GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-06-25 06:29:29 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 Running: u26f9fr5.exe; Driver: C:\Users\Laptok\AppData\Local\Temp\awrdapob.sys ---- System - GMER 1.0.15 ---- Code 91248BFC ZwTraceEvent Code 91248BFB NtTraceEvent ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!NtTraceEvent 82E78E24 5 Bytes JMP 91248C00 .text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E895C9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EAE052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 2 830BB0A5 5 Bytes JMP 91248DE0 PAGE ntkrnlpa.exe!NtRequestWaitReplyPort + 2 830BCACD 5 Bytes JMP 91248D40 PAGE ntkrnlpa.exe!NtRequestPort + 2 830D0D33 5 Bytes JMP 91248CA0 .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91A20000, 0x3DBAA0, 0xE8000020] PAGE spsys.sys!?SPRevision@@3PADA + 4F90 9ACFE000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50B3 9ACFE123 629 Bytes [95, CF, 9A, FE, 05, 34, 95, ...] PAGE spsys.sys!?SPRevision@@3PADA + 5329 9ACFE399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...] PAGE spsys.sys!?SPRevision@@3PADA + 538F 9ACFE3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...] PAGE spsys.sys!?SPRevision@@3PADA + 543B 9ACFE4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...] PAGE ... ---- User code sections - GMER 1.0.15 ---- .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtCreateFile + 6 779E4A16 4 Bytes [28, 00, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtCreateFile + B 779E4A1B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtMapViewOfSection + 6 779E5076 1 Byte [28] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtMapViewOfSection + 6 779E5076 4 Bytes [28, 03, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtMapViewOfSection + B 779E507B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenFile + 6 779E5126 4 Bytes [68, 00, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenFile + B 779E512B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenProcess + 6 779E51D6 4 Bytes [A8, 01, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenProcess + B 779E51DB 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenProcessToken + B 779E51EB 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenProcessTokenEx + 6 779E51F6 4 Bytes [A8, 02, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenProcessTokenEx + B 779E51FB 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenThread + 6 779E5256 4 Bytes [68, 01, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenThread + B 779E525B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenThreadToken + 6 779E5266 4 Bytes [68, 02, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenThreadToken + B 779E526B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenThreadTokenEx + B 779E527B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtQueryAttributesFile + 6 779E5386 4 Bytes [A8, 00, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtQueryAttributesFile + B 779E538B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtQueryFullAttributesFile + B 779E543B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtSetInformationFile + 6 779E5A86 4 Bytes [28, 01, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtSetInformationFile + B 779E5A8B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtSetInformationThread + 6 779E5AE6 4 Bytes [28, 02, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtSetInformationThread + B 779E5AEB 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtUnmapViewOfSection + 6 779E5E06 1 Byte [68] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtUnmapViewOfSection + 6 779E5E06 4 Bytes [68, 03, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtUnmapViewOfSection + B 779E5E0B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtCreateFile + 6 779E4A16 4 Bytes [28, 00, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtCreateFile + B 779E4A1B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtMapViewOfSection + 6 779E5076 1 Byte [28] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtMapViewOfSection + 6 779E5076 4 Bytes [28, 03, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtMapViewOfSection + B 779E507B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtOpenFile + 6 779E5126 4 Bytes [68, 00, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtOpenFile + B 779E512B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtOpenProcess + 6 779E51D6 4 Bytes [A8, 01, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtOpenProcess + B 779E51DB 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtOpenProcessToken + B 779E51EB 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtOpenProcessTokenEx + 6 779E51F6 4 Bytes [A8, 02, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtOpenProcessTokenEx + B 779E51FB 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtOpenThread + 6 779E5256 4 Bytes [68, 01, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtOpenThread + B 779E525B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtOpenThreadToken + 6 779E5266 4 Bytes [68, 02, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtOpenThreadToken + B 779E526B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtOpenThreadTokenEx + B 779E527B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtQueryAttributesFile + 6 779E5386 4 Bytes [A8, 00, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtQueryAttributesFile + B 779E538B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtQueryFullAttributesFile + B 779E543B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtSetInformationFile + 6 779E5A86 4 Bytes [28, 01, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtSetInformationFile + B 779E5A8B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtSetInformationThread + 6 779E5AE6 4 Bytes [28, 02, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtSetInformationThread + B 779E5AEB 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtUnmapViewOfSection + 6 779E5E06 1 Byte [68] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtUnmapViewOfSection + 6 779E5E06 4 Bytes [68, 03, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!NtUnmapViewOfSection + B 779E5E0B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtCreateFile + 6 779E4A16 4 Bytes [28, 00, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtCreateFile + B 779E4A1B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtMapViewOfSection + 6 779E5076 1 Byte [28] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtMapViewOfSection + 6 779E5076 4 Bytes [28, 03, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtMapViewOfSection + B 779E507B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenFile + 6 779E5126 4 Bytes [68, 00, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenFile + B 779E512B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenProcess + 6 779E51D6 4 Bytes [A8, 01, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenProcess + B 779E51DB 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenProcessToken + B 779E51EB 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenProcessTokenEx + 6 779E51F6 4 Bytes [A8, 02, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenProcessTokenEx + B 779E51FB 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenThread + 6 779E5256 4 Bytes [68, 01, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenThread + B 779E525B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenThreadToken + 6 779E5266 4 Bytes [68, 02, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenThreadToken + B 779E526B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenThreadTokenEx + B 779E527B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtQueryAttributesFile + 6 779E5386 4 Bytes [A8, 00, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtQueryAttributesFile + B 779E538B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtQueryFullAttributesFile + B 779E543B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtSetInformationFile + 6 779E5A86 4 Bytes [28, 01, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtSetInformationFile + B 779E5A8B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtSetInformationThread + 6 779E5AE6 4 Bytes [28, 02, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtSetInformationThread + B 779E5AEB 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtUnmapViewOfSection + 6 779E5E06 1 Byte [68] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtUnmapViewOfSection + 6 779E5E06 4 Bytes [68, 03, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtUnmapViewOfSection + B 779E5E0B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtCreateFile + 6 779E4A16 4 Bytes [28, 00, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtCreateFile + B 779E4A1B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtMapViewOfSection + 6 779E5076 1 Byte [28] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtMapViewOfSection + 6 779E5076 4 Bytes [28, 03, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtMapViewOfSection + B 779E507B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenFile + 6 779E5126 4 Bytes [68, 00, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenFile + B 779E512B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenProcess + 6 779E51D6 4 Bytes [A8, 01, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenProcess + B 779E51DB 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenProcessToken + B 779E51EB 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenProcessTokenEx + 6 779E51F6 4 Bytes [A8, 02, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenProcessTokenEx + B 779E51FB 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenThread + 6 779E5256 4 Bytes [68, 01, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenThread + B 779E525B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenThreadToken + 6 779E5266 4 Bytes [68, 02, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenThreadToken + B 779E526B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenThreadTokenEx + B 779E527B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtQueryAttributesFile + 6 779E5386 4 Bytes [A8, 00, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtQueryAttributesFile + B 779E538B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtQueryFullAttributesFile + B 779E543B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtSetInformationFile + 6 779E5A86 4 Bytes [28, 01, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtSetInformationFile + B 779E5A8B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtSetInformationThread + 6 779E5AE6 4 Bytes [28, 02, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtSetInformationThread + B 779E5AEB 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtUnmapViewOfSection + 6 779E5E06 1 Byte [68] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtUnmapViewOfSection + 6 779E5E06 4 Bytes [68, 03, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtUnmapViewOfSection + B 779E5E0B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtCreateFile + 6 779E4A16 4 Bytes [28, 00, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtCreateFile + B 779E4A1B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtMapViewOfSection + 6 779E5076 1 Byte [28] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtMapViewOfSection + 6 779E5076 4 Bytes [28, 03, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtMapViewOfSection + B 779E507B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenFile + 6 779E5126 4 Bytes [68, 00, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenFile + B 779E512B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenProcess + 6 779E51D6 4 Bytes [A8, 01, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenProcess + B 779E51DB 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenProcessToken + B 779E51EB 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenProcessTokenEx + 6 779E51F6 4 Bytes [A8, 02, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenProcessTokenEx + B 779E51FB 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenThread + 6 779E5256 4 Bytes [68, 01, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenThread + B 779E525B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenThreadToken + 6 779E5266 4 Bytes [68, 02, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenThreadToken + B 779E526B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenThreadTokenEx + B 779E527B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtQueryAttributesFile + 6 779E5386 4 Bytes [A8, 00, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtQueryAttributesFile + B 779E538B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtQueryFullAttributesFile + B 779E543B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtSetInformationFile + 6 779E5A86 4 Bytes [28, 01, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtSetInformationFile + B 779E5A8B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtSetInformationThread + 6 779E5AE6 4 Bytes [28, 02, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtSetInformationThread + B 779E5AEB 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtUnmapViewOfSection + 6 779E5E06 1 Byte [68] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtUnmapViewOfSection + 6 779E5E06 4 Bytes [68, 03, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtUnmapViewOfSection + B 779E5E0B 1 Byte [E2] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\rundll32.exe[3488] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75525E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[3488] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75525E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[3488] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75525E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[3488] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75525E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[3488] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75525E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[3488] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75525E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000050 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDC 0xAE 0x31 0xD2 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 E:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2A 0xA9 0x4E 0x45 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x14 0x7E 0x5F 0xAC ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6F 0x12 0xB0 0x69 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDC 0xAE 0x31 0xD2 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 E:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2A 0xA9 0x4E 0x45 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x14 0x7E 0x5F 0xAC ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6F 0x12 0xB0 0x69 ... ---- EOF - GMER 1.0.15 ----