GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-07-16 16:14:32 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD6400AAKS-65Z7B0 rev.01.03B01 596,17GB Running: xki9wsbt.exe; Driver: C:\Users\Wilku\AppData\Local\Temp\pgliyfoc.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82A47A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A81212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x93C1C000, 0x2D5378, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtCreateFile + 6 76F8560E 4 Bytes [28, 34, E2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtCreateFile + B 76F85613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtMapViewOfSection + 6 76F85C6E 4 Bytes [28, 37, E2, 00] {SUB [EDI], DH; LOOP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtMapViewOfSection + B 76F85C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtOpenFile + 6 76F85D1E 4 Bytes [68, 34, E2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtOpenFile + B 76F85D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtOpenProcess + 6 76F85DCE 4 Bytes [A8, 35, E2, 00] {TEST AL, 0x35; LOOP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtOpenProcess + B 76F85DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtOpenProcessToken + 6 76F85DDE 4 Bytes CALL 75F94018 C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtOpenProcessToken + B 76F85DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtOpenProcessTokenEx + 6 76F85DEE 4 Bytes [A8, 36, E2, 00] {TEST AL, 0x36; LOOP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtOpenProcessTokenEx + B 76F85DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtOpenThread + 6 76F85E4E 4 Bytes [68, 35, E2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtOpenThread + B 76F85E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtOpenThreadToken + 6 76F85E5E 4 Bytes [68, 36, E2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtOpenThreadToken + B 76F85E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtOpenThreadTokenEx + 6 76F85E6E 4 Bytes CALL 75F940A9 C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtOpenThreadTokenEx + B 76F85E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtQueryAttributesFile + 6 76F85F7E 4 Bytes [A8, 34, E2, 00] {TEST AL, 0x34; LOOP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtQueryAttributesFile + B 76F85F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtQueryFullAttributesFile + 6 76F8602E 4 Bytes CALL 75F94267 C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtQueryFullAttributesFile + B 76F86033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtSetInformationFile + 6 76F8667E 4 Bytes [28, 35, E2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtSetInformationFile + B 76F86683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtSetInformationThread + 6 76F866DE 4 Bytes [28, 36, E2, 00] {SUB [ESI], DH; LOOP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtSetInformationThread + B 76F866E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtUnmapViewOfSection + 6 76F869FE 4 Bytes [68, 37, E2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1320] ntdll.dll!NtUnmapViewOfSection + B 76F86A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtCreateFile + 6 76F8560E 4 Bytes [28, C4, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtCreateFile + B 76F85613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtMapViewOfSection + 6 76F85C6E 4 Bytes [28, C7, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtMapViewOfSection + B 76F85C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenFile + 6 76F85D1E 4 Bytes [68, C4, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenFile + B 76F85D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcess + 6 76F85DCE 4 Bytes [A8, C5, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcess + B 76F85DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcessToken + 6 76F85DDE 4 Bytes CALL 75F921A8 C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcessToken + B 76F85DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcessTokenEx + 6 76F85DEE 4 Bytes [A8, C6, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcessTokenEx + B 76F85DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThread + 6 76F85E4E 4 Bytes [68, C5, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThread + B 76F85E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThreadToken + 6 76F85E5E 4 Bytes [68, C6, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThreadToken + B 76F85E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThreadTokenEx + 6 76F85E6E 4 Bytes CALL 75F92239 C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThreadTokenEx + B 76F85E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtQueryAttributesFile + 6 76F85F7E 4 Bytes [A8, C4, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtQueryAttributesFile + B 76F85F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtQueryFullAttributesFile + 6 76F8602E 4 Bytes CALL 75F923F7 C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtQueryFullAttributesFile + B 76F86033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtSetInformationFile + 6 76F8667E 4 Bytes [28, C5, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtSetInformationFile + B 76F86683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtSetInformationThread + 6 76F866DE 4 Bytes [28, C6, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtSetInformationThread + B 76F866E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtUnmapViewOfSection + 6 76F869FE 4 Bytes [68, C7, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtUnmapViewOfSection + B 76F86A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2220] ntdll.dll!NtCreateFile + 6 76F8560E 4 Bytes [28, 80, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2220] ntdll.dll!NtCreateFile + B 76F85613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2220] ntdll.dll!NtMapViewOfSection + 6 76F85C6E 4 Bytes [28, 83, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2220] ntdll.dll!NtMapViewOfSection + B 76F85C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2220] ntdll.dll!NtOpenFile + 6 76F85D1E 4 Bytes [68, 80, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2220] ntdll.dll!NtOpenFile + B 76F85D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2220] ntdll.dll!NtOpenProcess + 6 76F85DCE 4 Bytes [A8, 81, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2220] ntdll.dll!NtOpenProcess + B 76F85DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2220] ntdll.dll!NtOpenProcessToken + 6 76F85DDE 4 Bytes CALL 75F8BE64 