GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-05-23 08:29:59 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM321HI rev.2AJ10003 298,09GB Running: sbrgo8yg.exe; Driver: C:\Users\Natalia\AppData\Local\Temp\uxldapow.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82C82A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CBC212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90C26000, 0x2FC146, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtClose 77895508 5 Bytes JMP 66118630 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtCreateFile 77895608 5 Bytes JMP 66118470 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtFlushBuffersFile 77895998 5 Bytes JMP 661372A0 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtLockFile 77895BD8 5 Bytes JMP 66137390 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtMapViewOfSection + 6 77895C6E 4 Bytes [18, 00, 2F, 66] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtMapViewOfSection + B 77895C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtOpenFile 77895D18 5 Bytes JMP 661183E0 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtQueryInformationFile 77896058 5 Bytes JMP 661186B0 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtReadFile 778962F8 5 Bytes JMP 66118510 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtSetInformationFile 77896678 5 Bytes JMP 66118740 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtUnlockFile 778969D8 5 Bytes JMP 66137420 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtWriteFile 77896AA8 5 Bytes JMP 661185A0 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtClose 77895508 5 Bytes JMP 66118630 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtCreateFile 77895608 5 Bytes JMP 66118470 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtCreateFile + 6 7789560E 4 Bytes [28, 9C, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtCreateFile + B 77895613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtFlushBuffersFile 77895998 5 Bytes JMP 661372A0 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtLockFile 77895BD8 5 Bytes JMP 66137390 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtMapViewOfSection + 6 77895C6E 4 Bytes [28, 9F, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtMapViewOfSection + B 77895C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtOpenFile 77895D18 5 Bytes JMP 661183E0 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtOpenFile + 6 77895D1E 4 Bytes [68, 9C, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtOpenFile + B 77895D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtOpenProcess + 6 77895DCE 4 Bytes [A8, 9D, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtOpenProcess + B 77895DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtOpenProcessToken + 6 77895DDE 4 Bytes CALL 768A2980 C:\Windows\system32\WININET.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtOpenProcessToken + B 77895DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtOpenProcessTokenEx + 6 77895DEE 4 Bytes [A8, 9E, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtOpenProcessTokenEx + B 77895DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtOpenThread + 6 77895E4E 4 Bytes [68, 9D, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtOpenThread + B 77895E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtOpenThreadToken + 6 77895E5E 4 Bytes [68, 9E, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtOpenThreadToken + B 77895E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtOpenThreadTokenEx + 6 77895E6E 4 Bytes CALL 768A2A11 C:\Windows\system32\WININET.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtOpenThreadTokenEx + B 77895E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtQueryAttributesFile + 6 77895F7E 4 Bytes [A8, 9C, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtQueryAttributesFile + B 77895F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtQueryFullAttributesFile + 6 7789602E 4 Bytes CALL 768A2BCF C:\Windows\system32\WININET.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtQueryFullAttributesFile + B 77896033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtQueryInformationFile 77896058 5 Bytes JMP 661186B0 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtReadFile 778962F8 5 Bytes JMP 66118510 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtSetInformationFile 77896678 5 Bytes JMP 66118740 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtSetInformationFile + 6 7789667E 4 Bytes [28, 9D, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtSetInformationFile + B 77896683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtSetInformationThread + 6 778966DE 4 Bytes [28, 9E, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtSetInformationThread + B 778966E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtUnlockFile 778969D8 5 Bytes JMP 66137420 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtUnmapViewOfSection + 6 778969FE 4 Bytes [68, 9F, CB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtUnmapViewOfSection + B 77896A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtWriteFile 77896AA8 5 Bytes JMP 661185A0 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtClose 77895508 5 Bytes JMP 66118630 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtCreateFile 77895608 5 Bytes JMP 66118470 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtCreateFile + 6 7789560E 4 Bytes [28, 94, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtCreateFile + B 77895613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtFlushBuffersFile 77895998 5 Bytes JMP 661372A0 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtLockFile 77895BD8 5 Bytes JMP 66137390 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtMapViewOfSection + 6 77895C6E 4 Bytes [28, 97, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtMapViewOfSection + B 77895C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtOpenFile 77895D18 5 Bytes JMP 661183E0 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtOpenFile + 6 77895D1E 4 Bytes [68, 94, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtOpenFile + B 77895D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtOpenProcess + 6 77895DCE 4 Bytes [A8, 95, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtOpenProcess + B 77895DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtOpenProcessToken + 6 77895DDE 4 Bytes CALL 768A5078 C:\Windows\system32\WININET.