GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-01-19 23:22:19 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD252HJ rev.1AC01118 232,89GB Running: gmer.exe; Driver: C:\Users\USER\AppData\Local\Temp\aftcaaob.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwAdjustPrivilegesToken [0x8CBE20A0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwAlpcConnectPort [0x8CBE2020] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwAlpcSendWaitReceivePort [0x8CBE2030] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwConnectPort [0x8CBE2050] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateSection [0x8CBE2000] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateSymbolicLinkObject [0x8CBE2410] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateThread [0x8CBE2100] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateThreadEx [0x8CBE2040] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwDebugActiveProcess [0x8CBE2140] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwDeviceIoControlFile [0x8CBE21E0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwDuplicateObject [0x8CBE2170] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwLoadDriver [0x8CBE2150] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwMapViewOfSection [0x8CBE2180] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwOpenProcess [0x8CBE2080] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwOpenSection [0x8CBE2070] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwOpenThread [0x8CBE2090] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwProtectVirtualMemory [0x8CBE20C0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwQueryIntervalProfile [0x8CBE2470] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwQueueApcThread [0x8CBE2120] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwRequestWaitReplyPort [0x8CBE21D0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwResumeProcess [0x8CBE2490] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwResumeThread [0x8CBE21A0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSecureConnectPort [0x8CBE2060] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetContextThread [0x8CBE2110] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetInformationObject [0x8CBE20B0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetInformationToken [0x8CBE2010] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetSystemInformation [0x8CBE2160] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSuspendProcess [0x8CBE21C0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSuspendThread [0x8CBE21B0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSystemDebugControl [0x8CBE2130] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwTerminateProcess [0x8CBE20D0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwTerminateThread [0x8CBE20E0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwUnmapViewOfSection [0x8CBE2190] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwWriteVirtualMemory [0x8CBE20F0] ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!ZwSaveKeyEx + 13B1 82C6E8E9 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C8E3B2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 1397 82C95624 4 Bytes [A0, 20, BE, 8C] .text ntoskrnl.exe!KeRemoveQueueEx + 13BF 82C9564C 4 Bytes [20, 20, BE, 8C] .text ntoskrnl.exe!KeRemoveQueueEx + 1403 82C95690 4 Bytes [30, 20, BE, 8C] .text ntoskrnl.exe!KeRemoveQueueEx + 1453 82C956E0 4 Bytes [50, 20, BE, 8C] .text ntoskrnl.exe!KeRemoveQueueEx + 14B7 82C95744 4 Bytes [00, 20, BE, 8C] .text ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9383F000, 0x227A14, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtCreateFile + 6 779D4A16 4 Bytes [28, F0, A0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtCreateFile + B 779D4A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtMapViewOfSection + 6 779D5076 4 Bytes [28, F3, A0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtMapViewOfSection + B 779D507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtOpenFile + 6 779D5126 4 Bytes [68, F0, A0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtOpenFile + B 779D512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtOpenProcess + 6 779D51D6 4 Bytes [A8, F1, A0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtOpenProcess + B 779D51DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtOpenProcessToken + B 779D51EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtOpenProcessTokenEx + 6 779D51F6 4 Bytes [A8, F2, A0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtOpenProcessTokenEx + B 779D51FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtOpenThread + 6 779D5256 4 Bytes [68, F1, A0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtOpenThread + B 779D525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtOpenThreadToken + 6 779D5266 4 Bytes [68, F2, A0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtOpenThreadToken + B 779D526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtOpenThreadTokenEx + B 779D527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtQueryAttributesFile + 6 779D5386 4 Bytes [A8, F0, A0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtQueryAttributesFile + B 779D538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtQueryFullAttributesFile + B 779D543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtSetInformationFile + 6 779D5A86 4 Bytes [28, F1, A0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtSetInformationFile + B 779D5A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtSetInformationThread + 6 779D5AE6 4 Bytes [28, F2, A0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtSetInformationThread + B 779D5AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtUnmapViewOfSection + 6 779D5E06 4 Bytes [68, F3, A0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtUnmapViewOfSection + B 779D5E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtCreateFile + 6 779D4A16 4 Bytes [28, 2C, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtCreateFile + B 779D4A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtMapViewOfSection + 6 779D5076 4 Bytes [28, 2F, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtMapViewOfSection + B 779D507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtOpenFile + 6 779D5126 4 Bytes [68, 2C, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtOpenFile + B 