GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-04-09 23:08:43 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0 232,89GB Running: jy34mux3.exe; Driver: C:\Users\Artur\AppData\Local\Temp\kwtorpog.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[452] ntdll.dll!NtCreateFile + 6 7765422A 4 Bytes [28, C0, E4, 00] {SUB AL, AL; IN AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[452] ntdll.dll!NtCreateFile + B 7765422F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[452] ntdll.dll!NtMapViewOfSection + 6 7765497A 4 Bytes [28, C3, E4, 00] {SUB BL, AL; IN AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[452] ntdll.dll!NtMapViewOfSection + B 7765497F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[452] ntdll.dll!NtOpenFile + 6 77654A0A 4 Bytes [68, C0, E4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[452] ntdll.dll!NtOpenFile + B 77654A0F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[452] ntdll.dll!NtOpenProcess + 6 77654A8A 4 Bytes [A8, C1, E4, 00] {TEST AL, 0xc1; IN AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[452] ntdll.dll!NtOpenProcess + B 77654A8F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[452] ntdll.dll!NtOpenProcessToken + B 77654A9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[452] ntdll.dll!NtOpenProcessTokenEx + 6 77654AAA 4 Bytes [A8, C2, E4, 00] {TEST AL, 0xc2; IN AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[452] ntdll.dll!NtOpenProcessTokenEx + B 77654AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[452] ntdll.dll!NtOpenThread + 6 77654AFA 4 Bytes [68, C1, E4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[452] ntdll.dll!NtOpenThread + B 77654AFF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[452] ntdll.dll!NtOpenThreadToken + 6 77654B0A 4 Bytes [68, C2, E4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[452] ntdll.dll!NtOpenThreadToken + B 77654B0F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[452] ntdll.dll!NtOpenThreadTokenEx + B 77654B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[452] ntdll.dll!NtQueryAttributesFile + 6 77654BAA 4 Bytes [A8, C0, E4, 00] {TEST AL, 0xc0; IN AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[452] ntdll.dll!NtQueryAttributesFile + B 77654BAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[452] ntdll.dll!NtQueryFullAttributesFile + B 77654C5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[452] ntdll.dll!NtSetInformationFile + 6 7765513A 4 Bytes [28, C1, E4, 00] {SUB CL, AL; IN AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[452] ntdll.dll!NtSetInformationFile + B 7765513F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[452] ntdll.dll!NtSetInformationThread + 6 7765518A 4 Bytes [28, C2, E4, 00] {SUB DL, AL; IN AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[452] ntdll.dll!NtSetInformationThread + B 7765518F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[452] ntdll.dll!NtUnmapViewOfSection + 6 7765542A 4 Bytes [68, C3, E4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[452] ntdll.dll!NtUnmapViewOfSection + B 7765542F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3456] ntdll.dll!NtCreateFile + 6 7765422A 4 Bytes [28, 68, 52, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3456] ntdll.dll!NtCreateFile + B 7765422F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3456] ntdll.dll!NtMapViewOfSection + 6 7765497A 4 Bytes [28, 6B, 52, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3456] ntdll.dll!NtMapViewOfSection + B 7765497F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3456] ntdll.dll!NtOpenFile + 6 77654A0A 4 Bytes [68, 68, 52, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3456] ntdll.dll!NtOpenFile + B 77654A0F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3456] ntdll.dll!NtOpenProcess + 6 77654A8A 4 Bytes [A8, 69, 52, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3456] ntdll.dll!NtOpenProcess + B 77654A8F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3456] ntdll.dll!NtOpenProcessToken + B 77654A9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3456] ntdll.dll!NtOpenProcessTokenEx + 6 77654AAA 4 Bytes [A8, 6A, 52, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3456] ntdll.dll!NtOpenProcessTokenEx + B 77654AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3456] ntdll.dll!NtOpenThread + 6 77654AFA 4 Bytes [68, 69, 52, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3456] ntdll.dll!NtOpenThread + B 77654AFF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3456] ntdll.dll!NtOpenThreadToken + 6 77654B0A 4 Bytes [68, 6A, 52, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3456] ntdll.dll!NtOpenThreadToken + B 77654B0F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3456] ntdll.dll!NtOpenThreadTokenEx + B 77654B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3456] ntdll.dll!NtQueryAttributesFile + 6 77654BAA 4 Bytes [A8, 68, 52, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3456] ntdll.dll!NtQueryAttributesFile + B 77654BAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3456] ntdll.dll!NtQueryFullAttributesFile + B 77654C5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3456] ntdll.dll!NtSetInformationFile + 6 7765513A 4 Bytes [28, 69, 52, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3456] ntdll.dll!NtSetInformationFile + B 