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtOpenProcessToken + B 77895DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtOpenProcessTokenEx + 6 77895DEE 4 Bytes [A8, 96, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtOpenProcessTokenEx + B 77895DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtOpenThread + 6 77895E4E 4 Bytes [68, 95, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtOpenThread + B 77895E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtOpenThreadToken + 6 77895E5E 4 Bytes [68, 96, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtOpenThreadToken + B 77895E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtOpenThreadTokenEx + 6 77895E6E 4 Bytes CALL 768A5109 C:\Windows\system32\WININET.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtOpenThreadTokenEx + B 77895E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtQueryAttributesFile + 6 77895F7E 4 Bytes [A8, 94, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtQueryAttributesFile + B 77895F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtQueryFullAttributesFile + 6 7789602E 4 Bytes CALL 768A52C7 C:\Windows\system32\WININET.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtQueryFullAttributesFile + B 77896033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtQueryInformationFile 77896058 5 Bytes JMP 661186B0 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtReadFile 778962F8 5 Bytes JMP 66118510 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtSetInformationFile 77896678 5 Bytes JMP 66118740 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtSetInformationFile + 6 7789667E 4 Bytes [28, 95, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtSetInformationFile + B 77896683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtSetInformationThread + 6 778966DE 4 Bytes [28, 96, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtSetInformationThread + B 778966E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtUnlockFile 778969D8 5 Bytes JMP 66137420 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtUnmapViewOfSection + 6 778969FE 4 Bytes [68, 97, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtUnmapViewOfSection + B 77896A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2548] ntdll.dll!NtWriteFile 77896AA8 5 Bytes JMP 661185A0 C:\Program Files\Settings Manager\systemk\systemk.dll ÒuÛŠëÔÿÿÿÿwinlogonentry point in "ÒuÛŠëÔÿÿÿÿwinlogonentry point in "" section [0x0042F4D5] C:\Users\Natalia\AppData\Local\winlogon.exe[2816] C:\Users\Natalia\AppData\Local\winlogon.exe entry point in "ÒuÛŠëÔÿÿÿÿwinlogonentry point in "" section [0x0042F4D5] ÒuÛŠëÔÿÿÿÿwinlogonunknown last code section [0x00425000, 0x19000, 0xC00000E0] C:\Users\Natalia\AppData\Local\winlogon.exe[2816] C:\Users\Natalia\AppData\Local\winlogon.exe unknown last code section [0x00425000, 0x19000, 0xC00000E0] ÒuÛŠëÔÿÿÿÿservicesentry point in "ÒuÛŠëÔÿÿÿÿservicesentry point in "" section [0x0042F4D5] C:\Users\Natalia\AppData\Local\services.exe[2932] C:\Users\Natalia\AppData\Local\services.exe entry point in "ÒuÛŠëÔÿÿÿÿservicesentry point in "" section [0x0042F4D5] ÒuÛŠëÔÿÿÿÿservicesunknown last code section [0x00425000, 0x19000, 0xC00000E0] C:\Users\Natalia\AppData\Local\services.exe[2932] C:\Users\Natalia\AppData\Local\services.exe unknown last code section [0x00425000, 0x19000, 0xC00000E0] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtClose 77895508 5 Bytes JMP 66118630 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtCreateFile 77895608 5 Bytes JMP 66118470 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtCreateFile + 6 7789560E 4 Bytes [28, 74, 4F, 00] {SUB [EDI+ECX*2+0x0], DH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtCreateFile + B 77895613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtFlushBuffersFile 77895998 5 Bytes JMP 661372A0 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtLockFile 77895BD8 5 Bytes JMP 66137390 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtMapViewOfSection + 6 77895C6E 4 Bytes [28, 77, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtMapViewOfSection + B 77895C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenFile 77895D18 5 Bytes JMP 661183E0 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenFile + 6 77895D1E 4 Bytes [68, 74, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenFile + B 77895D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenProcess + 6 77895DCE 4 Bytes [A8, 75, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenProcess + B 77895DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenProcessToken + 6 77895DDE 4 Bytes CALL 7689AD58 C:\Windows\system32\WININET.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenProcessToken + B 77895DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenProcessTokenEx + 6 77895DEE 4 Bytes [A8, 76, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenProcessTokenEx + B 77895DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenThread + 6 77895E4E 4 Bytes [68, 75, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenThread + B 77895E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenThreadToken + 6 77895E5E 4 Bytes [68, 76, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenThreadToken + B 77895E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenThreadTokenEx + 6 77895E6E 4 Bytes CALL 7689ADE9 C:\Windows\system32\WININET.