GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-03-07 23:53:40 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVT-80A23T0 rev.01.01A01 Running: 3zohqtgk.exe; Driver: C:\Users\Mateusz\AppData\Local\Temp\pwriifow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13D1 8204B369 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82084D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 1.0.15 ---- .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtCreateFile + 6 776955CE 4 Bytes [28, 00, 4B, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtCreateFile + B 776955D3 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtMapViewOfSection + 6 77695C2E 1 Byte [28] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtMapViewOfSection + 6 77695C2E 4 Bytes [28, 03, 4B, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtMapViewOfSection + B 77695C33 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtOpenFile + 6 77695CDE 4 Bytes [68, 00, 4B, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtOpenFile + B 77695CE3 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtOpenProcess + 6 77695D8E 4 Bytes [A8, 01, 4B, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtOpenProcess + B 77695D93 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtOpenProcessToken + 6 77695D9E 4 Bytes CALL 7669A8A4 C:\windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtOpenProcessToken + B 77695DA3 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtOpenProcessTokenEx + 6 77695DAE 4 Bytes [A8, 02, 4B, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtOpenProcessTokenEx + B 77695DB3 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtOpenThread + 6 77695E0E 4 Bytes [68, 01, 4B, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtOpenThread + B 77695E13 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtOpenThreadToken + 6 77695E1E 4 Bytes [68, 02, 4B, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtOpenThreadToken + B 77695E23 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtOpenThreadTokenEx + 6 77695E2E 4 Bytes CALL 7669A935 C:\windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtOpenThreadTokenEx + B 77695E33 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtQueryAttributesFile + 6 77695F3E 4 Bytes [A8, 00, 4B, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtQueryAttributesFile + B 77695F43 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtQueryFullAttributesFile + 6 77695FEE 4 Bytes CALL 7669AAF3 C:\windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtQueryFullAttributesFile + B 77695FF3 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtSetInformationFile + 6 7769663E 4 Bytes [28, 01, 4B, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtSetInformationFile + B 77696643 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtSetInformationThread + 6 7769669E 4 Bytes [28, 02, 4B, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtSetInformationThread + B 776966A3 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtUnmapViewOfSection + 6 776969BE 1 Byte [68] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtUnmapViewOfSection + 6 776969BE 4 Bytes [68, 03, 4B, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtUnmapViewOfSection + B 776969C3 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtCreateFile + 6 776955CE 4 Bytes [28, 00, 4B, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtCreateFile + B 776955D3 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtMapViewOfSection + 6 77695C2E 1 Byte [28] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtMapViewOfSection + 6 77695C2E 4 Bytes [28, 03, 4B, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtMapViewOfSection + B 77695C33 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenFile + 6 77695CDE 4 Bytes [68, 00, 4B, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenFile + B 77695CE3 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenProcess + 6 77695D8E 4 Bytes [A8, 01, 4B, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenProcess + B 77695D93 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenProcessToken + 6 77695D9E 4 Bytes CALL 7669A8A4 C:\windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenProcessToken + B 77695DA3 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenProcessTokenEx + 6 77695DAE 4 Bytes [A8, 02, 4B, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenProcessTokenEx + B 77695DB3 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenThread + 6 77695E0E 4 Bytes [68, 01, 4B, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenThread + B 77695E13 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenThreadToken + 6 77695E1E 4 Bytes [68, 02, 4B, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenThreadToken + B 77695E23 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenThreadTokenEx + 6 77695E2E 4 Bytes CALL 7669A935 C:\windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenThreadTokenEx + B 77695E33 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtQueryAttributesFile + 6 77695F3E 4 Bytes [A8, 00, 4B, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtQueryAttributesFile + B 77695F43 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtQueryFullAttributesFile + 6 77695FEE 4 Bytes CALL 7669AAF3 C:\windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtQueryFullAttributesFile + B 77695FF3 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtSetInformationFile + 6 7769663E 4 Bytes [28, 01, 4B, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtSetInformationFile + B 77696643 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtSetInformationThread + 6 7769669E 4 Bytes [28, 02, 4B, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtSetInformationThread + B 776966A3 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtUnmapViewOfSection + 6 776969BE 1 Byte [68] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtUnmapViewOfSection + 6 776969BE 4 Bytes [68, 03, 4B, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtUnmapViewOfSection + B 776969C3 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[4736] ntdll.dll!NtCreateFile + 6 776955CE 4 Bytes [28, 00, 36, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[4736] ntdll.dll!NtCreateFile + B 776955D3 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[4736] ntdll.dll!NtMapViewOfSection + 6 77695C2E 1 Byte [28] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[4736] ntdll.dll!NtMapViewOfSection + 6 77695C2E 4 Bytes [28, 03, 36, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[4736] ntdll.dll!NtMapViewOfSection + B 77695C33 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[4736] ntdll.dll!NtOpenFile + 6 77695CDE 4 Bytes [68, 00, 36, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[4736] ntdll.dll!NtOpenFile + B 77695CE3 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[4736] ntdll.dll!NtOpenProcess + 6 77695D8E 4 Bytes [A8, 01, 36, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[4736] ntdll.dll!NtOpenProcess + B 77695D93 