GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-04-12 15:53:53 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0 232,89GB Running: qb2l490o.exe; Driver: C:\Users\Artur\AppData\Local\Temp\kwtorpog.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtMapViewOfSection + 6 774B497A 4 Bytes [18, F0, 39, 6E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtMapViewOfSection + B 774B497F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtCreateFile + 6 774B422A 4 Bytes [28, 00, C4, 00] {SUB [EAX], AL; LES EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtCreateFile + B 774B422F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtMapViewOfSection + 6 774B497A 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtMapViewOfSection + 6 774B497A 4 Bytes [28, 03, C4, 00] {SUB [EBX], AL; LES EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtMapViewOfSection + B 774B497F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenFile + 6 774B4A0A 4 Bytes [68, 00, C4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenFile + B 774B4A0F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenProcess + 6 774B4A8A 4 Bytes [A8, 01, C4, 00] {TEST AL, 0x1; LES EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenProcess + B 774B4A8F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenProcessToken + B 774B4A9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenProcessTokenEx + 6 774B4AAA 4 Bytes [A8, 02, C4, 00] {TEST AL, 0x2; LES EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenProcessTokenEx + B 774B4AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenThread + 6 774B4AFA 4 Bytes [68, 01, C4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenThread + B 774B4AFF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenThreadToken + 6 774B4B0A 4 Bytes [68, 02, C4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenThreadToken + B 774B4B0F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenThreadTokenEx + B 774B4B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtQueryAttributesFile + 6 774B4BAA 4 Bytes [A8, 00, C4, 00] {TEST AL, 0x0; LES EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtQueryAttributesFile + B 774B4BAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtQueryFullAttributesFile + B 774B4C5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtSetInformationFile + 6 774B513A 4 Bytes [28, 01, C4, 00] {SUB [ECX], AL; LES EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtSetInformationFile + B 774B513F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtSetInformationThread + 6 774B518A 4 Bytes [28, 02, C4, 00] {SUB [EDX], AL; LES EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtSetInformationThread + B 774B518F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtUnmapViewOfSection + 6 774B542A 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtUnmapViewOfSection + 6 774B542A 4 Bytes [68, 03, C4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtUnmapViewOfSection + B 774B542F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtCreateFile + 6 774B422A 4 Bytes [28, D0, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtCreateFile + B 774B422F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtMapViewOfSection + 6 774B497A 4 Bytes [28, D3, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtMapViewOfSection + B 774B497F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtOpenFile + 6 774B4A0A 4 Bytes [68, D0, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtOpenFile + B 774B4A0F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtOpenProcess + 6 774B4A8A 4 Bytes [A8, D1, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtOpenProcess + B 774B4A8F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtOpenProcessToken + B 774B4A9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtOpenProcessTokenEx + 6 774B4AAA 4 Bytes [A8, D2, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtOpenProcessTokenEx + B 774B4AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtOpenThread + 6 774B4AFA 4 Bytes [68, D1, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtOpenThread + B 774B4AFF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtOpenThreadToken + 6 774B4B0A 4 Bytes [68, D2, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtOpenThreadToken + B 774B4B0F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtOpenThreadTokenEx + B 774B4B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtQueryAttributesFile + 6 774B4BAA 4 Bytes [A8, D0, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtQueryAttributesFile + B 774B4BAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtQueryFullAttributesFile + B 774B4C5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtSetInformationFile + 6 774B513A 4 Bytes [28, D1, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtSetInformationFile + B 774B513F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtSetInformationThread + 6 774B518A 4 Bytes [28, D2, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtSetInformationThread + B 774B518F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtUnmapViewOfSection + 6 774B542A 4 Bytes [68, D3, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1164] ntdll.dll!NtUnmapViewOfSection + B 774B542F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtCreateFile + 6 774B422A 4 Bytes [28, 5C, D1, 00] {SUB [ECX+EDX*8+0x0], BL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtCreateFile + B 774B422F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtMapViewOfSection + 6 774B497A 4 Bytes [28, 5F, D1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtMapViewOfSection + B 774B497F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtOpenFile + 6 774B4A0A 4 Bytes [68, 5C, D1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtOpenFile + B 774B4A0F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtOpenProcess + 6 774B4A8A 4 Bytes [A8, 5D, D1, 00] {TEST AL, 0x5d; ROL DWORD [EAX], 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtOpenProcess + B 774B4A8F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtOpenProcessToken + B 774B4A9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtOpenProcessTokenEx + 6 774B4AAA 4 Bytes [A8, 5E, D1, 00] {TEST AL, 0x5e; ROL DWORD [EAX], 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtOpenProcessTokenEx + B 774B4AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtOpenThread + 6 774B4AFA 4 Bytes [68, 5D, D1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtOpenThread + B 774B4AFF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtOpenThreadToken + 6 774B4B0A 4 Bytes [68, 5E, D1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtOpenThreadToken + B 774B4B0F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtOpenThreadTokenEx + B 774B4B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtQueryAttributesFile + 6 774B4BAA 4 Bytes [A8, 5C, D1, 00] {TEST AL, 0x5c; ROL DWORD [EAX], 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtQueryAttributesFile + B 774B4BAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtQueryFullAttributesFile + B 774B4C5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtSetInformationFile + 6 774B513A 4 Bytes [28, 5D, D1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtSetInformationFile + B 774B513F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtSetInformationThread + 6 774B518A 4 Bytes [28, 5E, D1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtSetInformationThread + B 774B518F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtUnmapViewOfSection + 6 774B542A 4 Bytes [68, 5F, D1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtUnmapViewOfSection + B 774B542F 1 Byte [E2] ---- EOF - GMER 2.2 ----