GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-08-11 15:57:51 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\00000077 MAXTOR_S rev.3.AA 465,76GB Running: ifgdusop.exe; Driver: C:\Users\Maniek\AppData\Local\Temp\kwrdrpog.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[2204] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000077b61465 2 bytes [B6, 77] .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[2204] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000077b614bb 2 bytes [B6, 77] .text ... * 2 .text F:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b61465 2 bytes [B6, 77] .text F:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b614bb 2 bytes [B6, 77] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 00000000779b1398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000779b143f 8 bytes [A0, 3B, EA, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 501 00000000779b1595 7 bytes [3B, EA, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000779b191e 8 bytes [80, 3B, EA, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000779b1bf8 8 bytes [70, 3B, EA, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000779b1d75 8 bytes [60, 3B, EA, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000779b1edf 8 bytes [50, 3B, EA, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000779b1fc5 8 bytes [40, 3B, EA, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779b27b0 8 bytes [30, 3B, EA, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077a013e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077a01560 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a01590 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a016b0 8 bytes JMP 49484746 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077a01760 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a01d90 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077a01fe0 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a02840 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1564] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000754d13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1564] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000754d146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1564] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000754d16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1564] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000754d19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1564] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000754d19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1564] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000754d1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 00000000779b1398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000779b143f 8 bytes [A0, BB, F4, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 501 00000000779b1595 7 bytes [BB, F4, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000779b191e 8 bytes [80, BB, F4, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000779b1bf8 8 bytes [70, BB, F4, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000779b1d75 8 bytes [60, BB, F4, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000779b1edf 8 bytes [50, BB, F4, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000779b1fc5 8 bytes [40, BB, F4, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779b27b0 8 bytes [30, BB, F4, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077a013e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077a01560 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a01590 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a016b0 8 bytes JMP 49484746 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077a01760 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a01d90 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077a01fe0 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a02840 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2744] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000754d13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2744] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000754d146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2744] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000754d16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2744] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000754d19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2744] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000754d19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2744] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000754d1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 00000000779b1398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000779b143f 8 bytes [A0, FB, F0, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 501 00000000779b1595 7 bytes [FB, F0, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000779b191e 8 bytes [80, FB, F0, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000779b1bf8 8 bytes [70, FB, F0, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000779b1d75 8 bytes [60, FB, F0, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000779b1edf 8 bytes [50, FB, F0, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000779b1fc5 8 bytes [40, FB, F0, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779b27b0 8 bytes [30, FB, F0, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077a013e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077a01560 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a01590 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a016b0 8 bytes JMP 49484746 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077a01760 8 bytes JMP 10000 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a01d90 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077a01fe0 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a02840 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000754d13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000754d146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000754d16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000754d19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000754d19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000754d1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 00000000779b1398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000779b143f 8 bytes [A0, 3B, EB, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 501 00000000779b1595 7 bytes [3B, EB, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000779b191e 8 bytes [80, 3B, EB, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000779b1bf8 8 bytes {JO 0x3d; JMP 0x3} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000779b1d75 8 bytes [60, 3B, EB, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000779b1edf 8 bytes [50, 3B, EB, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000779b1fc5 8 bytes [40, 