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenThreadTokenEx + B 77895E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtQueryAttributesFile + 6 77895F7E 4 Bytes [A8, 74, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtQueryAttributesFile + B 77895F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtQueryFullAttributesFile + 6 7789602E 4 Bytes CALL 7689AFA7 C:\Windows\system32\WININET.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtQueryFullAttributesFile + B 77896033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtQueryInformationFile 77896058 5 Bytes JMP 661186B0 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtReadFile 778962F8 5 Bytes JMP 66118510 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtSetInformationFile 77896678 5 Bytes JMP 66118740 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtSetInformationFile + 6 7789667E 4 Bytes [28, 75, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtSetInformationFile + B 77896683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtSetInformationThread + 6 778966DE 4 Bytes [28, 76, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtSetInformationThread + B 778966E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtUnlockFile 778969D8 5 Bytes JMP 66137420 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtUnmapViewOfSection + 6 778969FE 4 Bytes [68, 77, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtUnmapViewOfSection + B 77896A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtWriteFile 77896AA8 5 Bytes JMP 661185A0 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtClose 77895508 5 Bytes JMP 66118630 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtCreateFile 77895608 5 Bytes JMP 66118470 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtCreateFile + 6 7789560E 4 Bytes [28, D0, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtCreateFile + B 77895613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtFlushBuffersFile 77895998 5 Bytes JMP 661372A0 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtLockFile 77895BD8 5 Bytes JMP 66137390 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtMapViewOfSection + 6 77895C6E 4 Bytes [28, D3, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtMapViewOfSection + B 77895C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenFile 77895D18 5 Bytes JMP 661183E0 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenFile + 6 77895D1E 4 Bytes [68, D0, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenFile + B 77895D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenProcess + 6 77895DCE 4 Bytes [A8, D1, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenProcess + B 77895DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenProcessToken + 6 77895DDE 4 Bytes CALL 7689BEB4 C:\Windows\system32\WININET.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenProcessToken + B 77895DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenProcessTokenEx + 6 77895DEE 4 Bytes [A8, D2, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenProcessTokenEx + B 77895DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenThread + 6 77895E4E 4 Bytes [68, D1, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenThread + B 77895E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenThreadToken + 6 77895E5E 4 Bytes [68, D2, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenThreadToken + B 77895E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenThreadTokenEx + 6 77895E6E 4 Bytes CALL 7689BF45 C:\Windows\system32\WININET.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenThreadTokenEx + B 77895E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtQueryAttributesFile + 6 77895F7E 4 Bytes [A8, D0, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtQueryAttributesFile + B 77895F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtQueryFullAttributesFile + 6 7789602E 4 Bytes CALL 7689C103 C:\Windows\system32\WININET.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtQueryFullAttributesFile + B 77896033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtQueryInformationFile 77896058 5 Bytes JMP 661186B0 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtReadFile 778962F8 5 Bytes JMP 66118510 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtSetInformationFile 77896678 5 Bytes JMP 66118740 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtSetInformationFile + 6 7789667E 4 Bytes [28, D1, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtSetInformationFile + B 77896683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtSetInformationThread + 6 778966DE 4 Bytes [28, D2, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtSetInformationThread + B 778966E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtUnlockFile 778969D8 5 Bytes JMP 66137420 C:\Program Files\Settings Manager\systemk\systemk.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtUnmapViewOfSection + 6 778969FE 4 Bytes [68, D3, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtUnmapViewOfSection + B 77896A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtWriteFile 77896AA8 5 Bytes JMP 661185A0 C:\Program Files\Settings Manager\systemk\systemk.dll ---- Devices - GMER 2.1 ---- Device Ntfs.sys Device fastfat.SYS Device \Driver\BTHUSB \Device\00000079 bthport.sys Device \Driver\BTHUSB \Device\0000007b bthport.sys AttachedDevice fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e02a8290a4d0 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e02a8290a4d0 (not active ControlSet) Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\4B53C238-234E-4152-9CC7-ADC30DC5B6B5@IPAddress 127.0.0.1 Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LazyCheckPointUpdateInterval 604800 ---- EOF - GMER 2.1 ----