GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-06-30 11:21:12 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MQ01ABF050 rev.AM002C 465,76GB Running: 9kt21opy.exe; Driver: C:\Users\Martyna\AppData\Local\Temp\fxldrpow.sys ---- System - GMER 2.1 ---- SSDT 86C04930 ZwAlertResumeThread SSDT 86C049C8 ZwAlertThread SSDT 86C03430 ZwAllocateVirtualMemory SSDT 862C1208 ZwAlpcConnectPort SSDT 86C043A8 ZwAssignProcessToJobObject SSDT 86C04758 ZwCreateMutant SSDT 86C041A0 ZwCreateSymbolicLinkObject SSDT 86C03708 ZwCreateThread SSDT 86C04248 ZwCreateThreadEx SSDT 86C04440 ZwDebugActiveProcess SSDT 86C03570 ZwDuplicateObject SSDT 86C04EB8 ZwFreeVirtualMemory SSDT 86C04800 ZwImpersonateAnonymousToken SSDT 86C04898 ZwImpersonateThread SSDT 866AC430 ZwLoadDriver SSDT 86C04E00 ZwMapViewOfSection SSDT 86C046C0 ZwOpenEvent SSDT 86C03680 ZwOpenProcess SSDT 86C034D8 ZwOpenProcessToken SSDT 86C04590 ZwOpenSection SSDT 86C035F8 ZwOpenThread SSDT 86C04300 ZwProtectVirtualMemory SSDT 86C040F8 ZwQueueApcThread SSDT 86C04050 ZwQueueApcThreadEx SSDT 86C05FC0 ZwReadVirtualMemory SSDT 86C04A60 ZwResumeThread SSDT 86C04C28 ZwSetContextThread SSDT 86C04CC0 ZwSetInformationProcess SSDT 86C044D8 ZwSetSystemInformation SSDT 86C04628 ZwSuspendProcess SSDT 86C04AF8 ZwSuspendThread SSDT 86C01428 ZwTerminateProcess SSDT 86C04B90 ZwTerminateThread SSDT 86C04D68 ZwUnmapViewOfSection SSDT 86C04F60 ZwWriteVirtualMemory ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E55569 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E7A092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 224 82E81834 8 Bytes [30, 49, C0, 86, C8, 49, C0, ...] .text ntkrnlpa.exe!RtlSidHashLookup + 23C 82E8184C 4 Bytes [30, 34, C0, 86] .text ntkrnlpa.exe!RtlSidHashLookup + 248 82E81858 4 Bytes [08, 12, 2C, 86] {OR [EDX], DL; SUB AL, 0x86} .text ntkrnlpa.exe!RtlSidHashLookup + 29C 82E818AC 4 Bytes [A8, 43, C0, 86] .text ntkrnlpa.exe!RtlSidHashLookup + 318 82E81928 4 Bytes [58, 47, C0, 86] .text ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9C406000, 0x17E53A, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe[2480] ntdll.dll!NtTerminateThread 77525D20 5 Bytes JMP 00020050 .text C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe[2480] USER32.dll!ChangeWindowMessageFilterEx + F 75C024D7 7 Bytes JMP 00300A12 .text C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe[2480] USER32.dll!RecordShutdownReason + 372 75C406C2 7 Bytes JMP 00300930 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2568] ntdll.dll!NtMapViewOfSection + 6 77525076 4 Bytes [18, 20, CF, 6D] {SBB [EAX], AH; IRET ; INS DWORD [ES:EDI], DX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2568] ntdll.dll!NtMapViewOfSection + B 7752507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtCreateFile + 6 77524A16 4 Bytes [28, 4C, 9A, 00] {SUB [EDX+EBX*4+0x0], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtCreateFile + B 77524A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtMapViewOfSection + 6 77525076 4 Bytes [28, 4F, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtMapViewOfSection + B 7752507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenFile + 6 77525126 4 Bytes [68, 4C, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenFile + B 7752512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenProcess + 6 775251D6 4 Bytes [A8, 4D, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenProcess + B 775251DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenProcessToken + 6 775251E6 4 Bytes CALL 7652EC38 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenProcessToken + B 775251EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenProcessTokenEx + 6 775251F6 4 Bytes [A8, 4E, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenProcessTokenEx + B 775251FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenThread + 6 77525256 4 Bytes [68, 4D, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenThread + B 7752525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenThreadToken + 6 77525266 4 Bytes [68, 4E, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenThreadToken + B 7752526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenThreadTokenEx + 6 77525276 4 Bytes CALL 7652ECC9 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenThreadTokenEx + B 7752527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtQueryAttributesFile + 6 77525386 4 Bytes [A8, 4C, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtQueryAttributesFile + B 7752538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtQueryFullAttributesFile + 6 77525436 4 Bytes CALL 7652EE87 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtQueryFullAttributesFile + B 7752543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtSetInformationFile + 6 77525A86 4 Bytes [28, 4D, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtSetInformationFile + B 77525A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtSetInformationThread + 6 77525AE6 4 Bytes [28, 4E, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtSetInformationThread + B 77525AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtUnmapViewOfSection + 6 77525E06 4 Bytes [68, 4F, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtUnmapViewOfSection + B 77525E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtCreateFile + 6 77524A16 4 Bytes [28, C0, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtCreateFile + B 77524A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtMapViewOfSection + 6 77525076 4 Bytes [28, C3, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtMapViewOfSection + B 7752507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenFile + 6 77525126 4 Bytes [68, C0, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenFile + B 7752512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenProcess + 6 775251D6 4 Bytes [A8, C1, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenProcess + B 775251DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenProcessToken + 6 775251E6 4 Bytes CALL 765297AC