GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-17 13:47:47 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GJ00 298,09GB Running: ubmfdb1t.exe; Driver: C:\Users\samsung\AppData\Local\Temp\pgeiqkob.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x91D69AC4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0x91E250BA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x91D6A5A2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x91D7663C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x91D76688] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x91D76822] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x91D765AA] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x91E25494] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x91D765F2] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x91E25724] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x91E2580E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x91D767DC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x91D6B390] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x91D69B2A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x91D6EB86] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x91D69716] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x91E25574] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x91D69B90] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x91D6EF7C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x91D6BE78] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x91D76666] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x91D766AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x91D76846] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x91D765D0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x91D6E47E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x91D7675A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x91D7661A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x91D6E86A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x91D76800] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x91E25312] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x91D6BCEC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x91D6B9FA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x91D69BF6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x91D69C5C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x91E25670] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x91D697B0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x91D69982] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x91D69910] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x91D6B55A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x91D6B6BC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x91D69A0A] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x91E253E0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x91D6B1EA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x91D69CC2] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x91E25244] ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!ZwRollbackEnlistment + 1409 830869A5 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 830A6512 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 1393 830AD988 4 Bytes [C4, 9A, D6, 91] .text ntoskrnl.exe!KeRemoveQueueEx + 13BB 830AD9B0 4 Bytes [BA, 50, E2, 91] .text ntoskrnl.exe!KeRemoveQueueEx + 141B 830ADA10 4 Bytes [A2, A5, D6, 91] .text ntoskrnl.exe!KeRemoveQueueEx + 146F 830ADA64 8 Bytes [3C, 66, D7, 91, 88, 66, D7, ...] {CMP AL, 0x66; XLAT BYTE [EBX+AL]; XCHG ECX, EAX; MOV [ESI-0x29], AH; XCHG ECX, EAX} .text ntoskrnl.exe!KeRemoveQueueEx + 147B 830ADA70 4 Bytes [22, 68, D7, 91] {AND CH, [EAX-0x29]; XCHG ECX, EAX} .text ... PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 108 832611B1 4 Bytes CALL 91D6C55F \SystemRoot\system32\drivers\aswSnx.sys PAGE ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 122 8329DEED 4 Bytes CALL 91D6C575 \SystemRoot\system32\drivers\aswSnx.sys .sptd1 C:\windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x8BAEC774] ? \Program Files\Alcohol Soft\Alcohol 120\Alcoholx.dll Nie można odnaleźć określonego pliku. ! ? \Program Files\DAEMON Tools Lite\Engine.dll System nie może odnaleźć określonej ścieżki. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtCreateFile + 6 7703560E 4 Bytes [28, 78, 6D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtCreateFile + B 77035613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtMapViewOfSection + 6 77035C6E 4 Bytes [28, 7B, 6D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtMapViewOfSection + B 77035C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenFile + 6 77035D1E 4 Bytes [68, 78, 6D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenFile + B 77035D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenProcess + 6 77035DCE 4 Bytes [A8, 79, 6D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenProcess + B 77035DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenProcessToken + B 77035DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenProcessTokenEx + 6 77035DEE 4 Bytes [A8, 7A, 6D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenProcessTokenEx + B 77035DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenThread + 6 77035E4E 4 Bytes [68, 79, 6D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenThread + B 77035E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenThreadToken + 6 77035E5E 4 Bytes [68, 7A, 6D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenThreadToken + B 77035E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenThreadTokenEx + B 77035E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtQueryAttributesFile + 6 77035F7E 4 Bytes [A8, 78, 6D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtQueryAttributesFile + B 77035F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtQueryFullAttributesFile + B 77036033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtSetInformationFile + 6 7703667E 4 Bytes [28, 79, 6D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtSetInformationFile + B 77036683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtSetInformationThread + 6 770366DE 4 Bytes [28, 7A, 6D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtSetInformationThread + B 770366E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtUnmapViewOfSection + 6 770369FE 4 Bytes [68, 7B, 6D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtUnmapViewOfSection + B 77036A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!LdrUnloadDll 7704C8DE 5 Bytes JMP 007303FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!LdrLoadDll 770522AE 5 Bytes JMP 007301F8 .