7765513F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3456] ntdll.dll!NtSetInformationThread + 6 7765518A 4 Bytes [28, 6A, 52, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3456] ntdll.dll!NtSetInformationThread + B 7765518F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3456] ntdll.dll!NtUnmapViewOfSection + 6 7765542A 4 Bytes [68, 6B, 52, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3456] ntdll.dll!NtUnmapViewOfSection + B 7765542F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtMapViewOfSection + 6 7765497A 4 Bytes [18, F0, F4, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtMapViewOfSection + B 7765497F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtCreateFile + 6 7765422A 4 Bytes [28, B0, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtCreateFile + B 7765422F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtMapViewOfSection + 6 7765497A 4 Bytes [28, B3, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtMapViewOfSection + B 7765497F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenFile + 6 77654A0A 4 Bytes [68, B0, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenFile + B 77654A0F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenProcess + 6 77654A8A 4 Bytes [A8, B1, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenProcess + B 77654A8F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenProcessToken + B 77654A9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenProcessTokenEx + 6 77654AAA 4 Bytes [A8, B2, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenProcessTokenEx + B 77654AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenThread + 6 77654AFA 4 Bytes [68, B1, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenThread + B 77654AFF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenThreadToken + 6 77654B0A 4 Bytes [68, B2, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenThreadToken + B 77654B0F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenThreadTokenEx + B 77654B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtQueryAttributesFile + 6 77654BAA 4 Bytes [A8, B0, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtQueryAttributesFile + B 77654BAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtQueryFullAttributesFile + B 77654C5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtSetInformationFile + 6 7765513A 4 Bytes [28, B1, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtSetInformationFile + B 7765513F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtSetInformationThread + 6 7765518A 4 Bytes [28, B2, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtSetInformationThread + B 7765518F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtUnmapViewOfSection + 6 7765542A 4 Bytes [68, B3, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtUnmapViewOfSection + B 7765542F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtCreateFile + 6 7765422A 4 Bytes [28, D4, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtCreateFile + B 7765422F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtMapViewOfSection + 6 7765497A 4 Bytes [28, D7, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtMapViewOfSection + B 7765497F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtOpenFile + 6 77654A0A 4 Bytes [68, D4, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtOpenFile + B 77654A0F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtOpenProcess + 6 77654A8A 4 Bytes [A8, D5, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtOpenProcess + B 77654A8F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtOpenProcessToken + B 77654A9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtOpenProcessTokenEx + 6 77654AAA 4 Bytes [A8, D6, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtOpenProcessTokenEx + B 77654AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtOpenThread + 6 77654AFA 4 Bytes [68, D5, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtOpenThread + B 77654AFF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtOpenThreadToken + 6 77654B0A 4 Bytes [68, D6, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtOpenThreadToken + B 77654B0F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtOpenThreadTokenEx + B 77654B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtQueryAttributesFile + 6 77654BAA 4 Bytes [A8, D4, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtQueryAttributesFile + B 77654BAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtQueryFullAttributesFile + B 77654C5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtSetInformationFile + 6 7765513A 4 Bytes [28, D5, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtSetInformationFile + B 7765513F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtSetInformationThread + 6 7765518A 4 Bytes [28, D6, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtSetInformationThread + B 7765518F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtUnmapViewOfSection + 6 7765542A 4 Bytes [68, D7, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4060] ntdll.dll!NtUnmapViewOfSection + B 7765542F 1 Byte [E2] ---- Devices - GMER 2.2 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Files - GMER 2.2 ---- File C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb\004424.log 0 bytes ---- EOF - GMER 2.2 ----