GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-11-09 19:14:48 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0 232,89GB Running: rwsrd8cn.exe; Driver: C:\Users\Artur\AppData\Local\Temp\kwtorpog.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtCreateFile + 6 77A443DA 4 Bytes [28, C4, 15, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtCreateFile + B 77A443DF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtMapViewOfSection + 6 77A44B2A 4 Bytes [28, C7, 15, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtMapViewOfSection + B 77A44B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtOpenFile + 6 77A44BBA 4 Bytes [68, C4, 15, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtOpenFile + B 77A44BBF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtOpenProcess + 6 77A44C3A 4 Bytes [A8, C5, 15, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtOpenProcess + B 77A44C3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtOpenProcessToken + B 77A44C4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtOpenProcessTokenEx + 6 77A44C5A 4 Bytes [A8, C6, 15, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtOpenProcessTokenEx + B 77A44C5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtOpenThread + 6 77A44CAA 4 Bytes [68, C5, 15, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtOpenThread + B 77A44CAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtOpenThreadToken + 6 77A44CBA 4 Bytes [68, C6, 15, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtOpenThreadToken + B 77A44CBF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtOpenThreadTokenEx + B 77A44CCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtQueryAttributesFile + 6 77A44D5A 4 Bytes [A8, C4, 15, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtQueryAttributesFile + B 77A44D5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtQueryFullAttributesFile + B 77A44E0F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtSetInformationFile + 6 77A452EA 4 Bytes [28, C5, 15, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtSetInformationFile + B 77A452EF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtSetInformationThread + 6 77A4533A 4 Bytes [28, C6, 15, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtSetInformationThread + B 77A4533F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtUnmapViewOfSection + 6 77A455DA 4 Bytes [68, C7, 15, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtUnmapViewOfSection + B 77A455DF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtCreateFile + 6 77A443DA 4 Bytes [28, 4C, 75, 00] {SUB [EBP+ESI*2+0x0], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtCreateFile + B 77A443DF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtMapViewOfSection + 6 77A44B2A 4 Bytes [28, 4F, 75, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtMapViewOfSection + B 77A44B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenFile + 6 77A44BBA 4 Bytes [68, 4C, 75, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenFile + B 77A44BBF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenProcess + 6 77A44C3A 4 Bytes [A8, 4D, 75, 00] {TEST AL, 0x4d; JNZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenProcess + B 77A44C3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenProcessToken + B 77A44C4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenProcessTokenEx + 6 77A44C5A 4 Bytes [A8, 4E, 75, 00] {TEST AL, 0x4e; JNZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenProcessTokenEx + B 77A44C5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenThread + 6 77A44CAA 4 Bytes [68, 4D, 75, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenThread + B 77A44CAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenThreadToken + 6 77A44CBA 4 Bytes [68, 4E, 75, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenThreadToken + B 77A44CBF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenThreadTokenEx + B 77A44CCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtQueryAttributesFile + 6 77A44D5A 4 Bytes [A8, 4C, 75, 00] {TEST AL, 0x4c; JNZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtQueryAttributesFile + B 77A44D5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtQueryFullAttributesFile + B 77A44E0F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtSetInformationFile + 6 77A452EA 4 Bytes [28, 4D, 75, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtSetInformationFile + B 77A452EF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtSetInformationThread + 6 77A4533A 4 Bytes [28, 4E, 75, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtSetInformationThread + B 77A4533F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtUnmapViewOfSection + 6 77A455DA 4 Bytes [68, 4F, 75, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtUnmapViewOfSection + B 77A455DF 1 Byte [E2] ? C:\Windows\system32\svchost.exe[1592] C:\Windows\system32\secur32.dll IMAGE_DOS_SIGNATURE not found; .