GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-08-01 14:10:07 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Samsung_SSD_840_EVO_250GB rev.EXT0CB6Q 232,89GB Running: gmer.exe; Driver: G:\ZMIENN~1\TEMP\fgxdypob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000758e1465 2 bytes [8E, 75] .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758e14bb 2 bytes [8E, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077811590 16 bytes [50, 48, B8, 34, 35, 42, FB, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000778113e0 16 bytes [50, 48, B8, 4C, F0, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077811550 16 bytes [50, 48, B8, A4, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077811570 48 bytes [50, 48, B8, 20, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000778115b0 16 bytes [50, 48, B8, 70, F0, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077811600 32 bytes [50, 48, B8, C8, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077811640 16 bytes [50, 48, B8, B0, EE, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000778116e0 16 bytes [50, 48, B8, F8, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077811860 16 bytes [50, 48, B8, 74, ED, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000778122d0 16 bytes [50, 48, B8, 44, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077812320 16 bytes [50, 48, B8, 80, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077812470 16 bytes [50, 48, B8, 0C, F0, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000778113e0 16 bytes [50, 48, B8, 4C, F0, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077811550 16 bytes [50, 48, B8, A4, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077811570 48 bytes [50, 48, B8, 20, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000778115b0 16 bytes [50, 48, B8, 70, F0, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077811600 32 bytes [50, 48, B8, C8, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077811640 16 bytes [50, 48, B8, B0, EE, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000778116e0 16 bytes [50, 48, B8, F8, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077811860 16 bytes [50, 48, B8, 74, ED, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000778122d0 16 bytes [50, 48, B8, 44, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077812320 16 bytes [50, 48, B8, 80, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077812470 16 bytes [50, 48, B8, 0C, F0, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000778113e0 16 bytes [50, 48, B8, 4C, F0, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077811550 16 bytes [50, 48, B8, A4, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077811570 48 bytes [50, 48, B8, 20, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000778115b0 16 bytes [50, 48, B8, 70, F0, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077811600 32 bytes [50, 48, B8, C8, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077811640 16 bytes [50, 48, B8, B0, EE, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000778116e0 16 bytes [50, 48, B8, F8, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077811860 16 bytes [50, 48, B8, 74, ED, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000778122d0 16 bytes [50, 48, B8, 44, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077812320 16 bytes [50, 48, B8, 80, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077812470 16 bytes [50, 48, B8, 0C, F0, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000778113e0 16 bytes [50, 48, B8, 4C, F0, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077811550 16 bytes [50, 48, B8, A4, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077811570 48 bytes [50, 48, B8, 20, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000778115b0 16 bytes [50, 48, B8, 70, F0, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077811600 32 bytes [50, 48, B8, C8, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077811640 16 bytes [50, 48, B8, B0, EE, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000778116e0 16 bytes [50, 48, B8, F8, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077811860 16 bytes [50, 48, B8, 74, ED, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000778122d0 16 bytes [50, 48, B8, 44, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077812320 16 bytes [50, 48, B8, 80, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077812470 16 bytes [50, 48, B8, 0C, F0, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000778113e0 16 bytes [50, 48, B8, 4C, F0, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077811550 16 bytes [50, 48, B8, A4, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077811570 48 bytes [50, 48, B8, 20, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000778115b0 16 bytes [50, 48, B8, 70, F0, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077811600 32 bytes [50, 48, B8, C8, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077811640 16 bytes [50, 48, B8, B0, EE, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000778116e0 16 bytes [50, 48, B8, F8, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077811860 16 bytes [50, 48, B8, 74, ED, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000778122d0 16 bytes [50, 48, B8, 44, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077812320 16 bytes [50, 48, B8, 80, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077812470 16 bytes [50, 48, B8, 0C, F0, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000778113e0 16 bytes [50, 48, B8, 4C, F0, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077811550 16 bytes [50, 48, B8, A4, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077811570 48 bytes [50, 48, B8, 20, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000778115b0 16 bytes [50, 48, B8, 70, F0, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077811600 32 bytes [50, 48, B8, C8, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077811640 16 bytes [50, 48, B8, B0, EE, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000778116e0 16 bytes [50, 48, B8, F8, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077811860 16 bytes [50, 48, B8, 74, ED, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000778122d0 16 bytes [50, 48, B8, 44, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077812320 16 bytes [50, 48, B8, 80, EF, 72, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077812470 16 bytes [50, 48, B8, 0C, F0, 72, 3F, ...] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fef060f2d8] C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fef060f474] C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fef060f5dc] C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fef060f48c] C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fef060f46c] C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fef060f2d8] C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fef060f474] C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fef060f5dc] C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fef060f48c] C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fef060f46c] C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[840] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fef060f2d8] C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[840] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fef060f474] C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[840] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fef060f5dc] C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[840] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fef060f48c] C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[840] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fef060f46c] C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1256] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fef060f2d8] C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1256] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fef060f474] C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1256] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fef060f5dc] C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1256] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fef060f48c] C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1256] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fef060f46c] C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2160] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fef060f2d8] C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2160] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fef060f474] C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2160] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fef060f5dc] C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2160] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fef060f48c] C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2160] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fef060f46c] C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2248] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fef060f2d8] C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2248] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fef060f474] C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2248] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fef060f5dc] C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2248] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fef060f48c] C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2248] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fef060f46c] C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\chrome_child.dll ---- Processes - GMER 2.1 ---- Library C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\temp\sdk8\Cache\klavemu.kdl.b6b6dd223ad2aad28374217a028b59b0 (*** suspicious ***) @ C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [968] (Heuristics engine/Kaspersky Lab ZAO)(2015-08-01 01:03:18) 0000000070fe0000 Library C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\temp\sdk8\Cache\kjim.kdl.e30a2afa3b21fc3c867bdf51ac89005f (*** suspicious ***) @ C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [968] (Script Heuristics Engine/Kaspersky Lab ZAO)(2015-08-01 01:03:18) 0000000070d50000 Library C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\temp\sdk8\Cache\mark.kdl.841a103288da704ab47258a8a435c8d1 (*** suspicious ***) @ C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [968] (Anti-Rootkit Engine/Kaspersky Lab ZAO)(2015-08-01 01:03:18) 0000000070cf0000 Library C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\temp\sdk8\Cache\qscan.kdl.382128a906559b230d403c88de25602a (*** suspicious ***) @ C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [968] (Initial Scan Engine/Kaspersky Lab ZAO)(2015-08-01 01:03:18) 0000000070bc0000 Library C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\temp\sdk8\Cache\arkmon.kdl.05412b88de65b3a6617f42e1fbad772c (*** suspicious ***) @ C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [968] (Anti-Rootkit Monitor/Kaspersky Lab ZAO)(2015-08-01 01:03:26) 0000000074490000 Library C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\temp\sdk8\Cache\kavsys.kdl.30034ad9af01dd951d1ba9fb68103889 (*** suspicious ***) @ C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [968] (Set of system interfaces/Kaspersky Lab ZAO)(2015-08-01 01:03:26) 0000000070950000 Library C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\temp\sdk8\Cache\sys_critical_obj.dll.df0b8ec405e6f1bc83fd4669a4225fa5 (*** suspicious ***) @ C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [968] (System Critical Objects/Kaspersky Lab ZAO)(2014-11-27 21:09:42) 0000000070680000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAB 0x04 0xD7 0x12 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAB 0x04 0xD7 0x12 ... ---- Files - GMER 2.1 ---- File C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Profile 5\Cache\f_00002e 125787 bytes File C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Profile 5\Cache\f_0000c8 56913 bytes ---- EOF - GMER 2.1 ----