C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenProcessToken + B 775251EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenProcessTokenEx + 6 775251F6 4 Bytes [A8, C2, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenProcessTokenEx + B 775251FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenThread + 6 77525256 4 Bytes [68, C1, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenThread + B 7752525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenThreadToken + 6 77525266 4 Bytes [68, C2, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenThreadToken + B 7752526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenThreadTokenEx + 6 77525276 4 Bytes CALL 7652983D C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenThreadTokenEx + B 7752527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtQueryAttributesFile + 6 77525386 4 Bytes [A8, C0, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtQueryAttributesFile + B 7752538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtQueryFullAttributesFile + 6 77525436 4 Bytes CALL 765299FB C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtQueryFullAttributesFile + B 7752543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtSetInformationFile + 6 77525A86 4 Bytes [28, C1, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtSetInformationFile + B 77525A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtSetInformationThread + 6 77525AE6 4 Bytes [28, C2, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtSetInformationThread + B 77525AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtUnmapViewOfSection + 6 77525E06 4 Bytes [68, C3, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtUnmapViewOfSection + B 77525E0B 1 Byte [E2] .text C:\Users\Martyna\Downloads\FRST.exe[4060] ntdll.dll!NtTerminateThread 77525D20 5 Bytes JMP 00020050 .text C:\Users\Martyna\Downloads\FRST.exe[4060] USER32.dll!ChangeWindowMessageFilterEx + F 75C024D7 7 Bytes JMP 00110BD6 .text C:\Users\Martyna\Downloads\FRST.exe[4060] USER32.dll!RecordShutdownReason + 372 75C406C2 7 Bytes JMP 00110AF4 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtCreateFile + 6 77524A16 4 Bytes [28, 44, B7, 00] {SUB [EDI+ESI*4+0x0], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtCreateFile + B 77524A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtMapViewOfSection + 6 77525076 4 Bytes [28, 47, B7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtMapViewOfSection + B 7752507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtOpenFile + 6 77525126 4 Bytes [68, 44, B7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtOpenFile + B 7752512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtOpenProcess + 6 775251D6 4 Bytes [A8, 45, B7, 00] {TEST AL, 0x45; MOV BH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtOpenProcess + B 775251DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtOpenProcessToken + B 775251EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtOpenProcessTokenEx + 6 775251F6 4 Bytes [A8, 46, B7, 00] {TEST AL, 0x46; MOV BH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtOpenProcessTokenEx + B 775251FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtOpenThread + 6 77525256 4 Bytes [68, 45, B7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtOpenThread + B 7752525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtOpenThreadToken + 6 77525266 4 Bytes [68, 46, B7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtOpenThreadToken + B 7752526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtOpenThreadTokenEx + B 7752527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtQueryAttributesFile + 6 77525386 4 Bytes [A8, 44, B7, 00] {TEST AL, 0x44; MOV BH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtQueryAttributesFile + B 7752538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtQueryFullAttributesFile + B 7752543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtSetInformationFile + 6 77525A86 4 Bytes [28, 45, B7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtSetInformationFile + B 77525A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtSetInformationThread + 6 77525AE6 4 Bytes [28, 46, B7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtSetInformationThread + B 77525AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtUnmapViewOfSection + 6 77525E06 4 Bytes [68, 47, B7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4100] ntdll.dll!NtUnmapViewOfSection + B 77525E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtCreateFile + 6 77524A16 4 Bytes [28, 3C, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtCreateFile + B 77524A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtMapViewOfSection + 6 77525076 4 Bytes [28, 3F, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtMapViewOfSection + B 7752507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenFile + 6 77525126 4 Bytes [68, 3C, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenFile + B 7752512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenProcess + 6 775251D6 4 Bytes [A8, 3D, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenProcess + B 775251DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenProcessToken + 6 775251E6 4 Bytes CALL 7652F128 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenProcessToken + B 775251EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenProcessTokenEx + 6 775251F6 4 Bytes [A8, 3E, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenProcessTokenEx + B 775251FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenThread + 6 77525256 4 Bytes [68, 3D, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenThread + B 7752525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenThreadToken + 6 77525266 4 Bytes [68, 3E, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenThreadToken + B 7752526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenThreadTokenEx + 6 77525276 4 Bytes CALL 7652F1B9 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenThreadTokenEx + B 