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtCreateFile + 6 77A443DA 4 Bytes [28, 04, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtCreateFile + B 77A443DF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtMapViewOfSection + 6 77A44B2A 4 Bytes [28, 07, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtMapViewOfSection + B 77A44B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenFile + 6 77A44BBA 4 Bytes [68, 04, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenFile + B 77A44BBF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenProcess + 6 77A44C3A 4 Bytes [A8, 05, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenProcess + B 77A44C3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenProcessToken + B 77A44C4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenProcessTokenEx + 6 77A44C5A 4 Bytes [A8, 06, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenProcessTokenEx + B 77A44C5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenThread + 6 77A44CAA 4 Bytes [68, 05, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenThread + B 77A44CAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenThreadToken + 6 77A44CBA 4 Bytes [68, 06, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenThreadToken + B 77A44CBF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenThreadTokenEx + B 77A44CCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtQueryAttributesFile + 6 77A44D5A 4 Bytes [A8, 04, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtQueryAttributesFile + B 77A44D5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtQueryFullAttributesFile + B 77A44E0F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtSetInformationFile + 6 77A452EA 4 Bytes [28, 05, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtSetInformationFile + B 77A452EF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtSetInformationThread + 6 77A4533A 4 Bytes [28, 06, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtSetInformationThread + B 77A4533F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtUnmapViewOfSection + 6 77A455DA 4 Bytes [68, 07, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtUnmapViewOfSection + B 77A455DF 1 Byte [E2] .text D:\Piriform\CCleaner.exe[3436] USER32.dll!SetScrollRange 76D6D185 5 Bytes JMP 012C1597 D:\Piriform\CCleaner.exe .text D:\Piriform\CCleaner.exe[3436] USER32.dll!GetScrollInfo 76D6F073 5 Bytes JMP 012C151E D:\Piriform\CCleaner.exe .text D:\Piriform\CCleaner.exe[3436] USER32.dll!ShowScrollBar 76D6F8AE 5 Bytes JMP 012C1557 D:\Piriform\CCleaner.exe .text D:\Piriform\CCleaner.exe[3436] USER32.dll!SetScrollInfo 76D771D8 5 Bytes JMP 012C15D4 D:\Piriform\CCleaner.exe .text D:\Piriform\CCleaner.exe[3436] USER32.dll!EnableScrollBar 76D8AF53 5 Bytes JMP 012C160E D:\Piriform\CCleaner.exe .text D:\Piriform\CCleaner.exe[3436] USER32.dll!GetScrollPos 76D9337D 5 Bytes JMP 012C14F3 D:\Piriform\CCleaner.exe .text D:\Piriform\CCleaner.exe[3436] USER32.dll!GetScrollRange 76D934A5 5 Bytes JMP 012C14B5 D:\Piriform\CCleaner.exe .text D:\Piriform\CCleaner.exe[3436] USER32.dll!SetScrollPos 76D93602 5 Bytes JMP 012C148A D:\Piriform\CCleaner.exe .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtCreateFile + 6 77A443DA 4 Bytes [28, 80, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtCreateFile + B 77A443DF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtMapViewOfSection + 6 77A44B2A 4 Bytes [28, 83, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtMapViewOfSection + B 77A44B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenFile + 6 77A44BBA 4 Bytes [68, 80, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenFile + B 77A44BBF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenProcess + 6 77A44C3A 4 Bytes [A8, 81, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenProcess + B 77A44C3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenProcessToken + B 77A44C4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenProcessTokenEx + 6 77A44C5A 4 Bytes [A8, 82, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenProcessTokenEx + B 77A44C5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenThread + 6 77A44CAA 4 Bytes [68, 81, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenThread + B 77A44CAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenThreadToken + 6 77A44CBA 4 Bytes [68, 82, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenThreadToken + B 77A44CBF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenThreadTokenEx + B 77A44CCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtQueryAttributesFile + 6 77A44D5A 4 Bytes [A8, 80, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtQueryAttributesFile + B 77A44D5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtQueryFullAttributesFile + B 77A44E0F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtSetInformationFile + 6 77A452EA 4 Bytes [28, 81, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtSetInformationFile + B 77A452EF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtSetInformationThread + 6 77A4533A 4 Bytes [28, 82, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtSetInformationThread + B 77A4533F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtUnmapViewOfSection + 6 77A455DA 4 Bytes [68, 83, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtUnmapViewOfSection + B 77A455DF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtMapViewOfSection + 6 77A44B2A 4 Bytes [18, F0, 9F, 74] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtMapViewOfSection + B 77A44B2F 1 Byte [E2] ---- EOF - GMER 2.2 ----