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1376] kernel32.dll!SetUnhandledExceptionFilter 7550F4FB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtCreateFile + 6 7703560E 4 Bytes [28, 40, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtCreateFile + B 77035613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtMapViewOfSection + 6 77035C6E 4 Bytes [28, 43, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtMapViewOfSection + B 77035C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenFile + 6 77035D1E 4 Bytes [68, 40, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenFile + B 77035D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcess + 6 77035DCE 4 Bytes [A8, 41, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcess + B 77035DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcessToken + B 77035DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcessTokenEx + 6 77035DEE 4 Bytes [A8, 42, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcessTokenEx + B 77035DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThread + 6 77035E4E 4 Bytes [68, 41, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThread + B 77035E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThreadToken + 6 77035E5E 4 Bytes [68, 42, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThreadToken + B 77035E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThreadTokenEx + B 77035E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtQueryAttributesFile + 6 77035F7E 4 Bytes [A8, 40, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtQueryAttributesFile + B 77035F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtQueryFullAttributesFile + B 77036033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtSetInformationFile + 6 7703667E 4 Bytes [28, 41, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtSetInformationFile + B 77036683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtSetInformationThread + 6 770366DE 4 Bytes [28, 42, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtSetInformationThread + B 770366E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtUnmapViewOfSection + 6 770369FE 4 Bytes [68, 43, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtUnmapViewOfSection + B 77036A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!LdrUnloadDll 7704C8DE 5 Bytes JMP 00F503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!LdrLoadDll 770522AE 5 Bytes JMP 00F501F8 .text C:\Program Files\AVAST Software\Avast\avastui.exe[3920] kernel32.dll!SetUnhandledExceptionFilter 7550F4FB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtCreateFile + 6 7703560E 4 Bytes [28, 34, 1B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtCreateFile + B 77035613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtMapViewOfSection + 6 77035C6E 4 Bytes [28, 37, 1B, 00] {SUB [EDI], DH; SBB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtMapViewOfSection + B 77035C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenFile + 6 77035D1E 4 Bytes [68, 34, 1B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenFile + B 77035D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenProcess + 6 77035DCE 4 Bytes [A8, 35, 1B, 00] {TEST AL, 0x35; SBB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenProcess + B 77035DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenProcessToken + B 77035DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenProcessTokenEx + 6 77035DEE 4 Bytes [A8, 36, 1B, 00] {TEST AL, 0x36; SBB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenProcessTokenEx + B 77035DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenThread + 6 77035E4E 4 Bytes [68, 35, 1B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenThread + B 77035E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenThreadToken + 6 77035E5E 4 Bytes [68, 36, 1B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenThreadToken + B 77035E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenThreadTokenEx + B 77035E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtQueryAttributesFile + 6 77035F7E 4 Bytes [A8, 34, 1B, 00] {TEST AL, 0x34; SBB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtQueryAttributesFile + B 77035F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtQueryFullAttributesFile + B 77036033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtSetInformationFile + 6 7703667E 4 Bytes [28, 35, 1B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtSetInformationFile + B 77036683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtSetInformationThread + 6 770366DE 4 Bytes [28, 36, 1B, 00] {SUB [ESI], DH; SBB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtSetInformationThread + B 770366E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtUnmapViewOfSection + 6 770369FE 4 Bytes [68, 37, 1B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtUnmapViewOfSection + B 77036A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!LdrUnloadDll 7704C8DE 5 Bytes JMP 003803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!LdrLoadDll 770522AE 5 Bytes JMP 003801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtCreateFile + 6 7703560E 4 Bytes [28, 34, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtCreateFile + B 77035613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtMapViewOfSection + 6 77035C6E 4 Bytes [28, 37, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtMapViewOfSection + B 77035C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenFile + 6 77035D1E 4 Bytes [68, 34, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenFile + B 77035D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenProcess + 6 77035DCE 4 Bytes [A8, 35, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenProcess + B 77035DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenProcessToken + B 77035DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenProcessTokenEx + 6 77035DEE 4 Bytes [A8, 36, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenProcessTokenEx + B 77035DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenThread + 6 77035E4E 4 Bytes [68, 35, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenThread + B 77035E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenThreadToken + 6 77035E5E 4 Bytes [68, 36, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenThreadToken + B 77035E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenThreadTokenEx + B 77035E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtQueryAttributesFile + 6 77035F7E 4 Bytes [A8, 34, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtQueryAttributesFile + B 77035F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtQueryFullAttributesFile + B 77036033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtSetInformationFile + 6 7703667E 4 Bytes [28, 35, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtSetInformationFile + B 77036683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtSetInformationThread + 6 770366DE 4 Bytes [28, 36, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtSetInformationThread + B 770366E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtUnmapViewOfSection + 6 770369FE 4 Bytes [68, 37, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtUnmapViewOfSection + B 77036A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!LdrUnloadDll 7704C8DE 5 Bytes JMP 00BE03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!LdrLoadDll 770522AE 5 Bytes JMP 00BE01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtCreateFile + 6 7703560E 4 Bytes [28, 0C, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtCreateFile + B 77035613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtMapViewOfSection + 6 77035C6E 4 Bytes [28, 0F, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtMapViewOfSection + B 77035C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenFile + 6 77035D1E 4 Bytes [68, 0C, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenFile + B 77035D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenProcess + 6 77035DCE 4 Bytes [A8, 0D, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenProcess + B 77035DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenProcessToken + B 77035DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenProcessTokenEx + 6 77035DEE 4 Bytes [A8, 0E, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenProcessTokenEx + B 77035DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenThread + 6 77035E4E 4 Bytes [68, 0D, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenThread + B 77035E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenThreadToken + 6 77035E5E 4 Bytes [68, 0E, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenThreadToken + B 77035E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenThreadTokenEx + B 77035E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtQueryAttributesFile + 6 77035F7E 4 Bytes [A8, 0C, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtQueryAttributesFile + B 77035F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtQueryFullAttributesFile + B 77036033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtSetInformationFile + 6 7703667E 4 Bytes [28, 0D, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtSetInformationFile + B 77036683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtSetInformationThread + 6 770366DE 4 Bytes [28, 0E, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtSetInformationThread + B 770366E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtUnmapViewOfSection + 6 770369FE 4 Bytes [68, 0F, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtUnmapViewOfSection + B 77036A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!LdrUnloadDll 7704C8DE 5 Bytes JMP 00FB03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!LdrLoadDll 770522AE 5 Bytes JMP 00FB01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtCreateFile + 6 7703560E 4 Bytes [28, C8, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtCreateFile + B 77035613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtMapViewOfSection + 6 77035C6E 4 Bytes [28, CB, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtMapViewOfSection + B 77035C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenFile + 6 77035D1E 4 Bytes [68, C8, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenFile + B 77035D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenProcess + 6 77035DCE 4 Bytes [A8, C9, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenProcess + B 77035DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenProcessToken + B 77035DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenProcessTokenEx + 6 77035DEE 4 Bytes [A8, CA, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenProcessTokenEx + B 77035DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenThread + 6 77035E4E 4 Bytes [68, C9, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenThread + B 77035E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenThreadToken + 6 77035E5E 4 Bytes [68, CA, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenThreadToken + B 77035E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenThreadTokenEx + B 77035E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtQueryAttributesFile + 6 77035F7E 4 Bytes [A8, C8, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtQueryAttributesFile + B 77035F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtQueryFullAttributesFile + B 77036033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtSetInformationFile + 6 7703667E 4 Bytes [28, C9, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtSetInformationFile + B 77036683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtSetInformationThread + 6 770366DE 4 Bytes [28, CA, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtSetInformationThread + B 770366E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtUnmapViewOfSection + 6 770369FE 4 Bytes [68, CB, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtUnmapViewOfSection + B 77036A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!LdrUnloadDll 7704C8DE 5 Bytes JMP 005103FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!LdrLoadDll 770522AE 5 Bytes JMP 005101F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5428] ntdll.dll!NtMapViewOfSection + 6 77035C6E 4 Bytes [18, 20, 3B, 5F] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5428] ntdll.dll!NtMapViewOfSection + B 77035C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5428] ntdll.dll!LdrUnloadDll 7704C8DE 5 Bytes JMP 000E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5428] ntdll.dll!LdrLoadDll 770522AE 5 Bytes JMP 000E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtCreateFile + 6 7703560E 4 Bytes [28, F4, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtCreateFile + B 77035613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtMapViewOfSection + 6 77035C6E 4 Bytes [28, F7, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtMapViewOfSection + B 77035C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenFile + 6 77035D1E 4 Bytes [68, F4, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenFile + B 77035D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenProcess + 6 77035DCE 4 Bytes [A8, F5, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenProcess + B 77035DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenProcessToken + B 77035DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenProcessTokenEx + 6 77035DEE 4 Bytes [A8, F6, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenProcessTokenEx + B 77035DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenThread + 6 77035E4E 4 Bytes [68, F5, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenThread + B 77035E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenThreadToken + 6 77035E5E 4 Bytes [68, F6, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenThreadToken + B 77035E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenThreadTokenEx + B 77035E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtQueryAttributesFile + 6 77035F7E 4 Bytes [A8, F4, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtQueryAttributesFile + B 77035F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtQueryFullAttributesFile + B 77036033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtSetInformationFile + 6 7703667E 4 Bytes [28, F5, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtSetInformationFile + B 77036683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtSetInformationThread + 6 770366DE 4 Bytes [28, F6, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtSetInformationThread + B 770366E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtUnmapViewOfSection + 6 770369FE 4 Bytes [68, F7, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtUnmapViewOfSection + B 77036A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!LdrUnloadDll 7704C8DE 5 Bytes JMP 00E603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!LdrLoadDll 770522AE 5 Bytes JMP 00E601F8 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\windows\Explorer.EXE[1592] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73C52437] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\windows\Explorer.EXE[1592] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73C35600] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\windows\Explorer.EXE[1592] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73C356BE] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\windows\Explorer.EXE[1592] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree] [73C524B2] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\windows\Explorer.EXE[1592] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73C48514] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\windows\Explorer.EXE[1592] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73C44CC8] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\windows\Explorer.EXE[1592] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73C4506F] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\windows\Explorer.EXE[1592] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73C45144] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\windows\Explorer.EXE[1592] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73C46671] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\windows\Explorer.EXE[1592] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73C4826B] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\windows\Explorer.EXE[1592] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73C487BA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\windows\Explorer.EXE[1592] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73C4901B] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\windows\Explorer.EXE[1592] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73C4E1BE] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\windows\Explorer.EXE[1592] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73C44BFA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 856371F8 AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys Device \Driver\usbuhci \Device\USBPDO-0 872041F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{D1372817-ECF4-4034-B01C-058724DE1A3E} 8712D1F8 Device \Driver\usbuhci \Device\USBPDO-1 872041F8 Device \Driver\usbuhci \Device\USBPDO-2 872041F8 Device \Driver\usbuhci \Device\USBPDO-4 872041F8 Device \Driver\usbuhci \Device\USBPDO-5 872041F8 Device \Driver\usbuhci \Device\USBPDO-6 872041F8 Device \Driver\usbehci \Device\USBPDO-7 85F6A440 Device \Driver\cdrom \Device\CdRom0 86FA11F8 Device \Driver\iaStor \Device\Ide\iaStor0 [8BCDC650] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8BCDC650] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [8BCDC650] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBt_Wins_Export 8712D1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{BE3EBF3D-D15F-495E-A7B4-E41420A1B22D} 8712D1F8 Device \Driver\usbuhci \Device\USBFDO-0 872041F8 Device \Driver\usbuhci \Device\USBFDO-1 872041F8 Device \Driver\usbuhci \Device\USBFDO-2 872041F8 Device \Driver\usbehci \Device\USBFDO-3 85F6A440 Device \Driver\NetBT \Device\NetBT_Tcpip_{53B12E2F-C6FA-45C4-92DD-8F2FF38D1B8E} 8712D1F8 Device \Driver\usbuhci \Device\USBFDO-4 872041F8 Device \Driver\usbuhci \Device\USBFDO-5 872041F8 Device \Driver\usbuhci \Device\USBFDO-6 872041F8 Device \Driver\usbehci \Device\USBFDO-7 85F6A440 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x10 0x98 0x01 0xA0 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDC 0xED 0x28 0x8F ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCF 0xA7 0x63 0x01 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x2D 0x4B 0xF9 0xBF ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBD 0x84 0xFE 0xDA ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8E 0x57 0xA7 0xF7 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9B 0x55 0x1A 0xC5 ... Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{365F9E6E-77F1-11DF-8EB6-806E6F6E6963} 2927073864 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.1 ---- File C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0009fb 0 bytes File C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000a0f 0 bytes File C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000a23 0 bytes File C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000a37 0 bytes File C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000a4b 0 bytes File C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000a5f 216108 bytes File C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000a73 621963 bytes File C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0009e7 0 bytes File C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0009d3 0 bytes File C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000a74 118067 bytes File C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000a75 674002 bytes File C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000a76 251402 bytes File C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000a77 631057 bytes File C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000a78 126745 bytes File C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000a79 279016 bytes File C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000a7a 253398 bytes File C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000a7b 252945 bytes File C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000a7d 8518016 bytes File C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000a7e 343352 bytes File C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000a7f 266854 bytes File C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000a80 241408 bytes File C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000a81 298167 bytes File C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000a82 299425 bytes ---- EOF - GMER 2.1 ----