3B, EB, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779b27b0 8 bytes {XOR [RBX], BH; JMP 0x3} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077a013e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077a01560 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a01590 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a016b0 8 bytes JMP 49484746 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077a01760 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a01d90 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077a01fe0 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a02840 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3020] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000754d13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3020] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000754d146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3020] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000754d16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3020] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000754d19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3020] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000754d19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3020] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000754d1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 00000000779b1398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000779b143f 8 bytes [A0, 2B, EC, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 501 00000000779b1595 7 bytes [2B, EC, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000779b191e 8 bytes [80, 2B, EC, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000779b1bf8 8 bytes [70, 2B, EC, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000779b1d75 8 bytes [60, 2B, EC, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000779b1edf 8 bytes [50, 2B, EC, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000779b1fc5 8 bytes [40, 2B, EC, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779b27b0 8 bytes [30, 2B, EC, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077a013e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077a01560 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a01590 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a016b0 8 bytes JMP 49484746 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077a01760 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a01d90 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077a01fe0 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a02840 8 bytes JMP 0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000754d13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000754d146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000754d16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000754d19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000754d19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000754d1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\ifgdusop program diagnostyczny\ifgdusop.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 00000000779b1398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\ifgdusop program diagnostyczny\ifgdusop.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000779b143f 8 bytes [A0, DB, F3, 7E, 00, 00, 00, ...] .text D:\ifgdusop program diagnostyczny\ifgdusop.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 501 00000000779b1595 7 bytes [DB, F3, 7E, 00, 00, 00, 00] .text D:\ifgdusop program diagnostyczny\ifgdusop.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000779b191e 8 bytes [80, DB, F3, 7E, 00, 00, 00, ...] .text D:\ifgdusop program diagnostyczny\ifgdusop.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000779b1bf8 8 bytes [70, DB, F3, 7E, 00, 00, 00, ...] .text D:\ifgdusop program diagnostyczny\ifgdusop.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000779b1d75 8 bytes [60, DB, F3, 7E, 00, 00, 00, ...] .text D:\ifgdusop program diagnostyczny\ifgdusop.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000779b1edf 8 bytes [50, DB, F3, 7E, 00, 00, 00, ...] .text D:\ifgdusop program diagnostyczny\ifgdusop.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000779b1fc5 8 bytes [40, DB, F3, 7E, 00, 00, 00, ...] .text D:\ifgdusop program diagnostyczny\ifgdusop.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779b27b0 8 bytes [30, DB, F3, 7E, 00, 00, 00, ...] .text D:\ifgdusop program diagnostyczny\ifgdusop.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077a013e0 8 bytes {JMP QWORD [RIP-0x4f7ee]} .text D:\ifgdusop program diagnostyczny\ifgdusop.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077a01560 8 bytes {JMP QWORD [RIP-0x4f7f1]} .text D:\ifgdusop program diagnostyczny\ifgdusop.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a01590 8 bytes {JMP QWORD [RIP-0x50157]} .text D:\ifgdusop program diagnostyczny\ifgdusop.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a016b0 8 bytes {JMP QWORD [RIP-0x4fd98]} .text D:\ifgdusop program diagnostyczny\ifgdusop.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077a01760 8 bytes {JMP QWORD [RIP-0x501d2]} .text D:\ifgdusop program diagnostyczny\ifgdusop.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a01d90 8 bytes {JMP QWORD [RIP-0x4f5e6]} .text D:\ifgdusop program diagnostyczny\ifgdusop.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077a01fe0 8 bytes {JMP QWORD [RIP-0x50021]} .text D:\ifgdusop program diagnostyczny\ifgdusop.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a02840 8 bytes {JMP QWORD [RIP-0x50967]} .text D:\ifgdusop program diagnostyczny\ifgdusop.exe[2404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000754d13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\ifgdusop program diagnostyczny\ifgdusop.exe[2404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000754d146b 8 bytes {JMP 0xffffffffffffffb0} .text D:\ifgdusop program diagnostyczny\ifgdusop.exe[2404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000754d16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\ifgdusop program diagnostyczny\ifgdusop.exe[2404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000754d19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\ifgdusop program diagnostyczny\ifgdusop.exe[2404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000754d19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\ifgdusop program diagnostyczny\ifgdusop.exe[2404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000754d1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff88003587ad8] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f81000830 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f81000830 (not active ControlSet) Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Instalki\Pobrane nowe chrome\V-Ray_v2.00.264.94_SketchUp_2016_win_x64\V-Ray_v2.00.264.94_SketchUp_2016_win_x64\ChaosGroup\xae_V-Ray_v2.00.264.94_SketchUp_2016_win_x64.exe 1 ---- EOF - GMER 2.2 ----