GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-10-05 02:36:49 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD2500BEVS-75UST0 rev.01.01A01 232,89GB Running: sc4kbe83.exe; Driver: C:\Users\toto\AppData\Local\Temp\pwlyipog.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82A3FA15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A79212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtCreateFile + 6 7777560E 4 Bytes [28, 78, 70, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtCreateFile + B 77775613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtMapViewOfSection + 6 77775C6E 4 Bytes [28, 7B, 70, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtMapViewOfSection + B 77775C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenFile + 6 77775D1E 4 Bytes [68, 78, 70, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenFile + B 77775D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenProcess + 6 77775DCE 4 Bytes [A8, 79, 70, 00] {TEST AL, 0x79; JO 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenProcess + B 77775DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenProcessToken + B 77775DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenProcessTokenEx + 6 77775DEE 4 Bytes [A8, 7A, 70, 00] {TEST AL, 0x7a; JO 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenProcessTokenEx + B 77775DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenThread + 6 77775E4E 4 Bytes [68, 79, 70, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenThread + B 77775E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenThreadToken + 6 77775E5E 4 Bytes [68, 7A, 70, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenThreadToken + B 77775E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenThreadTokenEx + B 77775E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtQueryAttributesFile + 6 77775F7E 4 Bytes [A8, 78, 70, 00] {TEST AL, 0x78; JO 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtQueryAttributesFile + B 77775F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtQueryFullAttributesFile + B 77776033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtSetInformationFile + 6 7777667E 4 Bytes [28, 79, 70, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtSetInformationFile + B 77776683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtSetInformationThread + 6 777766DE 4 Bytes [28, 7A, 70, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtSetInformationThread + B 777766E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtUnmapViewOfSection + 6 777769FE 4 Bytes [68, 7B, 70, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtUnmapViewOfSection + B 77776A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtCreateFile + 6 7777560E 4 Bytes [28, AC, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtCreateFile + B 77775613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtMapViewOfSection + 6 77775C6E 4 Bytes [28, AF, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtMapViewOfSection + B 77775C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenFile + 6 77775D1E 4 Bytes [68, AC, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenFile + B 77775D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenProcess + 6 77775DCE 4 Bytes [A8, AD, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenProcess + B 77775DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenProcessToken + 6 77775DDE 4 Bytes CALL 76782890 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenProcessToken + B 77775DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenProcessTokenEx + 6 77775DEE 4 Bytes [A8, AE, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenProcessTokenEx + B 77775DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenThread + 6 77775E4E 4 Bytes [68, AD, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenThread + B 77775E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenThreadToken + 6 77775E5E 4 Bytes [68, AE, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenThreadToken + B 77775E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenThreadTokenEx + 6 77775E6E 4 Bytes CALL 76782921 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenThreadTokenEx + B 77775E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtQueryAttributesFile + 6 77775F7E 4 Bytes [A8, AC, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtQueryAttributesFile + B 77775F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtQueryFullAttributesFile + 6 7777602E 4 Bytes CALL 76782ADF C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtQueryFullAttributesFile + B 77776033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtSetInformationFile + 6 7777667E 4 Bytes [28, AD, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtSetInformationFile + B 77776683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtSetInformationThread + 6 777766DE 4 Bytes [28, AE, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtSetInformationThread + B 777766E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtUnmapViewOfSection + 6 777769FE 4 Bytes [68, AF, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtUnmapViewOfSection + B 77776A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1576] ntdll.dll!NtCreateFile + 6 7777560E 4 Bytes [28, 