C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2220] ntdll.dll!NtOpenProcessToken + B 76F85DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2220] ntdll.dll!NtOpenProcessTokenEx + 6 76F85DEE 4 Bytes [A8, 82, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2220] ntdll.dll!NtOpenProcessTokenEx + B 76F85DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2220] ntdll.dll!NtOpenThread + 6 76F85E4E 4 Bytes [68, 81, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2220] ntdll.dll!NtOpenThread + B 76F85E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2220] ntdll.dll!NtOpenThreadToken + 6 76F85E5E 4 Bytes [68, 82, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2220] ntdll.dll!NtOpenThreadToken + B 76F85E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2220] ntdll.dll!NtOpenThreadTokenEx + 6 76F85E6E 4 Bytes CALL 75F8BEF5 C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2220] ntdll.dll!NtOpenThreadTokenEx + B 76F85E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2220] ntdll.dll!NtQueryAttributesFile + 6 76F85F7E 4 Bytes [A8, 80, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2220] ntdll.dll!NtQueryAttributesFile + B 76F85F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2220] ntdll.dll!NtQueryFullAttributesFile + 6 76F8602E 4 Bytes CALL 75F8C0B3 C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2220] ntdll.dll!NtQueryFullAttributesFile + B 76F86033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2220] ntdll.dll!NtSetInformationFile + 6 76F8667E 4 Bytes [28, 81, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2220] ntdll.dll!NtSetInformationFile + B 76F86683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2220] ntdll.dll!NtSetInformationThread + 6 76F866DE 4 Bytes [28, 82, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2220] ntdll.dll!NtSetInformationThread + B 76F866E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2220] ntdll.dll!NtUnmapViewOfSection + 6 76F869FE 4 Bytes [68, 83, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2220] ntdll.dll!NtUnmapViewOfSection + B 76F86A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtMapViewOfSection + 6 76F85C6E 4 Bytes [18, 10, C9, 6B] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtMapViewOfSection + B 76F85C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtCreateFile + 6 76F8560E 4 Bytes [28, A8, E3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtCreateFile + B 76F85613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtMapViewOfSection + 6 76F85C6E 4 Bytes [28, AB, E3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtMapViewOfSection + B 76F85C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenFile + 6 76F85D1E 4 Bytes [68, A8, E3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenFile + B 76F85D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenProcess + 6 76F85DCE 4 Bytes [A8, A9, E3, 00] {TEST AL, 0xa9; JECXZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenProcess + B 76F85DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenProcessToken + 6 76F85DDE 4 Bytes CALL 75F9418C C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenProcessToken + B 76F85DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenProcessTokenEx + 6 76F85DEE 4 Bytes [A8, AA, E3, 00] {TEST AL, 0xaa; JECXZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenProcessTokenEx + B 76F85DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenThread + 6 76F85E4E 4 Bytes [68, A9, E3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenThread + B 76F85E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenThreadToken + 6 76F85E5E 4 Bytes [68, AA, E3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenThreadToken + B 76F85E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenThreadTokenEx + 6 76F85E6E 4 Bytes CALL 75F9421D C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenThreadTokenEx + B 76F85E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtQueryAttributesFile + 6 76F85F7E 4 Bytes [A8, A8, E3, 00] {TEST AL, 0xa8; JECXZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtQueryAttributesFile + B 76F85F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtQueryFullAttributesFile + 6 76F8602E 4 Bytes CALL 75F943DB C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtQueryFullAttributesFile + B 76F86033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtSetInformationFile + 6 76F8667E 4 Bytes [28, A9, E3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtSetInformationFile + B 76F86683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtSetInformationThread + 6 76F866DE 4 Bytes [28, AA, E3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtSetInformationThread + B 76F866E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtUnmapViewOfSection + 6 76F869FE 4 Bytes [68, AB, E3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtUnmapViewOfSection + B 76F86A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtCreateFile + 6 76F8560E 4 Bytes [28, 98, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtCreateFile + B 76F85613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtMapViewOfSection + 6 76F85C6E 4 Bytes [28, 9B, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtMapViewOfSection + B 76F85C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenFile + 6 76F85D1E 4 Bytes [68, 98, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenFile + B 76F85D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenProcess + 6 76F85DCE 4 Bytes [A8, 99, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenProcess + B 76F85DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenProcessToken + 6 76F85DDE 4 Bytes CALL 75F8FC7C C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenProcessToken + B 76F85DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenProcessTokenEx + 6 76F85DEE 4 Bytes [A8, 9A, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenProcessTokenEx + B 76F85DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenThread + 6 76F85E4E 4 Bytes [68, 99, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenThread + B 76F85E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenThreadToken + 6 76F85E5E 4 Bytes [68, 9A, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenThreadToken + B 76F85E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenThreadTokenEx + 6 76F85E6E 4 Bytes CALL 75F8FD0D C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtOpenThreadTokenEx + B 76F85E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtQueryAttributesFile + 6 76F85F7E 4 Bytes [A8, 98, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtQueryAttributesFile + B 76F85F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtQueryFullAttributesFile + 6 76F8602E 4 Bytes CALL 75F8FECB C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtQueryFullAttributesFile + B 76F86033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtSetInformationFile + 6 76F8667E 4 Bytes [28, 99, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtSetInformationFile + B 76F86683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtSetInformationThread + 6 76F866DE 4 Bytes [28, 9A, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtSetInformationThread + B 76F866E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtUnmapViewOfSection + 6 76F869FE 4 Bytes [68, 9B, 9E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] ntdll.dll!NtUnmapViewOfSection + B 76F86A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtCreateFile + 6 76F8560E 4 Bytes [28, 78, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtCreateFile + B 76F85613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtMapViewOfSection + 6 76F85C6E 4 Bytes [28, 7B, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtMapViewOfSection + B 76F85C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenFile + 6 76F85D1E 4 Bytes [68, 78, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenFile + B 76F85D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenProcess + 6 76F85DCE 4 Bytes [A8, 79, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenProcess + B 76F85DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenProcessToken + 6 76F85DDE 4 Bytes CALL 75F89D5C C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenProcessToken + B 76F85DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenProcessTokenEx + 6 76F85DEE 4 Bytes [A8, 7A, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenProcessTokenEx + B 76F85DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenThread + 6 76F85E4E 4 Bytes [68, 79, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenThread + B 76F85E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenThreadToken + 6 76F85E5E 4 Bytes [68, 7A, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenThreadToken + B 76F85E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenThreadTokenEx + 6 76F85E6E 4 Bytes CALL 75F89DED C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtOpenThreadTokenEx + B 76F85E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtQueryAttributesFile + 6 76F85F7E 4 Bytes [A8, 78, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtQueryAttributesFile + B 76F85F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtQueryFullAttributesFile + 6 76F8602E 4 Bytes CALL 75F89FAB C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtQueryFullAttributesFile + B 76F86033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtSetInformationFile + 6 76F8667E 4 Bytes [28, 79, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtSetInformationFile + B 76F86683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtSetInformationThread + 6 76F866DE 4 Bytes [28, 7A, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtSetInformationThread + B 76F866E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtUnmapViewOfSection + 6 76F869FE 4 Bytes [68, 7B, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3872] ntdll.dll!NtUnmapViewOfSection + B 76F86A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtCreateFile + 6 76F8560E 4 Bytes [28, 30, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtCreateFile + B 76F85613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtMapViewOfSection + 6 76F85C6E 4 Bytes [28, 33, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtMapViewOfSection + B 76F85C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenFile + 6 76F85D1E 4 Bytes [68, 30, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenFile + B 76F85D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenProcess + 6 76F85DCE 4 Bytes [A8, 31, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenProcess + B 76F85DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenProcessToken + 6 76F85DDE 4 Bytes CALL 75F8FD14 C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenProcessToken + B 76F85DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenProcessTokenEx + 6 76F85DEE 4 Bytes [A8, 32, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenProcessTokenEx + B 76F85DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenThread + 6 76F85E4E 4 Bytes [68, 31, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenThread + B 76F85E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenThreadToken + 6 76F85E5E 4 Bytes [68, 32, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenThreadToken + B 76F85E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenThreadTokenEx + 6 76F85E6E 4 Bytes CALL 75F8FDA5 C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenThreadTokenEx + B 76F85E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtQueryAttributesFile + 6 76F85F7E 4 Bytes [A8, 30, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtQueryAttributesFile + B 76F85F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtQueryFullAttributesFile + 6 76F8602E 4 Bytes CALL 75F8FF63 C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtQueryFullAttributesFile + B 76F86033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtSetInformationFile + 6 76F8667E 4 Bytes [28, 31, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtSetInformationFile + B 76F86683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtSetInformationThread + 6 76F866DE 4 Bytes [28, 32, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtSetInformationThread + B 76F866E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtUnmapViewOfSection + 6 76F869FE 4 Bytes [68, 33, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtUnmapViewOfSection + B 76F86A03 1 Byte [E2] ---- Devices - GMER 2.1 ---- Device \Driver\BTHUSB \Device\00000065 bthport.sys Device \Driver\BTHUSB \Device\00000067 bthport.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015833d0a57 Reg HKLM\SYSTEM\ControlSet002\Control\WMI\Autologger\WFP-IPsec Trace\{AD33FA19-F2D2-46D1-8F4C-E3C3087E45AD}@Enabled 1 Reg HKLM\SYSTEM\ControlSet002\Control\WMI\Autologger\WFP-IPsec Trace\{AD33FA19-F2D2-46D1-8F4C-E3C3087E45AD}@EnableLevel 4 Reg HKLM\SYSTEM\ControlSet002\Control\WMI\Autologger\WFP-IPsec Trace\{AD33FA19-F2D2-46D1-8F4C-E3C3087E45AD}@MatchAnyKeyword 0xFF 0xFF 0xFF 0xFF ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015833d0a57 (not active ControlSet) ---- EOF - GMER 2.1 ----