GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-05-16 16:12:12 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\0000005d ST500DM0 rev.KC45 465,76GB Running: s5rofv4d.exe; Driver: C:\Users\test\AppData\Local\Temp\aftcraow.sys ---- Kernel code sections - GMER 2.2 ---- .text ntkrnlpa.exe!ZwRenameKey + 1549 83A55F05 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83A90292 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x8D727346] .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA393A300, 0x3B6D8, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA397D300, 0x1BEE, 0xE8000020] ? C:\Users\test\AppData\Local\Temp\gkernel.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 2.2 ---- .text C:\Program Files\Bagsarah\Application\chrome.exe[1612] ntdll.dll!NtMapViewOfSection + 6 774C57F6 4 Bytes [18, B0, 30, 61] .text C:\Program Files\Bagsarah\Application\chrome.exe[1612] ntdll.dll!NtMapViewOfSection + B 774C57FB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[1728] ntdll.dll!NtCreateFile + 6 774C5196 4 Bytes [28, C8, C5, 00] {SUB AL, CL; LDS EAX, [EAX]} .text C:\Program Files\Bagsarah\Application\chrome.exe[1728] ntdll.dll!NtCreateFile + B 774C519B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[1728] ntdll.dll!NtMapViewOfSection + 6 774C57F6 4 Bytes [28, CB, C5, 00] {SUB BL, CL; LDS EAX, [EAX]} .text C:\Program Files\Bagsarah\Application\chrome.exe[1728] ntdll.dll!NtMapViewOfSection + B 774C57FB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[1728] ntdll.dll!NtOpenFile + 6 774C58A6 4 Bytes [68, C8, C5, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[1728] ntdll.dll!NtOpenFile + B 774C58AB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[1728] ntdll.dll!NtOpenProcess + 6 774C5956 4 Bytes [A8, C9, C5, 00] {TEST AL, 0xc9; LDS EAX, [EAX]} .text C:\Program Files\Bagsarah\Application\chrome.exe[1728] ntdll.dll!NtOpenProcess + B 774C595B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[1728] ntdll.dll!NtOpenProcessToken + B 774C596B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[1728] ntdll.dll!NtOpenProcessTokenEx + 6 774C5976 4 Bytes [A8, CA, C5, 00] {TEST AL, 0xca; LDS EAX, [EAX]} .text C:\Program Files\Bagsarah\Application\chrome.exe[1728] ntdll.dll!NtOpenProcessTokenEx + B 774C597B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[1728] ntdll.dll!NtOpenThread + 6 774C59D6 4 Bytes [68, C9, C5, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[1728] ntdll.dll!NtOpenThread + B 774C59DB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[1728] ntdll.dll!NtOpenThreadToken + 6 774C59E6 4 Bytes [68, CA, C5, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[1728] ntdll.dll!NtOpenThreadToken + B 774C59EB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[1728] ntdll.dll!NtOpenThreadTokenEx + B 774C59FB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[1728] ntdll.dll!NtQueryAttributesFile + 6 774C5B06 4 Bytes [A8, C8, C5, 00] {TEST AL, 0xc8; LDS EAX, [EAX]} .text C:\Program Files\Bagsarah\Application\chrome.exe[1728] ntdll.dll!NtQueryAttributesFile + B 774C5B0B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[1728] ntdll.dll!NtQueryFullAttributesFile + B 774C5BBB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[1728] ntdll.dll!NtSetInformationFile + 6 774C6206 4 Bytes [28, C9, C5, 00] {SUB CL, CL; LDS EAX, [EAX]} .text C:\Program Files\Bagsarah\Application\chrome.exe[1728] ntdll.dll!NtSetInformationFile + B 774C620B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[1728] ntdll.dll!NtSetInformationThread + 6 774C6266 4 Bytes [28, CA, C5, 00] {SUB DL, CL; LDS EAX, [EAX]} .text C:\Program Files\Bagsarah\Application\chrome.exe[1728] ntdll.dll!NtSetInformationThread + B 774C626B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[1728] ntdll.dll!NtUnmapViewOfSection + 6 774C6586 4 Bytes [68, CB, C5, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[1728] ntdll.dll!NtUnmapViewOfSection + B 774C658B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[1848] ntdll.dll!NtCreateFile + 6 774C5196 4 Bytes [28, 20, 34, 00] {SUB [EAX], AH; XOR AL, 0x0} .text C:\Program Files\Bagsarah\Application\chrome.exe[1848] ntdll.dll!NtCreateFile + B 774C519B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[1848] ntdll.dll!NtMapViewOfSection + 6 774C57F6 4 Bytes [28, 23, 34, 00] {SUB [EBX], AH; XOR AL, 0x0} .text C:\Program Files\Bagsarah\Application\chrome.exe[1848] ntdll.dll!NtMapViewOfSection + B 774C57FB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[1848] ntdll.dll!NtOpenFile + 6 774C58A6 4 Bytes [68, 20, 34, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[1848] ntdll.dll!NtOpenFile + B 