30, 20, 00] {SUB [EAX], DH; AND [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1576] ntdll.dll!NtCreateFile + B 77775613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1576] ntdll.dll!NtMapViewOfSection + 6 77775C6E 4 Bytes [28, 33, 20, 00] {SUB [EBX], DH; AND [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1576] ntdll.dll!NtMapViewOfSection + B 77775C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1576] ntdll.dll!NtOpenFile + 6 77775D1E 4 Bytes [68, 30, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1576] ntdll.dll!NtOpenFile + B 77775D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1576] ntdll.dll!NtOpenProcess + 6 77775DCE 4 Bytes [A8, 31, 20, 00] {TEST AL, 0x31; AND [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1576] ntdll.dll!NtOpenProcess + B 77775DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1576] ntdll.dll!NtOpenProcessToken + B 77775DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1576] ntdll.dll!NtOpenProcessTokenEx + 6 77775DEE 4 Bytes [A8, 32, 20, 00] {TEST AL, 0x32; AND [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1576] ntdll.dll!NtOpenProcessTokenEx + B 77775DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1576] ntdll.dll!NtOpenThread + 6 77775E4E 4 Bytes [68, 31, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1576] ntdll.dll!NtOpenThread + B 77775E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1576] ntdll.dll!NtOpenThreadToken + 6 77775E5E 4 Bytes [68, 32, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1576] ntdll.dll!NtOpenThreadToken + B 77775E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1576] ntdll.dll!NtOpenThreadTokenEx + B 77775E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1576] ntdll.dll!NtQueryAttributesFile + 6 77775F7E 4 Bytes [A8, 30, 20, 00] {TEST AL, 0x30; AND [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1576] ntdll.dll!NtQueryAttributesFile + B 77775F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1576] ntdll.dll!NtQueryFullAttributesFile + B 77776033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1576] ntdll.dll!NtSetInformationFile + 6 7777667E 4 Bytes [28, 31, 20, 00] {SUB [ECX], DH; AND [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1576] ntdll.dll!NtSetInformationFile + B 77776683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1576] ntdll.dll!NtSetInformationThread + 6 777766DE 4 Bytes [28, 32, 20, 00] {SUB [EDX], DH; AND [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1576] ntdll.dll!NtSetInformationThread + B 777766E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1576] ntdll.dll!NtUnmapViewOfSection + 6 777769FE 4 Bytes [68, 33, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1576] ntdll.dll!NtUnmapViewOfSection + B 77776A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtCreateFile + 6 7777560E 4 Bytes [28, 1C, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtCreateFile + B 77775613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtMapViewOfSection + 6 77775C6E 4 Bytes [28, 1F, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtMapViewOfSection + B 77775C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtOpenFile + 6 77775D1E 4 Bytes [68, 1C, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtOpenFile + B 77775D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtOpenProcess + 6 77775DCE 4 Bytes [A8, 1D, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtOpenProcess + B 77775DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtOpenProcessToken + B 77775DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtOpenProcessTokenEx + 6 77775DEE 4 Bytes [A8, 1E, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtOpenProcessTokenEx + B 77775DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtOpenThread + 6 77775E4E 4 Bytes [68, 1D, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtOpenThread + B 77775E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtOpenThreadToken + 6 77775E5E 4 Bytes [68, 1E, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtOpenThreadToken + B 77775E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtOpenThreadTokenEx + B 77775E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtQueryAttributesFile + 6 77775F7E 4 Bytes [A8, 1C, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtQueryAttributesFile + B 77775F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtQueryFullAttributesFile + B 77776033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtSetInformationFile + 6 7777667E 4 Bytes [28, 1D, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtSetInformationFile + B 77776683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtSetInformationThread + 6 777766DE 4 Bytes [28, 1E, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtSetInformationThread + B 777766E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtUnmapViewOfSection + 6 777769FE 4 Bytes [68, 1F, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtUnmapViewOfSection + B 77776A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtCreateFile + 6 7777560E 4 Bytes [28, D4, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtCreateFile + B 77775613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtMapViewOfSection + 6 77775C6E 4 Bytes [28, D7, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtMapViewOfSection + B 77775C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenFile + 6 77775D1E 4 Bytes [68, D4, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenFile + B 77775D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenProcess + 6 77775DCE 4 Bytes [A8, D5, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenProcess + B 77775DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenProcessToken + B 77775DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenProcessTokenEx + 6 77775DEE 4 Bytes [A8, D6, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenProcessTokenEx + B 77775DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenThread + 6 77775E4E 4 Bytes [68, D5, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenThread + B 77775E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenThreadToken + 6 77775E5E 4 Bytes [68, D6, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenThreadToken + B 77775E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenThreadTokenEx + B 77775E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtQueryAttributesFile + 6 77775F7E 4 Bytes [A8, D4, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtQueryAttributesFile + B 77775F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtQueryFullAttributesFile + B 77776033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtSetInformationFile + 6 7777667E 4 Bytes [28, D5, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtSetInformationFile + B 77776683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtSetInformationThread + 6 777766DE 4 Bytes [28, D6, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtSetInformationThread + B 777766E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtUnmapViewOfSection + 6 777769FE 4 Bytes [68, D7, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtUnmapViewOfSection + B 77776A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtCreateFile + 6 7777560E 4 Bytes [28, 60, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtCreateFile + B 77775613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtMapViewOfSection + 6 77775C6E 4 Bytes [28, 63, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtMapViewOfSection + B 77775C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenFile + 6 77775D1E 4 Bytes [68, 60, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenFile + B 77775D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenProcess + 6 77775DCE 4 Bytes [A8, 61, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenProcess + B 77775DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenProcessToken + 6 77775DDE 4 Bytes CALL 76784F44 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenProcessToken + B 77775DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenProcessTokenEx + 6 77775DEE 4 Bytes [A8, 62, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenProcessTokenEx + B 77775DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenThread + 6 77775E4E 4 Bytes [68, 61, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenThread + B 77775E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenThreadToken + 6 77775E5E 4 Bytes [68, 62, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenThreadToken + B 77775E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenThreadTokenEx + 6 77775E6E 4 Bytes CALL 76784FD5 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenThreadTokenEx + B 77775E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtQueryAttributesFile + 6 77775F7E 4 Bytes [A8, 60, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtQueryAttributesFile + B 77775F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtQueryFullAttributesFile + 6 7777602E 4 Bytes CALL 76785193 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtQueryFullAttributesFile + B 77776033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtSetInformationFile + 6 7777667E 4 Bytes [28, 61, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtSetInformationFile + B 77776683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtSetInformationThread + 6 777766DE 4 Bytes [28, 62, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtSetInformationThread + B 777766E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtUnmapViewOfSection + 6 777769FE 4 Bytes [68, 63, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtUnmapViewOfSection + B 77776A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4220] ntdll.dll!NtCreateFile + 6 7777560E 4 Bytes [28, 94, DF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4220] ntdll.dll!NtCreateFile + B 77775613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4220] ntdll.dll!NtMapViewOfSection + 6 77775C6E 4 Bytes [28, 97, DF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4220] ntdll.dll!NtMapViewOfSection + B 77775C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4220] ntdll.dll!NtOpenFile + 6 77775D1E 4 Bytes [68, 94, DF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4220] ntdll.dll!NtOpenFile + B 77775D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4220] ntdll.dll!NtOpenProcess + 6 77775DCE 4 Bytes [A8, 95, DF, 00] {TEST AL, 0x95; FILD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4220] ntdll.dll!NtOpenProcess + B 