7752527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtQueryAttributesFile + 6 77525386 4 Bytes [A8, 3C, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtQueryAttributesFile + B 7752538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtQueryFullAttributesFile + 6 77525436 4 Bytes CALL 7652F377 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtQueryFullAttributesFile + B 7752543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtSetInformationFile + 6 77525A86 4 Bytes [28, 3D, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtSetInformationFile + B 77525A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtSetInformationThread + 6 77525AE6 4 Bytes [28, 3E, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtSetInformationThread + B 77525AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtUnmapViewOfSection + 6 77525E06 4 Bytes [68, 3F, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtUnmapViewOfSection + B 77525E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtCreateFile + 6 77524A16 4 Bytes [28, 54, F6, 00] {SUB [ESI+ESI*8+0x0], DL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtCreateFile + B 77524A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtMapViewOfSection + 6 77525076 4 Bytes [28, 57, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtMapViewOfSection + B 7752507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenFile + 6 77525126 4 Bytes [68, 54, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenFile + B 7752512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenProcess + 6 775251D6 4 Bytes [A8, 55, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenProcess + B 775251DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenProcessToken + B 775251EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenProcessTokenEx + 6 775251F6 4 Bytes [A8, 56, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenProcessTokenEx + B 775251FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenThread + 6 77525256 4 Bytes [68, 55, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenThread + B 7752525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenThreadToken + 6 77525266 4 Bytes [68, 56, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenThreadToken + B 7752526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenThreadTokenEx + B 7752527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtQueryAttributesFile + 6 77525386 4 Bytes [A8, 54, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtQueryAttributesFile + B 7752538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtQueryFullAttributesFile + B 7752543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtSetInformationFile + 6 77525A86 4 Bytes [28, 55, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtSetInformationFile + B 77525A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtSetInformationThread + 6 77525AE6 4 Bytes [28, 56, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtSetInformationThread + B 77525AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtUnmapViewOfSection + 6 77525E06 4 Bytes [68, 57, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtUnmapViewOfSection + B 77525E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtCreateFile + 6 77524A16 4 Bytes [28, 8C, 4D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtCreateFile + B 77524A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtMapViewOfSection + 6 77525076 4 Bytes [28, 8F, 4D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtMapViewOfSection + B 7752507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenFile + 6 77525126 4 Bytes [68, 8C, 4D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenFile + B 7752512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenProcess + 6 775251D6 4 Bytes [A8, 8D, 4D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenProcess + B 775251DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenProcessToken + 6 775251E6 4 Bytes CALL 76529F78 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenProcessToken + B 775251EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenProcessTokenEx + 6 775251F6 4 Bytes [A8, 8E, 4D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenProcessTokenEx + B 775251FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenThread + 6 77525256 4 Bytes [68, 8D, 4D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenThread + B 7752525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenThreadToken + 6 77525266 4 Bytes [68, 8E, 4D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenThreadToken + B 7752526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenThreadTokenEx + 6 77525276 4 Bytes CALL 7652A009 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenThreadTokenEx + B 7752527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtQueryAttributesFile + 6 77525386 4 Bytes [A8, 8C, 4D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtQueryAttributesFile + B 7752538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtQueryFullAttributesFile + 6 77525436 4 Bytes CALL 7652A1C7 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtQueryFullAttributesFile + B 7752543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtSetInformationFile + 6 77525A86 4 Bytes [28, 8D, 4D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtSetInformationFile + B 77525A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtSetInformationThread + 6 77525AE6 4 Bytes [28, 8E, 4D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtSetInformationThread + B 77525AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtUnmapViewOfSection + 6 77525E06 4 Bytes [68, 8F, 4D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtUnmapViewOfSection + B 77525E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtCreateFile + 6 77524A16 4 Bytes [28, 30, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtCreateFile + B 77524A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtMapViewOfSection + 6 77525076 4 Bytes [28, 33, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtMapViewOfSection + B 7752507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenFile + 6 77525126 4 Bytes [68, 30, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenFile + B 7752512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenProcess + 6 775251D6 4 Bytes [A8, 31, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenProcess + B 775251DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenProcessToken + 6 775251E6 4 Bytes CALL 7652911C C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenProcessToken + B 775251EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenProcessTokenEx + 6 775251F6 4 Bytes [A8, 32, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenProcessTokenEx + B 775251FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenThread + 6 77525256 4 Bytes [68, 31, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenThread + B 7752525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenThreadToken + 6 77525266 4 Bytes [68, 32, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenThreadToken + B 7752526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenThreadTokenEx + 6 77525276 4 Bytes CALL 765291AD C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenThreadTokenEx + B 7752527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtQueryAttributesFile + 6 77525386 4 Bytes [A8, 30, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtQueryAttributesFile + B 7752538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtQueryFullAttributesFile + 6 77525436 4 Bytes CALL 7652936B C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtQueryFullAttributesFile + B 7752543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtSetInformationFile + 6 77525A86 4 Bytes [28, 31, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtSetInformationFile + B 77525A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtSetInformationThread + 6 77525AE6 4 Bytes [28, 32, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtSetInformationThread + B 77525AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtUnmapViewOfSection + 6 77525E06 4 Bytes [68, 33, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtUnmapViewOfSection + B 77525E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtCreateFile + 6 77524A16 4 Bytes [28, DC, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtCreateFile + B 77524A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtMapViewOfSection + 6 77525076 4 Bytes [28, DF, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtMapViewOfSection + B 7752507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenFile + 6 77525126 4 Bytes [68, DC, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenFile + B 7752512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenProcess + 6 775251D6 4 Bytes [A8, DD, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenProcess + B 775251DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenProcessToken + B 775251EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenProcessTokenEx + 6 775251F6 4 Bytes [A8, DE, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenProcessTokenEx + B 775251FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenThread + 6 77525256 4 Bytes [68, DD, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenThread + B 7752525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenThreadToken + 6 77525266 4 Bytes [68, DE, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenThreadToken + B 7752526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtOpenThreadTokenEx + B 7752527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtQueryAttributesFile + 6 77525386 4 Bytes [A8, DC, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtQueryAttributesFile + B 7752538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtQueryFullAttributesFile + B 7752543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtSetInformationFile + 6 77525A86 4 Bytes [28, DD, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtSetInformationFile + B 77525A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtSetInformationThread + 6 77525AE6 4 Bytes [28, DE, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtSetInformationThread + B 77525AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtUnmapViewOfSection + 6 77525E06 4 Bytes [68, DF, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5368] ntdll.dll!NtUnmapViewOfSection + B 77525E0B 1 Byte [E2] ---- Devices - GMER 2.1 ---- Device \Driver\BTHUSB \Device\00000096 bthport.sys Device \Driver\BTHUSB \Device\00000098 bthport.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\28e34753e55c Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ???j?z???j???????j???;???????????;???????????j??v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31257|Desc=@FirewallAPI.dll,-31260|EmbedCtxt=@FirewallAPI.dll,-31252|??????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31261|Desc=@FirewallAPI.dll,-31264|EmbedCtxt=@FirewallAPI.dll,-31252|?????????j???;???????????P???????y???;???????;???????u???????????e???????j???????????????????????????y???????q????N??v?????????n??????????????????s??????j???????{??v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=10243|App=System|Name=@FirewallAPI.dll,-31285|Desc=@FirewallAPI.dll,-31288|EmbedCtxt=@FirewallAPI.dll,-31252|?????????{??????2????????????????j??PNP_TDI??:??????????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@Fire Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ???n????????p????m?????????????????m????system32\DRIVERS\mouclass.sys?ouclass.sys?????,??m?????????e??????b??m?????????e?????????j???1??s???Sterownik klasy myszy???System Bus Extender???????????????????????(??m??????p????????????????????????????????????????????????????????3?g?3?????r???r???r???r???r???r???r???r???r???r???r???r???r???r???r???r???r???r???r???r???r???r???????r???r???r???r???r???r???r???r???r???r???r???r???????r???????r???r???r???????r???r???r???r???r???r???n???r???r???r???r???r???r???r???r???r???r???r???????r???r???r???r???r???r???n???r??? ---- EOF - GMER 2.1 ----