774C58AB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[1848] ntdll.dll!NtOpenProcess + 6 774C5956 4 Bytes [A8, 21, 34, 00] {TEST AL, 0x21; XOR AL, 0x0} .text C:\Program Files\Bagsarah\Application\chrome.exe[1848] ntdll.dll!NtOpenProcess + B 774C595B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[1848] ntdll.dll!NtOpenProcessToken + B 774C596B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[1848] ntdll.dll!NtOpenProcessTokenEx + 6 774C5976 4 Bytes [A8, 22, 34, 00] {TEST AL, 0x22; XOR AL, 0x0} .text C:\Program Files\Bagsarah\Application\chrome.exe[1848] ntdll.dll!NtOpenProcessTokenEx + B 774C597B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[1848] ntdll.dll!NtOpenThread + 6 774C59D6 4 Bytes [68, 21, 34, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[1848] ntdll.dll!NtOpenThread + B 774C59DB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[1848] ntdll.dll!NtOpenThreadToken + 6 774C59E6 4 Bytes [68, 22, 34, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[1848] ntdll.dll!NtOpenThreadToken + B 774C59EB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[1848] ntdll.dll!NtOpenThreadTokenEx + B 774C59FB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[1848] ntdll.dll!NtQueryAttributesFile + 6 774C5B06 4 Bytes [A8, 20, 34, 00] {TEST AL, 0x20; XOR AL, 0x0} .text C:\Program Files\Bagsarah\Application\chrome.exe[1848] ntdll.dll!NtQueryAttributesFile + B 774C5B0B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[1848] ntdll.dll!NtQueryFullAttributesFile + B 774C5BBB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[1848] ntdll.dll!NtSetInformationFile + 6 774C6206 4 Bytes [28, 21, 34, 00] {SUB [ECX], AH; XOR AL, 0x0} .text C:\Program Files\Bagsarah\Application\chrome.exe[1848] ntdll.dll!NtSetInformationFile + B 774C620B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[1848] ntdll.dll!NtSetInformationThread + 6 774C6266 4 Bytes [28, 22, 34, 00] {SUB [EDX], AH; XOR AL, 0x0} .text C:\Program Files\Bagsarah\Application\chrome.exe[1848] ntdll.dll!NtSetInformationThread + B 774C626B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[1848] ntdll.dll!NtUnmapViewOfSection + 6 774C6586 4 Bytes [68, 23, 34, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[1848] ntdll.dll!NtUnmapViewOfSection + B 774C658B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[3736] ntdll.dll!NtCreateFile + 6 774C5196 4 Bytes [28, 04, 99, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[3736] ntdll.dll!NtCreateFile + B 774C519B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[3736] ntdll.dll!NtMapViewOfSection + 6 774C57F6 4 Bytes [28, 07, 99, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[3736] ntdll.dll!NtMapViewOfSection + B 774C57FB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[3736] ntdll.dll!NtOpenFile + 6 774C58A6 4 Bytes [68, 04, 99, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[3736] ntdll.dll!NtOpenFile + B 774C58AB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[3736] ntdll.dll!NtOpenProcess + 6 774C5956 4 Bytes [A8, 05, 99, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[3736] ntdll.dll!NtOpenProcess + B 774C595B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[3736] ntdll.dll!NtOpenProcessToken + B 774C596B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[3736] ntdll.dll!NtOpenProcessTokenEx + 6 774C5976 4 Bytes [A8, 06, 99, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[3736] ntdll.dll!NtOpenProcessTokenEx + B 774C597B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[3736] ntdll.dll!NtOpenThread + 6 774C59D6 4 Bytes [68, 05, 99, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[3736] ntdll.dll!NtOpenThread + B 774C59DB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[3736] ntdll.dll!NtOpenThreadToken + 6 774C59E6 4 Bytes [68, 06, 99, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[3736] ntdll.dll!NtOpenThreadToken + B 774C59EB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[3736] ntdll.dll!NtOpenThreadTokenEx + B 774C59FB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[3736] ntdll.dll!NtQueryAttributesFile + 6 774C5B06 4 Bytes [A8, 04, 99, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[3736] ntdll.dll!NtQueryAttributesFile + B 774C5B0B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[3736] ntdll.dll!NtQueryFullAttributesFile + B 774C5BBB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[3736] ntdll.dll!NtSetInformationFile + 6 774C6206 4 Bytes [28, 05, 99, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[3736] ntdll.dll!NtSetInformationFile + B 774C620B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[3736] ntdll.dll!NtSetInformationThread + 6 774C6266 4 Bytes [28, 06, 99, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[3736] ntdll.dll!NtSetInformationThread + B 774C626B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[3736] ntdll.dll!NtUnmapViewOfSection + 6 774C6586 4 Bytes [68, 07, 99, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[3736] ntdll.dll!NtUnmapViewOfSection + B 774C658B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[3832] ntdll.dll!NtCreateFile + 6 774C5196 4 Bytes [28, 58, 43, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[3832] ntdll.dll!NtCreateFile + B 774C519B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[3832] ntdll.dll!NtMapViewOfSection + 6 774C57F6 4 Bytes [28, 5B, 43, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[3832] ntdll.dll!NtMapViewOfSection + B 774C57FB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[3832] ntdll.dll!NtOpenFile + 6 774C58A6 4 Bytes [68, 58, 43, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[3832] ntdll.dll!NtOpenFile + B 774C58AB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[3832] ntdll.dll!NtOpenProcess + 6 774C5956 4 Bytes [A8, 59, 43, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[3832] ntdll.dll!NtOpenProcess + B 774C595B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[3832] ntdll.dll!NtOpenProcessToken + B 774C596B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[3832] ntdll.dll!NtOpenProcessTokenEx + 6 774C5976 4 Bytes [A8, 5A, 43, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[3832] ntdll.dll!NtOpenProcessTokenEx + B 774C597B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[3832] ntdll.dll!NtOpenThread + 6 774C59D6 4 Bytes [68, 59, 43, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[3832] ntdll.dll!NtOpenThread + B 774C59DB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[3832] ntdll.dll!NtOpenThreadToken + 6 774C59E6 4 Bytes [68, 5A, 43, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[3832] ntdll.dll!NtOpenThreadToken + B 774C59EB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[3832] ntdll.dll!NtOpenThreadTokenEx + B 774C59FB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[3832] ntdll.dll!NtQueryAttributesFile + 6 774C5B06 4 Bytes [A8, 58, 43, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[3832] ntdll.dll!NtQueryAttributesFile + B 774C5B0B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[3832] ntdll.dll!NtQueryFullAttributesFile + B 774C5BBB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[3832] ntdll.dll!NtSetInformationFile + 6 774C6206 4 Bytes [28, 59, 43, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[3832] ntdll.dll!NtSetInformationFile + B 774C620B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[3832] ntdll.dll!NtSetInformationThread + 6 774C6266 4 Bytes [28, 5A, 43, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[3832] ntdll.dll!NtSetInformationThread + B 774C626B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[3832] ntdll.dll!NtUnmapViewOfSection + 6 774C6586 4 Bytes [68, 5B, 43, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[3832] ntdll.dll!NtUnmapViewOfSection + B 774C658B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[4316] ntdll.dll!NtCreateFile + 6 774C5196 4 Bytes [28, 28, DE, 00] {SUB [EAX], CH; FIADD WORD [EAX]} .text C:\Program Files\Bagsarah\Application\chrome.exe[4316] ntdll.dll!NtCreateFile + B 774C519B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[4316] ntdll.dll!NtMapViewOfSection + 6 774C57F6 4 Bytes [28, 2B, DE, 00] {SUB [EBX], CH; FIADD WORD [EAX]} .text C:\Program Files\Bagsarah\Application\chrome.exe[4316] ntdll.dll!NtMapViewOfSection + B 774C57FB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[4316] ntdll.dll!NtOpenFile + 6 774C58A6 4 Bytes [68, 28, DE, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[4316] ntdll.dll!NtOpenFile + B 774C58AB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[4316] ntdll.dll!NtOpenProcess + 6 774C5956 4 Bytes [A8, 29, DE, 00] {TEST AL, 0x29; FIADD WORD [EAX]} .text C:\Program Files\Bagsarah\Application\chrome.exe[4316] ntdll.dll!NtOpenProcess + B 774C595B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[4316] ntdll.dll!NtOpenProcessToken + B 774C596B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[4316] ntdll.dll!NtOpenProcessTokenEx + 6 774C5976 4 Bytes [A8, 2A, DE, 00] {TEST AL, 0x2a; FIADD WORD [EAX]} .text C:\Program Files\Bagsarah\Application\chrome.exe[4316] ntdll.dll!NtOpenProcessTokenEx + B 774C597B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[4316] ntdll.dll!NtOpenThread + 6 774C59D6 4 Bytes [68, 29, DE, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[4316] ntdll.dll!NtOpenThread + B 774C59DB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[4316] ntdll.dll!NtOpenThreadToken + 6 774C59E6 4 Bytes [68, 2A, DE, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[4316] ntdll.dll!NtOpenThreadToken + B 774C59EB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[4316] ntdll.dll!NtOpenThreadTokenEx + B 774C59FB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[4316] ntdll.dll!NtQueryAttributesFile + 6 774C5B06 4 Bytes [A8, 28, DE, 00] {TEST AL, 0x28; FIADD WORD [EAX]} .text C:\Program Files\Bagsarah\Application\chrome.exe[4316] ntdll.dll!NtQueryAttributesFile + B 774C5B0B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[4316] ntdll.dll!NtQueryFullAttributesFile + B 774C5BBB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[4316] ntdll.dll!NtSetInformationFile + 6 774C6206 4 Bytes [28, 29, DE, 00] {SUB [ECX], CH; FIADD WORD [EAX]} .text C:\Program Files\Bagsarah\Application\chrome.exe[4316] ntdll.dll!NtSetInformationFile + B 774C620B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[4316] ntdll.dll!NtSetInformationThread + 6 774C6266 4 Bytes [28, 2A, DE, 00] {SUB [EDX], CH; FIADD WORD [EAX]} .text C:\Program Files\Bagsarah\Application\chrome.exe[4316] ntdll.dll!NtSetInformationThread + B 774C626B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[4316] ntdll.dll!NtUnmapViewOfSection + 6 774C6586 4 Bytes [68, 2B, DE, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[4316] ntdll.dll!NtUnmapViewOfSection + B 774C658B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[4836] ntdll.dll!NtCreateFile + 6 774C5196 4 Bytes [28, 28, 59, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[4836] ntdll.dll!NtCreateFile + B 774C519B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[4836] ntdll.dll!NtMapViewOfSection + 6 774C57F6 4 Bytes [28, 2B, 59, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[4836] ntdll.dll!NtMapViewOfSection + B 774C57FB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[4836] ntdll.dll!NtOpenFile + 6 774C58A6 4 Bytes [68, 28, 59, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[4836] ntdll.dll!NtOpenFile + B 774C58AB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[4836] ntdll.dll!NtOpenProcess + 6 774C5956 4 Bytes [A8, 29, 59, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[4836] ntdll.dll!NtOpenProcess + B 774C595B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[4836] ntdll.dll!NtOpenProcessToken + B 774C596B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[4836] ntdll.dll!NtOpenProcessTokenEx + 6 774C5976 4 Bytes [A8, 2A, 59, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[4836] ntdll.dll!NtOpenProcessTokenEx + B 774C597B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[4836] ntdll.dll!NtOpenThread + 6 774C59D6 4 Bytes [68, 29, 59, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[4836] ntdll.dll!NtOpenThread + B 774C59DB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[4836] ntdll.dll!NtOpenThreadToken + 6 774C59E6 4 Bytes [68, 2A, 59, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[4836] ntdll.dll!NtOpenThreadToken + B 774C59EB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[4836] ntdll.dll!NtOpenThreadTokenEx + B 774C59FB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[4836] ntdll.dll!NtQueryAttributesFile + 6 774C5B06 4 Bytes [A8, 28, 59, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[4836] ntdll.dll!NtQueryAttributesFile + B 774C5B0B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[4836] ntdll.dll!NtQueryFullAttributesFile + B 774C5BBB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[4836] ntdll.dll!NtSetInformationFile + 6 774C6206 4 Bytes [28, 29, 59, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[4836] ntdll.dll!NtSetInformationFile + B 774C620B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[4836] ntdll.dll!NtSetInformationThread + 6 774C6266 4 Bytes [28, 2A, 59, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[4836] ntdll.dll!NtSetInformationThread + B 774C626B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[4836] ntdll.dll!NtUnmapViewOfSection + 6 774C6586 4 Bytes [68, 2B, 59, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[4836] ntdll.dll!NtUnmapViewOfSection + B 774C658B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[5764] ntdll.dll!NtCreateFile + 6 774C5196 4 Bytes [28, B0, 49, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[5764] ntdll.dll!NtCreateFile + B 774C519B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[5764] ntdll.dll!NtMapViewOfSection + 6 774C57F6 4 Bytes [28, B3, 49, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[5764] ntdll.dll!NtMapViewOfSection + B 774C57FB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[5764] ntdll.dll!NtOpenFile + 6 774C58A6 4 Bytes [68, B0, 49, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[5764] ntdll.dll!NtOpenFile + B 774C58AB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[5764] ntdll.dll!NtOpenProcess + 6 774C5956 4 Bytes [A8, B1, 49, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[5764] ntdll.dll!NtOpenProcess + B 774C595B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[5764] ntdll.dll!NtOpenProcessToken + B 774C596B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[5764] ntdll.dll!NtOpenProcessTokenEx + 6 774C5976 4 Bytes [A8, B2, 49, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[5764] ntdll.dll!NtOpenProcessTokenEx + B 774C597B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[5764] ntdll.dll!NtOpenThread + 6 774C59D6 4 Bytes [68, B1, 49, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[5764] ntdll.dll!NtOpenThread + B 774C59DB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[5764] ntdll.dll!NtOpenThreadToken + 6 774C59E6 4 Bytes [68, B2, 49, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[5764] ntdll.dll!NtOpenThreadToken + B 774C59EB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[5764] ntdll.dll!NtOpenThreadTokenEx + B 774C59FB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[5764] ntdll.dll!NtQueryAttributesFile + 6 774C5B06 4 Bytes [A8, B0, 49, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[5764] ntdll.dll!NtQueryAttributesFile + B 774C5B0B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[5764] ntdll.dll!NtQueryFullAttributesFile + B 774C5BBB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[5764] ntdll.dll!NtSetInformationFile + 6 774C6206 4 Bytes [28, B1, 49, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[5764] ntdll.dll!NtSetInformationFile + B 774C620B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[5764] ntdll.dll!NtSetInformationThread + 6 774C6266 4 Bytes [28, B2, 49, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[5764] ntdll.dll!NtSetInformationThread + B 774C626B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[5764] ntdll.dll!NtUnmapViewOfSection + 6 774C6586 4 Bytes [68, B3, 49, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[5764] ntdll.dll!NtUnmapViewOfSection + B 774C658B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[6060] ntdll.dll!NtCreateFile + 6 774C5196 4 Bytes [28, 00, F2, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[6060] ntdll.dll!NtCreateFile + B 774C519B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[6060] ntdll.dll!NtMapViewOfSection + 6 774C57F6 1 Byte [28] .text C:\Program Files\Bagsarah\Application\chrome.exe[6060] ntdll.dll!NtMapViewOfSection + 6 774C57F6 4 Bytes [28, 03, F2, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[6060] ntdll.dll!NtMapViewOfSection + B 774C57FB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[6060] ntdll.dll!NtOpenFile + 6 774C58A6 4 Bytes [68, 00, F2, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[6060] ntdll.dll!NtOpenFile + B 774C58AB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[6060] ntdll.dll!NtOpenProcess + 6 774C5956 4 Bytes [A8, 01, F2, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[6060] ntdll.dll!NtOpenProcess + B 774C595B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[6060] ntdll.dll!NtOpenProcessToken + B 774C596B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[6060] ntdll.dll!NtOpenProcessTokenEx + 6 774C5976 4 Bytes [A8, 02, F2, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[6060] ntdll.dll!NtOpenProcessTokenEx + B 774C597B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[6060] ntdll.dll!NtOpenThread + 6 774C59D6 4 Bytes [68, 01, F2, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[6060] ntdll.dll!NtOpenThread + B 774C59DB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[6060] ntdll.dll!NtOpenThreadToken + 6 774C59E6 4 Bytes [68, 02, F2, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[6060] ntdll.dll!NtOpenThreadToken + B 774C59EB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[6060] ntdll.dll!NtOpenThreadTokenEx + B 774C59FB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[6060] ntdll.dll!NtQueryAttributesFile + 6 774C5B06 4 Bytes [A8, 00, F2, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[6060] ntdll.dll!NtQueryAttributesFile + B 774C5B0B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[6060] ntdll.dll!NtQueryFullAttributesFile + B 774C5BBB 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[6060] ntdll.dll!NtSetInformationFile + 6 774C6206 4 Bytes [28, 01, F2, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[6060] ntdll.dll!NtSetInformationFile + B 774C620B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[6060] ntdll.dll!NtSetInformationThread + 6 774C6266 4 Bytes [28, 02, F2, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[6060] ntdll.dll!NtSetInformationThread + B 774C626B 1 Byte [E2] .text C:\Program Files\Bagsarah\Application\chrome.exe[6060] ntdll.dll!NtUnmapViewOfSection + 6 774C6586 1 Byte [68] .text C:\Program Files\Bagsarah\Application\chrome.exe[6060] ntdll.dll!NtUnmapViewOfSection + 6 774C6586 4 Bytes [68, 03, F2, 00] .text C:\Program Files\Bagsarah\Application\chrome.exe[6060] ntdll.dll!NtUnmapViewOfSection + B 774C658B 1 Byte [E2] ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [737F5625] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23721_none_5c052bcda00f9399\gdiplus.dll IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [737F56E3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23721_none_5c052bcda00f9399\gdiplus.dll IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7381248C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23721_none_5c052bcda00f9399\gdiplus.dll IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73812507] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23721_none_5c052bcda00f9399\gdiplus.dll IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7380856B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23721_none_5c052bcda00f9399\gdiplus.dll IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73804D1E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23721_none_5c052bcda00f9399\gdiplus.dll IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [738050C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23721_none_5c052bcda00f9399\gdiplus.dll IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7380519A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23721_none_5c052bcda00f9399\gdiplus.dll IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [738066C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23721_none_5c052bcda00f9399\gdiplus.dll IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [738082C2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23721_none_5c052bcda00f9399\gdiplus.dll IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73808811] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23721_none_5c052bcda00f9399\gdiplus.dll IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73809072] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23721_none_5c052bcda00f9399\gdiplus.dll IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7380E215] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23721_none_5c052bcda00f9399\gdiplus.dll IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73804C50] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23721_none_5c052bcda00f9399\gdiplus.dll ---- Devices - GMER 2.2 ---- Device \FileSystem\Ntfs \Ntfs 865DD1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{9A36F137-8C5B-46BE-A049-55F2E84E2D8D} 877FD1F8 Device \Driver\usbohci \Device\USBPDO-0 878811F8 Device \Driver\usbehci \Device\USBPDO-1 878841F8 Device \Driver\USBSTOR \Device\00000070 877A91F8 Device \Driver\cdrom \Device\CdRom0 877931F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 865D91F8 Device \Driver\atapi \Device\Ide\IdePort0 865D91F8 Device \Driver\atapi \Device\Ide\IdePort1 865D91F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 877FD1F8 Device \Driver\nvstor32 \Device\RaidPort0 865DB1F8 Device \Driver\nvstor32 \Device\0000005d 865DB1F8 Device \Driver\nvstor32 \Device\RaidPort1 865DB1F8 Device \Driver\USBSTOR \Device\0000006c 877A91F8 Device \Driver\usbohci \Device\USBFDO-0 878811F8 Device \Driver\USBSTOR \Device\0000006d 877A91F8 Device \Driver\usbehci \Device\USBFDO-1 878841F8 Device \Driver\USBSTOR \Device\0000006e 877A91F8 Device \Driver\USBSTOR \Device\0000006f 877A91F8 ---- Trace I/O - GMER 2.2 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x865db1f8]<< 865db1f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87674030] 87674030 Trace 3 CLASSPNP.SYS[8def259e] -> nt!IofCallDriver -> [0x8659ef08] 8659ef08 Trace 5 ACPI.sys[8d74a3d4] -> nt!IofCallDriver -> \Device\0000005d[0x8737eb60] 8737eb60 Trace \Driver\nvstor32[0x86635138] -> IRP_MJ_CREATE -> 0x865db1f8 865db1f8 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x85 0xB3 0x91 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x85 0xB3 0x91 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\PerfTrack\ScenarioOccurrences\22@OccurrencesLessThanOrEqualTo100ScaledTPI 3424 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\PerfTrack\ScenarioOccurrences\22@TotalOccurrences 5622 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@329F2989 6929 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ... ---- EOF - GMER 2.2 ----