779D512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtOpenProcess + 6 779D51D6 4 Bytes [A8, 2D, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtOpenProcess + B 779D51DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtOpenProcessToken + B 779D51EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtOpenProcessTokenEx + 6 779D51F6 4 Bytes [A8, 2E, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtOpenProcessTokenEx + B 779D51FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtOpenThread + 6 779D5256 4 Bytes [68, 2D, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtOpenThread + B 779D525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtOpenThreadToken + 6 779D5266 4 Bytes [68, 2E, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtOpenThreadToken + B 779D526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtOpenThreadTokenEx + B 779D527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtQueryAttributesFile + 6 779D5386 4 Bytes [A8, 2C, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtQueryAttributesFile + B 779D538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtQueryFullAttributesFile + B 779D543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtSetInformationFile + 6 779D5A86 4 Bytes [28, 2D, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtSetInformationFile + B 779D5A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtSetInformationThread + 6 779D5AE6 4 Bytes [28, 2E, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtSetInformationThread + B 779D5AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtUnmapViewOfSection + 6 779D5E06 4 Bytes [68, 2F, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1592] ntdll.dll!NtUnmapViewOfSection + B 779D5E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtMapViewOfSection + 6 779D5076 4 Bytes [18, 20, 22, 61] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtMapViewOfSection + B 779D507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtCreateFile + 6 779D4A16 4 Bytes [28, 38, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtCreateFile + B 779D4A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtMapViewOfSection + 6 779D5076 4 Bytes [28, 3B, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtMapViewOfSection + B 779D507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenFile + 6 779D5126 4 Bytes [68, 38, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenFile + B 779D512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenProcess + 6 779D51D6 4 Bytes [A8, 39, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenProcess + B 779D51DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenProcessToken + B 779D51EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenProcessTokenEx + 6 779D51F6 4 Bytes [A8, 3A, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenProcessTokenEx + B 779D51FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenThread + 6 779D5256 4 Bytes [68, 39, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenThread + B 779D525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenThreadToken + 6 779D5266 4 Bytes [68, 3A, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenThreadToken + B 779D526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenThreadTokenEx + B 779D527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtQueryAttributesFile + 6 779D5386 4 Bytes [A8, 38, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtQueryAttributesFile + B 779D538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtQueryFullAttributesFile + B 779D543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtSetInformationFile + 6 779D5A86 4 Bytes [28, 39, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtSetInformationFile + B 779D5A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtSetInformationThread + 6 779D5AE6 4 Bytes [28, 3A, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtSetInformationThread + B 779D5AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtUnmapViewOfSection + 6 779D5E06 4 Bytes [68, 3B, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtUnmapViewOfSection + B 779D5E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2444] ntdll.dll!NtCreateFile + 6 779D4A16 4 Bytes [28, 7C, CC, 00] {SUB [ESP+ECX*8+0x0], BH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2444] ntdll.dll!NtCreateFile + B 779D4A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2444] ntdll.dll!NtMapViewOfSection + 6 779D5076 4 Bytes [28, 7F, CC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2444] ntdll.dll!NtMapViewOfSection + B 779D507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2444] ntdll.dll!NtOpenFile + 6 779D5126 4 Bytes [68, 7C, CC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2444] ntdll.dll!NtOpenFile + B 779D512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2444] ntdll.dll!NtOpenProcess + 6 779D51D6 4 Bytes [A8, 7D, CC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2444] ntdll.dll!NtOpenProcess + B 779D51DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2444] ntdll.dll!NtOpenProcessToken + B 779D51EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2444] ntdll.dll!NtOpenProcessTokenEx + 6 779D51F6 4 Bytes [A8, 7E, CC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2444] ntdll.dll!NtOpenProcessTokenEx + B 779D51FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2444] ntdll.dll!NtOpenThread + 6 779D5256 4 Bytes [68, 7D, CC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2444] ntdll.dll!NtOpenThread + B 779D525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2444] ntdll.dll!NtOpenThreadToken + 6 779D5266 4 Bytes [68, 7E, CC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2444] ntdll.dll!NtOpenThreadToken + B 779D526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2444] ntdll.dll!NtOpenThreadTokenEx + B 779D527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2444] ntdll.dll!NtQueryAttributesFile + 6 779D5386 4 Bytes [A8, 7C, CC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2444] ntdll.dll!NtQueryAttributesFile + B 779D538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2444] ntdll.dll!NtQueryFullAttributesFile + B 779D543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2444] ntdll.dll!NtSetInformationFile + 6 779D5A86 4 Bytes [28, 7D, CC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2444] ntdll.dll!NtSetInformationFile + B 779D5A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2444] ntdll.dll!NtSetInformationThread + 6 779D5AE6 4 Bytes [28, 7E, CC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2444] ntdll.dll!NtSetInformationThread + B 779D5AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2444] ntdll.dll!NtUnmapViewOfSection + 6 779D5E06 4 Bytes [68, 7F, CC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2444] ntdll.dll!NtUnmapViewOfSection + B 779D5E0B 1 Byte [E2] .text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[3032] kernel32.dll!SetUnhandledExceptionFilter 76243142 5 Bytes JMP 56088FA9 C:\Program Files\Common Files\Microsoft Shared\office14\mso.dll .text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[3032] ole32.dll!OleLoadFromStream 76715B88 5 Bytes JMP 565C86A0 C:\Program Files\Common Files\Microsoft Shared\office14\mso.