GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-02-04 10:26:59 Windows 5.1.2600 Dodatek Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD1600AVJB-63SZA0 rev.00.07H00 149,05GB Running: hd83p39h.exe; Driver: C:\DOCUME~1\Dom\USTAWI~1\Temp\kwtdapod.sys ---- System - GMER 2.2 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xF2FD467A] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0xF324BAE2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xF2FD5158] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xF301BD3C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xF2FE18F6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xF2FE1942] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xF2FE1ADC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xF301B6F0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xF2FE1864] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xF2FE1986] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xF2FE18AC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xF2FD568E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xF2FE1A96] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xF2FD5DC0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xF2FD46E0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xF301C402] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xF301C6B8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xF2FD9252] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xF301C26D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xF301C0D8] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0xF324BBBA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwGetContextThread [0xF2FD6652] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xF2FD42CC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xF324BF9C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xF2FD4746] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xF2FD9648] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xF2FD6BE4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xF2FE1920] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xF2FE1964] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xF2FE1B00] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xF301BA4C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xF2FE188A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xF2FD8B2A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xF2FE1A14] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xF2FE18D4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xF2FD8F20] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xF2FE1ABA] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xF324BD3A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xF301BF53] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xF2FD69FC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xF301BDA5] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xF2FD63EA] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xF3259F10] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwReplaceKey [0xF325A8DC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xF301AD33] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwResumeProcess [0xF2FD5F8A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwResumeThread [0xF2FD6196] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xF2FD47AC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xF2FD4812] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xF2FD677C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xF2FD4366] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xF2FD4538] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xF301C509] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xF2FD44C6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xF2FD6090] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xF2FD62C0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xF2FD45C0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xF2FD5BFE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xF2FD5DA0] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0xF3248D7A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xF2FD4878] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xF2FD51B4] ---- Kernel code sections - GMER 2.2 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 25FC 80501300 4 Bytes [EA, 63, FD, F2] .text ntkrnlpa.exe!ZwCallbackReturn + 265C 80501360 12 Bytes [33, AD, 01, F3, 8A, 5F, FD, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2678 8050137C 12 Bytes [AC, 47, FD, F2, 12, 48, FD, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2720 80501424 12 Bytes [90, 60, FD, F2, C0, 62, FD, ...] {NOP ; PUSHA ; STD ; SHL BYTE [EDX-0x3], 0xf2; ROL BYTE [EBP-0x3], 0xf2} .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5CCB3C0, 0x843B7A, 0xE8000020] ---- User code sections - GMER 2.2 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, D0, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, D3, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, D0, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, D1, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B91346C .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, D2, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, D1, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, D2, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B913500 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, D0, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B91368D .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, D1, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, D2, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, D3, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 2C1701F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 2C1703FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, AC, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, AF, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, AC, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, AD, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B912D48 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, AE, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, AD, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, AE, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B912DDC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, AC, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B912F69 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, AD, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, AE, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, AF, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 57DA01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 57DA03FC .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1592] kernel32.dll!SetUnhandledExceptionFilter 7C810386 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1940] kernel32.dll!SetUnhandledExceptionFilter 7C810386 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, B0, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, B3, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, B0, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, B1, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B91344C .text C:\Program Files\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, B2, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, B1, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, B2, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B9134E0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, B0, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B91366D .text C:\Program Files\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, B1, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, B2, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, B3, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 5D2901F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 5D2903FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [18, F0, C3, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 424B01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 424B03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] CRYPT32.dll!CryptVerifyCertificateSignatureEx 77A86FB4 5 Bytes JMP 02C45ADB C:\Program Files\Google\Chrome\Application\49.0.2623.112\chrome.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2796] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 49FD01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2796] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 49FD03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3068] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, DC, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3068] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3068] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, DF, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3068] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3068] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, DC, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3068] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3068] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, DD, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3068] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3068] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B91D278 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3068] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3068] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, DE, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3068] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3068] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, DD, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3068] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3068] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, DE, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3068] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3068] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B91D30C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3068] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3068] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, DC, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3068] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3068] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B91D499 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3068] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3068] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, DD, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3068] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3068] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, DE, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3068] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3068] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, DF, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3068] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3068] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 670801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3068] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 670803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 68, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 6B, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 68, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 69, 1C, 00] {TEST AL, 0x69; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90FA04 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 6A, 1C, 00] {TEST AL, 0x6a; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 69, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 6A, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90FA98 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 68, 1C, 00] {TEST AL, 0x68; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90FC25 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 69, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 6A, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 6B, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 136701F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 136703FC ---- Devices - GMER 2.2 ---- Device \Driver\Tcpip \Device\Ip aswStmXP.sys Device \Driver\Tcpip \Device\Tcp aswStmXP.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.sys Device \Driver\Tcpip \Device\Udp aswStmXP.sys Device \Driver\Tcpip \Device\RawIp aswStmXP.sys Device \Driver\Tcpip \Device\IPMULTICAST aswStmXP.sys AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys ---- Registry - GMER 2.2 ---- Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\4\Shell@WinPos1152x864(1).left 176 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\4\Shell@WinPos1152x864(1).top 176 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\4\Shell@WinPos1152x864(1).right 976 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\4\Shell@WinPos1152x864(1).bottom 776 ---- EOF - GMER 2.2 ----