GMER 2.0.18444 - http://www.gmer.net Rootkit scan 2013-01-12 00:50:30 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS541612J9SA00 rev.SBDOC7DP 111,79GB Running: 0iv0ofb9.exe; Driver: C:\Users\Lolitka\AppData\Local\Temp\pxldapod.sys ---- Kernel code sections - GMER 2.0 ---- .text ntoskrnl.exe!ZwRollbackTransaction + 13E9 8346E899 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8348E312 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 2.0 ---- .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[592] ntdll.dll!NtCreateFile + 6 771646B6 4 Bytes [28, 5C, 51, 00] {SUB [ECX+EDX*2+0x0], BL} .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[592] ntdll.dll!NtCreateFile + B 771646BB 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[592] ntdll.dll!NtMapViewOfSection + 6 77164D16 4 Bytes [28, 5F, 51, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[592] ntdll.dll!NtMapViewOfSection + B 77164D1B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[592] ntdll.dll!NtOpenFile + 6 77164DC6 4 Bytes [68, 5C, 51, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[592] ntdll.dll!NtOpenFile + B 77164DCB 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[592] ntdll.dll!NtOpenProcess + 6 77164E76 4 Bytes [A8, 5D, 51, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[592] ntdll.dll!NtOpenProcess + B 77164E7B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[592] ntdll.dll!NtOpenProcessToken + B 77164E8B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[592] ntdll.dll!NtOpenProcessTokenEx + 6 77164E96 4 Bytes [A8, 5E, 51, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[592] ntdll.dll!NtOpenProcessTokenEx + B 77164E9B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[592] ntdll.dll!NtOpenThread + 6 77164EF6 4 Bytes [68, 5D, 51, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[592] ntdll.dll!NtOpenThread + B 77164EFB 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[592] ntdll.dll!NtOpenThreadToken + 6 77164F06 4 Bytes [68, 5E, 51, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[592] ntdll.dll!NtOpenThreadToken + B 77164F0B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[592] ntdll.dll!NtOpenThreadTokenEx + B 77164F1B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[592] ntdll.dll!NtQueryAttributesFile + 6 77165026 4 Bytes [A8, 5C, 51, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[592] ntdll.dll!NtQueryAttributesFile + B 7716502B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[592] ntdll.dll!NtQueryFullAttributesFile + B 771650DB 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[592] ntdll.dll!NtSetInformationFile + 6 77165726 4 Bytes [28, 5D, 51, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[592] ntdll.dll!NtSetInformationFile + B 7716572B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[592] ntdll.dll!NtSetInformationThread + 6 77165786 4 Bytes [28, 5E, 51, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[592] ntdll.dll!NtSetInformationThread + B 7716578B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[592] ntdll.dll!NtUnmapViewOfSection + 6 77165AA6 4 Bytes [68, 5F, 51, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[592] ntdll.dll!NtUnmapViewOfSection + B 77165AAB 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[824] ntdll.dll!NtCreateFile + 6 771646B6 4 Bytes [28, 8C, 61, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[824] ntdll.dll!NtCreateFile + B 771646BB 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[824] ntdll.dll!NtMapViewOfSection + 6 77164D16 4 Bytes [28, 8F, 61, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[824] ntdll.dll!NtMapViewOfSection + B 77164D1B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[824] ntdll.dll!NtOpenFile + 6 77164DC6 4 Bytes [68, 8C, 61, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[824] ntdll.dll!NtOpenFile + B 77164DCB 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[824] ntdll.dll!NtOpenProcess + 6 77164E76 4 Bytes [A8, 8D, 61, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[824] ntdll.dll!NtOpenProcess + B 77164E7B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[824] ntdll.dll!NtOpenProcessToken + B 77164E8B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[824] ntdll.dll!NtOpenProcessTokenEx + 6 77164E96 4 Bytes [A8, 8E, 61, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[824] ntdll.dll!NtOpenProcessTokenEx + B 77164E9B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[824] ntdll.dll!NtOpenThread + 6 77164EF6 4 Bytes [68, 8D, 61, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[824] ntdll.dll!NtOpenThread + B 77164EFB 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[824] ntdll.dll!NtOpenThreadToken + 6 77164F06 4 Bytes [68, 8E, 61, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[824] ntdll.dll!NtOpenThreadToken + B 77164F0B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[824] ntdll.dll!NtOpenThreadTokenEx + B 77164F1B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[824] ntdll.dll!NtQueryAttributesFile + 6 77165026 4 Bytes [A8, 8C, 61, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[824] ntdll.dll!NtQueryAttributesFile + B 7716502B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[824] ntdll.dll!NtQueryFullAttributesFile + B 771650DB 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[824] ntdll.dll!NtSetInformationFile + 6 77165726 4 Bytes [28, 8D, 61, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[824] ntdll.dll!NtSetInformationFile + B 7716572B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[824] ntdll.dll!NtSetInformationThread + 6 77165786 4 Bytes [28, 8E, 61, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[824] ntdll.dll!NtSetInformationThread + B 7716578B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[824] ntdll.dll!NtUnmapViewOfSection + 6 77165AA6 4 Bytes [68, 8F, 61, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[824] ntdll.dll!NtUnmapViewOfSection + B 77165AAB 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtCreateFile + 6 771646B6 4 Bytes [28, D8, BA, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtCreateFile + B 771646BB 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtMapViewOfSection + 6 77164D16 4 Bytes [28, DB, BA, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtMapViewOfSection + B 77164D1B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenFile + 6 77164DC6 4 Bytes [68, D8, BA, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenFile + B 77164DCB 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenProcess + 6 77164E76 4 Bytes [A8, D9, BA, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenProcess + B 77164E7B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenProcessToken + B 77164E8B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenProcessTokenEx + 6 77164E96 4 Bytes [A8, DA, BA, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenProcessTokenEx + B 77164E9B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenThread + 6 77164EF6 4 Bytes [68, D9, BA, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenThread + B 77164EFB 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenThreadToken + 6 77164F06 4 Bytes [68, DA, BA, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenThreadToken + B 77164F0B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenThreadTokenEx + B 77164F1B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtQueryAttributesFile + 6 77165026 4 Bytes [A8, D8, BA, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtQueryAttributesFile + B 7716502B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtQueryFullAttributesFile + B 771650DB 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtSetInformationFile + 6 77165726 4 Bytes [28, D9, BA, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtSetInformationFile + B 7716572B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtSetInformationThread + 6 77165786 4 Bytes [28, DA, BA, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtSetInformationThread + B 7716578B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtUnmapViewOfSection + 6 77165AA6 4 Bytes [68, DB, BA, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtUnmapViewOfSection + B 77165AAB 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtCreateFile + 6 771646B6 4 Bytes [28, 48, 85, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtCreateFile + B 771646BB 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtMapViewOfSection + 6 77164D16 4 Bytes [28, 4B, 85, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtMapViewOfSection + B 77164D1B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtOpenFile + 6 77164DC6 4 Bytes [68, 48, 85, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtOpenFile + B 77164DCB 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtOpenProcess + 6 77164E76 4 Bytes [A8, 49, 85, 00] {TEST AL, 0x49; TEST [EAX], EAX} .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtOpenProcess + B 77164E7B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtOpenProcessToken + B 77164E8B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtOpenProcessTokenEx + 6 77164E96 4 Bytes [A8, 4A, 85, 00] {TEST AL, 0x4a; TEST [EAX], EAX} .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtOpenProcessTokenEx + B 77164E9B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtOpenThread + 6 77164EF6 4 Bytes [68, 49, 85, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtOpenThread + B 77164EFB 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtOpenThreadToken + 6 77164F06 4 Bytes [68, 4A, 85, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtOpenThreadToken + B 77164F0B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtOpenThreadTokenEx + B 77164F1B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtQueryAttributesFile + 6 77165026 4 Bytes [A8, 48, 85, 00] {TEST AL, 0x48; TEST [EAX], EAX} .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtQueryAttributesFile + B 7716502B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtQueryFullAttributesFile + B 771650DB 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtSetInformationFile + 6 77165726 4 Bytes [28, 49, 85, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtSetInformationFile + B 7716572B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtSetInformationThread + 6 77165786 4 Bytes [28, 4A, 85, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtSetInformationThread + B 7716578B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtUnmapViewOfSection + 6 77165AA6 4 Bytes [68, 4B, 85, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtUnmapViewOfSection + B 77165AAB 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtCreateFile + 6 771646B6 4 Bytes [28, 8C, 50, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtCreateFile + B 771646BB 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtMapViewOfSection + 6 77164D16 4 Bytes [28, 8F, 50, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtMapViewOfSection + B 77164D1B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenFile + 6 77164DC6 4 Bytes [68, 8C, 50, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenFile + B 77164DCB 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenProcess + 6 77164E76 4 Bytes [A8, 8D, 50, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenProcess + B 77164E7B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenProcessToken + B 77164E8B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenProcessTokenEx + 6 77164E96 4 Bytes [A8, 8E, 50, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenProcessTokenEx + B 77164E9B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenThread + 6 77164EF6 4 Bytes [68, 8D, 50, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenThread + B 77164EFB 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenThreadToken + 6 77164F06 4 Bytes [68, 8E, 50, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenThreadToken + B 77164F0B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenThreadTokenEx + B 77164F1B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtQueryAttributesFile + 6 77165026 4 Bytes [A8, 8C, 50, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtQueryAttributesFile + B 7716502B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtQueryFullAttributesFile + B 771650DB 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtSetInformationFile + 6 77165726 4 Bytes [28, 8D, 50, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtSetInformationFile + B 7716572B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtSetInformationThread + 6 77165786 4 Bytes [28, 8E, 50, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtSetInformationThread + B 7716578B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtUnmapViewOfSection + 6 77165AA6 4 Bytes [68, 8F, 50, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtUnmapViewOfSection + B 77165AAB 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtCreateFile + 6 771646B6 4 Bytes [28, A8, A1, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtCreateFile + B 771646BB 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtMapViewOfSection + 6 77164D16 4 Bytes [28, AB, A1, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtMapViewOfSection + B 77164D1B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenFile + 6 77164DC6 4 Bytes [68, A8, A1, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenFile + B 77164DCB 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenProcess + 6 77164E76 4 Bytes [A8, A9, A1, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenProcess + B 77164E7B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenProcessToken + B 77164E8B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenProcessTokenEx + 6 77164E96 4 Bytes [A8, AA, A1, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenProcessTokenEx + B 77164E9B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenThread + 6 77164EF6 4 Bytes [68, A9, A1, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenThread + B 77164EFB 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenThreadToken + 6 77164F06 4 Bytes [68, AA, A1, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenThreadToken + B 77164F0B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenThreadTokenEx + B 77164F1B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtQueryAttributesFile + 6 77165026 4 Bytes [A8, A8, A1, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtQueryAttributesFile + B 7716502B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtQueryFullAttributesFile + B 771650DB 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtSetInformationFile + 6 77165726 4 Bytes [28, A9, A1, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtSetInformationFile + B 7716572B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtSetInformationThread + 6 77165786 4 Bytes [28, AA, A1, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtSetInformationThread + B 7716578B 1 Byte [E2] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtUnmapViewOfSection + 6 77165AA6 4 Bytes [68, AB, A1, 00] .text C:\Users\Lolitka\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtUnmapViewOfSection + B 77165AAB 1 Byte [E2] ---- User IAT/EAT - GMER 2.0 ---- IAT C:\Windows\Explorer.EXE[3728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [735324FA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7351565B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73515719] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73532575] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [735285D9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73524D8D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73525134] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73525209] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73526736] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73528330] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [7352887F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [735290E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7352E283] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73524CBF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x93 0x47 0x38 0x3F ... Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x44 0xB8 0x2E 0x5F ... Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xBA 0xA6 0xCB 0x0B ... Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBF 0x8A 0x24 0x8E ... Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x02 0x46 0xF8 0xEF ... Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x39 0xBE 0x45 0x3F ... Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xCF 0x84 0x7E 0x0E ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158315a2b5 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158315a2b5@0017e4d80340 0x28 0xAF 0xA7 0x29 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9A 0x03 0xB8 0xF2 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBF 0x8A 0x24 0x8E ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x02 0x46 0xF8 0xEF ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x39 0xBE 0x45 0x3F ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xCF 0x84 0x7E 0x0E ... Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\00158315a2b5 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\00158315a2b5@0017e4d80340 0x28 0xAF 0xA7 0x29 ... Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9A 0x03 0xB8 0xF2 ... Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBF 0x8A 0x24 0x8E ... Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x02 0x46 0xF8 0xEF ... Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x39 0xBE 0x45 0x3F ... Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xCF 0x84 0x7E 0x0E ... ---- EOF - GMER 2.0 ----