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtCreateFile + 6 779D4A16 4 Bytes [28, 34, 41, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtCreateFile + B 779D4A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtMapViewOfSection + 6 779D5076 4 Bytes [28, 37, 41, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtMapViewOfSection + B 779D507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtOpenFile + 6 779D5126 4 Bytes [68, 34, 41, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtOpenFile + B 779D512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtOpenProcess + 6 779D51D6 4 Bytes [A8, 35, 41, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtOpenProcess + B 779D51DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtOpenProcessToken + B 779D51EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtOpenProcessTokenEx + 6 779D51F6 4 Bytes [A8, 36, 41, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtOpenProcessTokenEx + B 779D51FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtOpenThread + 6 779D5256 4 Bytes [68, 35, 41, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtOpenThread + B 779D525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtOpenThreadToken + 6 779D5266 4 Bytes [68, 36, 41, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtOpenThreadToken + B 779D526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtOpenThreadTokenEx + B 779D527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtQueryAttributesFile + 6 779D5386 4 Bytes [A8, 34, 41, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtQueryAttributesFile + B 779D538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtQueryFullAttributesFile + B 779D543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtSetInformationFile + 6 779D5A86 4 Bytes [28, 35, 41, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtSetInformationFile + B 779D5A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtSetInformationThread + 6 779D5AE6 4 Bytes [28, 36, 41, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtSetInformationThread + B 779D5AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtUnmapViewOfSection + 6 779D5E06 4 Bytes [68, 37, 41, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtUnmapViewOfSection + B 779D5E0B 1 Byte [E2] ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 klkbdflt.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 klkbdflt.sys AttachedDevice \Driver\tdx \Device\Tcp kltdi.sys AttachedDevice \Driver\tdx \Device\Udp kltdi.sys AttachedDevice \Driver\tdx \Device\RawIp kltdi.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\BTHPORT Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\HidBth Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0000 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0000@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0000@COD Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0000@Scans Before Out of Range 8 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0000@SCO Max Channels 2 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0000@Store Link Key COD Masks 0x00 0x00 0x1F 0x43 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0000@SymbolicLinkName \??\USB#VID_0A12&PID_0001#6&150b38ac&0&1#{0850302a-b344-4fda-9be9-90576b8d46f0} Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0000@SymbolicName \??\USB#VID_0A12&PID_0001#6&150b38ac&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed} Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\BTHPORT (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\HidBth (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0000 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0000@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0000@COD Type 1 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0000@Scans Before Out of Range 8 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0000@SCO Max Channels 2 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0000@Store Link Key COD Masks 0x00 0x00 0x1F 0x43 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0000@SymbolicLinkName \??\USB#VID_0A12&PID_0001#6&150b38ac&0&1#{0850302a-b344-4fda-9be9-90576b8d46f0} Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0000@SymbolicName \??\USB#VID_0A12&PID_0001#6&150b38ac&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed} Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Upgrade\BTHPORT (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Upgrade\HidBth (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Upgrade\LocalRadioSettings\0000 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Upgrade\LocalRadioSettings\0000@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Upgrade\LocalRadioSettings\0000@COD Type 1 Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Upgrade\LocalRadioSettings\0000@Scans Before Out of Range 8 Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Upgrade\LocalRadioSettings\0000@SCO Max Channels 2 Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Upgrade\LocalRadioSettings\0000@Store Link Key COD Masks 0x00 0x00 0x1F 0x43 ... Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Upgrade\LocalRadioSettings\0000@SymbolicLinkName \??\USB#VID_0A12&PID_0001#6&150b38ac&0&1#{0850302a-b344-4fda-9be9-90576b8d46f0} Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Upgrade\LocalRadioSettings\0000@SymbolicName \??\USB#VID_0A12&PID_0001#6&150b38ac&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed} ---- Files - GMER 2.1 ---- File C:\$WINDOWS.~Q\DATA\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programy\ose00001.exe 0 bytes ---- EOF - GMER 2.1 ----