GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-10-16 11:24:02 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB Running: v6jyeyoo.exe; Driver: C:\Users\Anna\AppData\Local\Temp\aftcqaog.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwCreateThread [0x928FE7F0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwLoadDriver [0x928FE8B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSystemInformation [0x928FE870] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSystemDebugControl [0x928FE830] ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!ZwRollbackEnlistment + 1401 82C7A9C9 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C9A4E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 14CB 82CA1888 4 Bytes [F0, E7, 8F, 92] {OUT 0x8f, EAX; XCHG EDX, EAX} .text ntoskrnl.exe!KeRemoveQueueEx + 15DB 82CA1998 4 Bytes [B0, E8, 8F, 92] .text ntoskrnl.exe!KeRemoveQueueEx + 18E7 82CA1CA4 4 Bytes [70, E8, 8F, 92] .text ntoskrnl.exe!KeRemoveQueueEx + 192F 82CA1CEC 4 Bytes [30, E8, 8F, 92] .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9502A000, 0x2D5378, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1888] kernel32.dll!SetUnhandledExceptionFilter 7759F4FB 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtCreateFile + 6 77AD55CE 4 Bytes [28, 60, 37, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtCreateFile + B 77AD55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtMapViewOfSection + 6 77AD5C2E 4 Bytes [28, 63, 37, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtMapViewOfSection + B 77AD5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenFile + 6 77AD5CDE 4 Bytes [68, 60, 37, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenFile + B 77AD5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenProcess + 6 77AD5D8E 4 Bytes [A8, 61, 37, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenProcess + B 77AD5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenProcessToken + B 77AD5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenProcessTokenEx + 6 77AD5DAE 4 Bytes [A8, 62, 37, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenProcessTokenEx + B 77AD5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenThread + 6 77AD5E0E 4 Bytes [68, 61, 37, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenThread + B 77AD5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenThreadToken + 6 77AD5E1E 4 Bytes [68, 62, 37, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenThreadToken + B 77AD5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenThreadTokenEx + B 77AD5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtQueryAttributesFile + 6 77AD5F3E 4 Bytes [A8, 60, 37, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtQueryAttributesFile + B 77AD5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtQueryFullAttributesFile + B 77AD5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtSetInformationFile + 6 77AD663E 4 Bytes [28, 61, 37, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtSetInformationFile + B 77AD6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtSetInformationThread + 6 77AD669E 4 Bytes [28, 62, 37, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtSetInformationThread + B 77AD66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtUnmapViewOfSection + 6 77AD69BE 4 Bytes [68, 63, 37, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtUnmapViewOfSection + B 77AD69C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3032] ntdll.dll!NtCreateFile + 6 77AD55CE 4 Bytes [28, 1C, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3032] ntdll.dll!NtCreateFile + B 77AD55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3032] ntdll.dll!NtMapViewOfSection + 6 77AD5C2E 4 Bytes [28, 1F, 2C, 00] {SUB [EDI], BL; SUB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3032] ntdll.dll!NtMapViewOfSection + B 77AD5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3032] ntdll.dll!NtOpenFile + 6 77AD5CDE 4 Bytes [68, 1C, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3032] ntdll.dll!NtOpenFile + B 77AD5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3032] ntdll.dll!NtOpenProcess + 6 77AD5D8E 4 Bytes [A8, 1D, 2C, 00] {TEST AL, 0x1d; SUB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3032] ntdll.dll!NtOpenProcess + B 77AD5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3032] ntdll.dll!NtOpenProcessToken + B 77AD5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3032] ntdll.dll!NtOpenProcessTokenEx + 6 77AD5DAE 4 Bytes [A8, 1E, 2C, 00] {TEST AL, 0x1e; SUB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3032] ntdll.dll!NtOpenProcessTokenEx + B 77AD5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3032] ntdll.dll!NtOpenThread + 6 77AD5E0E 4 Bytes [68, 1D, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3032] ntdll.dll!NtOpenThread + B 77AD5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3032] ntdll.dll!NtOpenThreadToken + 6 77AD5E1E 4 Bytes [68, 1E, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3032] ntdll.dll!NtOpenThreadToken + B 77AD5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3032] ntdll.dll!NtOpenThreadTokenEx + B 77AD5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3032] ntdll.dll!NtQueryAttributesFile + 6 77AD5F3E 4 Bytes [A8, 1C, 2C, 00] {TEST AL, 0x1c; SUB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3032] ntdll.dll!NtQueryAttributesFile + B 77AD5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3032] ntdll.dll!NtQueryFullAttributesFile + B 77AD5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3032] ntdll.dll!NtSetInformationFile + 6 77AD663E 4 Bytes [28, 1D, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3032] ntdll.dll!NtSetInformationFile + B 77AD6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3032] ntdll.dll!NtSetInformationThread + 6 77AD669E 4 Bytes [28, 1E, 2C, 00] {SUB [ESI], BL; SUB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3032] ntdll.dll!NtSetInformationThread + B 77AD66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3032] ntdll.dll!NtUnmapViewOfSection + 6 77AD69BE 4 Bytes [68, 1F, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3032] ntdll.dll!NtUnmapViewOfSection + B 77AD69C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtMapViewOfSection + 6 77AD5C2E 4 Bytes [18, 20, 48, 66] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtMapViewOfSection + B 77AD5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtCreateFile + 6 77AD55CE 4 Bytes [28, 8C, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtCreateFile + B 77AD55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtMapViewOfSection + 6 77AD5C2E 4 Bytes [28, 8F, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtMapViewOfSection + B 77AD5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtOpenFile + 6 77AD5CDE 4 Bytes [68, 8C, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtOpenFile + B 77AD5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtOpenProcess + 6 77AD5D8E 4 Bytes [A8, 8D, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtOpenProcess + B 77AD5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtOpenProcessToken + B 77AD5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtOpenProcessTokenEx + 6 77AD5DAE 4 Bytes [A8, 8E, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtOpenProcessTokenEx + B 77AD5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtOpenThread + 6 77AD5E0E 4 Bytes [68, 8D, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtOpenThread + B 77AD5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtOpenThreadToken + 6 77AD5E1E 4 Bytes [68, 8E, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtOpenThreadToken + B 77AD5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtOpenThreadTokenEx + B 77AD5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtQueryAttributesFile + 6 77AD5F3E 4 Bytes [A8, 8C, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtQueryAttributesFile + B 77AD5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtQueryFullAttributesFile + B 77AD5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtSetInformationFile + 6 77AD663E 4 Bytes [28, 8D, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtSetInformationFile + B 77AD6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtSetInformationThread + 6 77AD669E 4 Bytes [28, 8E, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtSetInformationThread + B 77AD66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtUnmapViewOfSection + 6 77AD69BE 4 Bytes [68, 8F, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4128] ntdll.dll!NtUnmapViewOfSection + B 77AD69C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtCreateFile + 6 77AD55CE 4 Bytes [28, 7C, 28, 00] {SUB [EAX+EBP+0x0], BH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtCreateFile + B 77AD55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtMapViewOfSection + 6 77AD5C2E 4 Bytes [28, 7F, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtMapViewOfSection + B 77AD5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenFile + 6 77AD5CDE 4 Bytes [68, 7C, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenFile + B 77AD5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenProcess + 6 77AD5D8E 4 Bytes [A8, 7D, 28, 00] {TEST AL, 0x7d; SUB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenProcess + B 77AD5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenProcessToken + B 77AD5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenProcessTokenEx + 6 77AD5DAE 4 Bytes [A8, 7E, 28, 00] {TEST AL, 0x7e; SUB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenProcessTokenEx + B 77AD5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenThread + 6 77AD5E0E 4 Bytes [68, 7D, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenThread + B 77AD5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenThreadToken + 6 77AD5E1E 4 Bytes [68, 7E, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenThreadToken + B 77AD5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenThreadTokenEx + B 77AD5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtQueryAttributesFile + 6 77AD5F3E 4 Bytes [A8, 7C, 28, 00] {TEST AL, 0x7c; SUB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtQueryAttributesFile + B 77AD5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtQueryFullAttributesFile + B 77AD5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtSetInformationFile + 6 77AD663E 4 Bytes [28, 7D, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtSetInformationFile + B 77AD6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtSetInformationThread + 6 77AD669E 4 Bytes [28, 7E, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtSetInformationThread + B 77AD66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtUnmapViewOfSection + 6 77AD69BE 4 Bytes [68, 7F, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtUnmapViewOfSection + B 77AD69C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtCreateFile + 6 77AD55CE 4 Bytes [28, 18, FF, 00] {SUB [EAX], BL; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtCreateFile + B 77AD55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtMapViewOfSection + 6 77AD5C2E 4 Bytes [28, 1B, FF, 00] {SUB [EBX], BL; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtMapViewOfSection + B 77AD5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenFile + 6 77AD5CDE 4 Bytes [68, 18, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenFile + B 77AD5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenProcess + 6 77AD5D8E 4 Bytes [A8, 19, FF, 00] {TEST AL, 0x19; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenProcess + B 77AD5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenProcessToken + B 77AD5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenProcessTokenEx + 6 77AD5DAE 4 Bytes [A8, 1A, FF, 00] {TEST AL, 0x1a; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenProcessTokenEx + B 77AD5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenThread + 6 77AD5E0E 4 Bytes [68, 19, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenThread + B 77AD5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenThreadToken + 6 77AD5E1E 4 Bytes [68, 1A, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenThreadToken + B 77AD5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenThreadTokenEx + B 77AD5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtQueryAttributesFile + 6 77AD5F3E 4 Bytes [A8, 18, FF, 00] {TEST AL, 0x18; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtQueryAttributesFile + B 77AD5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtQueryFullAttributesFile + B 77AD5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtSetInformationFile + 6 77AD663E 4 Bytes [28, 19, FF, 00] {SUB [ECX], BL; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtSetInformationFile + B 77AD6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtSetInformationThread + 6 77AD669E 4 Bytes [28, 1A, FF, 00] {SUB [EDX], BL; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtSetInformationThread + B 77AD66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtUnmapViewOfSection + 6 77AD69BE 4 Bytes [68, 1B, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtUnmapViewOfSection + B 77AD69C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtCreateFile + 6 77AD55CE 4 Bytes [28, 48, 0F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtCreateFile + B 77AD55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtMapViewOfSection + 6 77AD5C2E 4 Bytes [28, 4B, 0F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtMapViewOfSection + B 77AD5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenFile + 6 77AD5CDE 4 Bytes [68, 48, 0F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenFile + B 77AD5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenProcess + 6 77AD5D8E 4 Bytes [A8, 49, 0F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenProcess + B 77AD5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenProcessToken + B 77AD5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenProcessTokenEx + 6 77AD5DAE 4 Bytes [A8, 4A, 0F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenProcessTokenEx + B 77AD5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenThread + 6 77AD5E0E 4 Bytes [68, 49, 0F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenThread + B 77AD5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenThreadToken + 6 77AD5E1E 4 Bytes [68, 4A, 0F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenThreadToken + B 77AD5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenThreadTokenEx + B 77AD5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtQueryAttributesFile + 6 77AD5F3E 4 Bytes [A8, 48, 0F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtQueryAttributesFile + B 77AD5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtQueryFullAttributesFile + B 77AD5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtSetInformationFile + 6 77AD663E 4 Bytes [28, 49, 0F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtSetInformationFile + B 77AD6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtSetInformationThread + 6 77AD669E 4 Bytes [28, 4A, 0F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtSetInformationThread + B 77AD66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtUnmapViewOfSection + 6 77AD69BE 4 Bytes [68, 4B, 0F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtUnmapViewOfSection + B 77AD69C3 1 Byte [E2] .text C:\Program Files\Microsoft Office\Office15\MsoSync.exe[5700] USER32.dll!RegisterClipboardFormatA 75F2C091 5 Bytes JMP 5DC87ED2 C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll .text C:\Program Files\Microsoft Office\Office15\MsoSync.exe[5700] USER32.dll!RegisterClipboardFormatW 75F2DF8D 5 Bytes JMP 5DC82728 C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll .text C:\Program Files\Microsoft Office\Office15\MsoSync.exe[5700] USER32.dll!BeginPaint 75F35D14 5 Bytes JMP 5DC96F41 C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll .text C:\Program Files\Microsoft Office\Office15\MsoSync.exe[5700] USER32.dll!ValidateRect 75F4F089 5 Bytes JMP 5DDD3097 C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5768] ntdll.dll!NtCreateFile + 6 77AD55CE 4 Bytes [28, EC, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5768] ntdll.dll!NtCreateFile + B 77AD55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5768] ntdll.dll!NtMapViewOfSection + 6 77AD5C2E 4 Bytes [28, EF, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5768] ntdll.dll!NtMapViewOfSection + B 77AD5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5768] ntdll.dll!NtOpenFile + 6 77AD5CDE 4 Bytes [68, EC, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5768] ntdll.dll!NtOpenFile + B 77AD5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5768] ntdll.dll!NtOpenProcess + 6 77AD5D8E 4 Bytes [A8, ED, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5768] ntdll.dll!NtOpenProcess + B 77AD5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5768] ntdll.dll!NtOpenProcessToken + B 77AD5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5768] ntdll.dll!NtOpenProcessTokenEx + 6 77AD5DAE 4 Bytes [A8, EE, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5768] ntdll.dll!NtOpenProcessTokenEx + B 77AD5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5768] ntdll.dll!NtOpenThread + 6 77AD5E0E 4 Bytes [68, ED, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5768] ntdll.dll!NtOpenThread + B 77AD5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5768] ntdll.dll!NtOpenThreadToken + 6 77AD5E1E 4 Bytes [68, EE, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5768] ntdll.dll!NtOpenThreadToken + B 77AD5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5768] ntdll.dll!NtOpenThreadTokenEx + B 77AD5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5768] ntdll.dll!NtQueryAttributesFile + 6 77AD5F3E 4 Bytes [A8, EC, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5768] ntdll.dll!NtQueryAttributesFile + B 77AD5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5768] ntdll.dll!NtQueryFullAttributesFile + B 77AD5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5768] ntdll.dll!NtSetInformationFile + 6 77AD663E 4 Bytes [28, ED, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5768] ntdll.dll!NtSetInformationFile + B 77AD6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5768] ntdll.dll!NtSetInformationThread + 6 77AD669E 4 Bytes [28, EE, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5768] ntdll.dll!NtSetInformationThread + B 77AD66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5768] ntdll.dll!NtUnmapViewOfSection + 6 77AD69BE 4 Bytes [68, EF, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5768] ntdll.dll!NtUnmapViewOfSection + B 77AD69C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtCreateFile + 6 77AD55CE 4 Bytes [28, B0, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtCreateFile + B 77AD55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtMapViewOfSection + 6 77AD5C2E 4 Bytes [28, B3, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtMapViewOfSection + B 77AD5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtOpenFile + 6 77AD5CDE 4 Bytes [68, B0, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtOpenFile + B 77AD5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtOpenProcess + 6 77AD5D8E 4 Bytes [A8, B1, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtOpenProcess + B 77AD5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtOpenProcessToken + B 77AD5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtOpenProcessTokenEx + 6 77AD5DAE 4 Bytes [A8, B2, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtOpenProcessTokenEx + B 77AD5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtOpenThread + 6 77AD5E0E 4 Bytes [68, B1, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtOpenThread + B 77AD5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtOpenThreadToken + 6 77AD5E1E 4 Bytes [68, B2, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtOpenThreadToken + B 77AD5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtOpenThreadTokenEx + B 77AD5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtQueryAttributesFile + 6 77AD5F3E 4 Bytes [A8, B0, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtQueryAttributesFile + B 77AD5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtQueryFullAttributesFile + B 77AD5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtSetInformationFile + 6 77AD663E 4 Bytes [28, B1, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtSetInformationFile + B 77AD6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtSetInformationThread + 6 77AD669E 4 Bytes [28, B2, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtSetInformationThread + B 77AD66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtUnmapViewOfSection + 6 77AD69BE 4 Bytes [68, B3, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtUnmapViewOfSection + B 77AD69C3 1 Byte [E2] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[3804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [748624CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[3804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7484562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[3804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [748456EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[3804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74862546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[3804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [748585AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[3804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74854D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[3804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74855105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[3804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [748551DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[3804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74856707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[3804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74858301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[3804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74858850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[3804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [748590B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[3804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7485E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[3804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74854C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839dfa74c44 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839dfa74c44@28987ba62874 0x0A 0xE4 0x11 0x5E ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839dfa74c44@0024919a2094 0xF2 0xC0 0xE9 0x95 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839dfa74c44 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839dfa74c44@28987ba62874 0x0A 0xE4 0x11 0x5E ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839dfa74c44@0024919a2094 0xF2 0xC0 0xE9 0x95 ... ---- EOF - GMER 2.1 ----