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[4736] ntdll.dll!NtOpenProcessToken + 6 77695D9E 4 Bytes CALL 766993A4 C:\windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[4736] ntdll.dll!NtOpenProcessToken + B 77695DA3 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[4736] ntdll.dll!NtOpenProcessTokenEx + 6 77695DAE 4 Bytes [A8, 02, 36, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[4736] ntdll.dll!NtOpenProcessTokenEx + B 77695DB3 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[4736] ntdll.dll!NtOpenThread + 6 77695E0E 4 Bytes [68, 01, 36, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[4736] ntdll.dll!NtOpenThread + B 77695E13 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[4736] ntdll.dll!NtOpenThreadToken + 6 77695E1E 4 Bytes [68, 02, 36, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[4736] ntdll.dll!NtOpenThreadToken + B 77695E23 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[4736] ntdll.dll!NtOpenThreadTokenEx + 6 77695E2E 4 Bytes CALL 76699435 C:\windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[4736] ntdll.dll!NtOpenThreadTokenEx + B 77695E33 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[4736] ntdll.dll!NtQueryAttributesFile + 6 77695F3E 4 Bytes [A8, 00, 36, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[4736] ntdll.dll!NtQueryAttributesFile + B 77695F43 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[4736] ntdll.dll!NtQueryFullAttributesFile + 6 77695FEE 4 Bytes CALL 766995F3 C:\windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[4736] ntdll.dll!NtQueryFullAttributesFile + B 77695FF3 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[4736] ntdll.dll!NtSetInformationFile + 6 7769663E 4 Bytes [28, 01, 36, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[4736] ntdll.dll!NtSetInformationFile + B 77696643 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[4736] ntdll.dll!NtSetInformationThread + 6 7769669E 4 Bytes [28, 02, 36, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[4736] ntdll.dll!NtSetInformationThread + B 776966A3 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[4736] ntdll.dll!NtUnmapViewOfSection + 6 776969BE 1 Byte [68] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[4736] ntdll.dll!NtUnmapViewOfSection + 6 776969BE 4 Bytes [68, 03, 36, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[4736] ntdll.dll!NtUnmapViewOfSection + B 776969C3 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[5992] ntdll.dll!NtCreateFile + 6 776955CE 4 Bytes [28, 00, 4B, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[5992] ntdll.dll!NtCreateFile + B 776955D3 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[5992] ntdll.dll!NtMapViewOfSection + 6 77695C2E 1 Byte [28] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[5992] ntdll.dll!NtMapViewOfSection + 6 77695C2E 4 Bytes [28, 03, 4B, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[5992] ntdll.dll!NtMapViewOfSection + B 77695C33 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[5992] ntdll.dll!NtOpenFile + 6 77695CDE 4 Bytes [68, 00, 4B, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[5992] ntdll.dll!NtOpenFile + B 77695CE3 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[5992] ntdll.dll!NtOpenProcess + 6 77695D8E 4 Bytes [A8, 01, 4B, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[5992] ntdll.dll!NtOpenProcess + B 77695D93 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[5992] ntdll.dll!NtOpenProcessToken + 6 77695D9E 4 Bytes CALL 7669A8A4 C:\windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[5992] ntdll.dll!NtOpenProcessToken + B 77695DA3 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[5992] ntdll.dll!NtOpenProcessTokenEx + 6 77695DAE 4 Bytes [A8, 02, 4B, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[5992] ntdll.dll!NtOpenProcessTokenEx + B 77695DB3 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[5992] ntdll.dll!NtOpenThread + 6 77695E0E 4 Bytes [68, 01, 4B, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[5992] ntdll.dll!NtOpenThread + B 77695E13 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[5992] ntdll.dll!NtOpenThreadToken + 6 77695E1E 4 Bytes [68, 02, 4B, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[5992] ntdll.dll!NtOpenThreadToken + B 77695E23 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[5992] ntdll.dll!NtOpenThreadTokenEx + 6 77695E2E 4 Bytes CALL 7669A935 C:\windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[5992] ntdll.dll!NtOpenThreadTokenEx + B 77695E33 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[5992] ntdll.dll!NtQueryAttributesFile + 6 77695F3E 4 Bytes [A8, 00, 4B, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[5992] ntdll.dll!NtQueryAttributesFile + B 77695F43 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[5992] ntdll.dll!NtQueryFullAttributesFile + 6 77695FEE 4 Bytes CALL 7669AAF3 C:\windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[5992] ntdll.dll!NtQueryFullAttributesFile + B 77695FF3 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[5992] ntdll.dll!NtSetInformationFile + 6 7769663E 4 Bytes [28, 01, 4B, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[5992] ntdll.dll!NtSetInformationFile + B 77696643 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[5992] ntdll.dll!NtSetInformationThread + 6 7769669E 4 Bytes [28, 02, 4B, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[5992] ntdll.dll!NtSetInformationThread + B 776966A3 1 Byte [E2] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[5992] ntdll.dll!NtUnmapViewOfSection + 6 776969BE 1 Byte [68] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[5992] ntdll.dll!NtUnmapViewOfSection + 6 776969BE 4 Bytes [68, 03, 4B, 00] .text C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe[5992] ntdll.dll!NtUnmapViewOfSection + B 776969C3 1 Byte [E2] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3368] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7571FFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3368] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7571FFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3368] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7571FFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3368] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7571FFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3368] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7571FFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3368] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [7571FFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000043 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dab1458 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dacfcd7 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dacfcd7@a8f274dd94e4 0xE7 0x42 0x93 0x94 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dab1458 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dacfcd7 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dacfcd7@a8f274dd94e4 0xE7 0x42 0x93 0x94 ... ---- EOF - GMER 1.0.15 ----