77775DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4220] ntdll.dll!NtOpenProcessToken + 6 77775DDE 4 Bytes CALL 76783D78 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4220] ntdll.dll!NtOpenProcessToken + B 77775DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4220] ntdll.dll!NtOpenProcessTokenEx + 6 77775DEE 4 Bytes [A8, 96, DF, 00] {TEST AL, 0x96; FILD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4220] ntdll.dll!NtOpenProcessTokenEx + B 77775DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4220] ntdll.dll!NtOpenThread + 6 77775E4E 4 Bytes [68, 95, DF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4220] ntdll.dll!NtOpenThread + B 77775E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4220] ntdll.dll!NtOpenThreadToken + 6 77775E5E 4 Bytes [68, 96, DF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4220] ntdll.dll!NtOpenThreadToken + B 77775E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4220] ntdll.dll!NtOpenThreadTokenEx + 6 77775E6E 4 Bytes CALL 76783E09 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4220] ntdll.dll!NtOpenThreadTokenEx + B 77775E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4220] ntdll.dll!NtQueryAttributesFile + 6 77775F7E 4 Bytes [A8, 94, DF, 00] {TEST AL, 0x94; FILD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4220] ntdll.dll!NtQueryAttributesFile + B 77775F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4220] ntdll.dll!NtQueryFullAttributesFile + 6 7777602E 4 Bytes CALL 76783FC7 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4220] ntdll.dll!NtQueryFullAttributesFile + B 77776033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4220] ntdll.dll!NtSetInformationFile + 6 7777667E 4 Bytes [28, 95, DF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4220] ntdll.dll!NtSetInformationFile + B 77776683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4220] ntdll.dll!NtSetInformationThread + 6 777766DE 4 Bytes [28, 96, DF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4220] ntdll.dll!NtSetInformationThread + B 777766E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4220] ntdll.dll!NtUnmapViewOfSection + 6 777769FE 4 Bytes [68, 97, DF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4220] ntdll.dll!NtUnmapViewOfSection + B 77776A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtCreateFile + 6 7777560E 4 Bytes [28, 20, 8A, 00] {SUB [EAX], AH; MOV AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtCreateFile + B 77775613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtMapViewOfSection + 6 77775C6E 4 Bytes [28, 23, 8A, 00] {SUB [EBX], AH; MOV AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtMapViewOfSection + B 77775C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtOpenFile + 6 77775D1E 4 Bytes [68, 20, 8A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtOpenFile + B 77775D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtOpenProcess + 6 77775DCE 4 Bytes [A8, 21, 8A, 00] {TEST AL, 0x21; MOV AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtOpenProcess + B 77775DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtOpenProcessToken + B 77775DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtOpenProcessTokenEx + 6 77775DEE 4 Bytes [A8, 22, 8A, 00] {TEST AL, 0x22; MOV AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtOpenProcessTokenEx + B 77775DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtOpenThread + 6 77775E4E 4 Bytes [68, 21, 8A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtOpenThread + B 77775E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtOpenThreadToken + 6 77775E5E 4 Bytes [68, 22, 8A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtOpenThreadToken + B 77775E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtOpenThreadTokenEx + B 77775E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtQueryAttributesFile + 6 77775F7E 4 Bytes [A8, 20, 8A, 00] {TEST AL, 0x20; MOV AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtQueryAttributesFile + B 77775F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtQueryFullAttributesFile + B 77776033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtSetInformationFile + 6 7777667E 4 Bytes [28, 21, 8A, 00] {SUB [ECX], AH; MOV AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtSetInformationFile + B 77776683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtSetInformationThread + 6 777766DE 4 Bytes [28, 22, 8A, 00] {SUB [EDX], AH; MOV AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtSetInformationThread + B 777766E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtUnmapViewOfSection + 6 777769FE 4 Bytes [68, 23, 8A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtUnmapViewOfSection + B 77776A03 1 Byte [E2] ---- Devices - GMER 2.1 ---- Device \Driver\BTHUSB \Device\0000009b bthport.sys Device \Driver\BTHUSB \Device\00000099 bthport.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe1dbe9ec Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe1dbe9ec (not active ControlSet) Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{D25F348E-EEB8-11E2-B67F-806E6F6E6963} 407459248 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\toto\Downloads\AUTA_PRZYGODY_W_CHÅ\x81ODNICY_GÃ\x201cRSKIEJ_2006_PL\setup.exe 1 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----