {SUB [EDI], AH; AND [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 24, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 25, 20, 00] {TEST AL, 0x25; AND [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90F63E .text C:\Program Files\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 26, 20, 00] {TEST AL, 0x26; AND [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 25, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 26, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90F6AF .text C:\Program Files\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 24, 20, 00] {TEST AL, 0x24; AND [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90F7DD .text C:\Program Files\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 25, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 26, 20, 00] {SUB [ESI], AH; AND [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 27, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 50, D4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 53, D4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 50, D4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 51, D4, 00] {TEST AL, 0x51; AAM 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91AA6A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 52, D4, 00] {TEST AL, 0x52; AAM 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 51, D4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 52, D4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91AADB .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 50, D4, 00] {TEST AL, 0x50; AAM 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91AC09 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 51, D4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 52, D4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 53, D4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2588] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 98, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 9B, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 98, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 99, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9125B2 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 9A, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 99, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 9A, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912623 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 98, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912751 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 99, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 9A, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 9B, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [18, F0, C3, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 44, 16, 00] {SUB [ESI+EDX+0x0], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 47, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 44, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 45, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC5E .text C:\Program Files\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 46, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 45, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 46, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ECCF .text C:\Program Files\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 44, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDFD .text C:\Program Files\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 45, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 46, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 47, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] ---- Devices - GMER 2.1 ---- Device Ntfs.sys Device Fastfat.SYS AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys Device mrxsmb.sys AttachedDevice fltMgr.sys ---- EOF - GMER 2.1 ----