GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-01-27 15:12:40 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 SAMSUNG_HD753LJ rev.1AA01117 698,64GB Running: z9exy3zh.exe; Driver: C:\Users\Bigi\AppData\Local\Temp\awrdipob.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000773a2280 5 bytes JMP 000000000031075c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000773a6130 5 bytes JMP 00000000003103a4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000773cbfb0 14 bytes {MOV RAX, 0x7fef63d72b0; JMP RAX} .text C:\Users\Bigi\AppData\Roaming\uTorrent\uTorrent.exe[1284] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077531401 2 bytes JMP 762cb233 C:\Windows\syswow64\kernel32.dll .text C:\Users\Bigi\AppData\Roaming\uTorrent\uTorrent.exe[1284] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077531419 2 bytes JMP 762cb35e C:\Windows\syswow64\kernel32.dll .text C:\Users\Bigi\AppData\Roaming\uTorrent\uTorrent.exe[1284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077531431 2 bytes JMP 76349149 C:\Windows\syswow64\kernel32.dll .text C:\Users\Bigi\AppData\Roaming\uTorrent\uTorrent.exe[1284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007753144a 2 bytes CALL 762a4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Bigi\AppData\Roaming\uTorrent\uTorrent.exe[1284] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000775314dd 2 bytes JMP 76348a42 C:\Windows\syswow64\kernel32.dll .text C:\Users\Bigi\AppData\Roaming\uTorrent\uTorrent.exe[1284] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000775314f5 2 bytes JMP 76348c18 C:\Windows\syswow64\kernel32.dll .text C:\Users\Bigi\AppData\Roaming\uTorrent\uTorrent.exe[1284] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007753150d 2 bytes JMP 76348938 C:\Windows\syswow64\kernel32.dll .text C:\Users\Bigi\AppData\Roaming\uTorrent\uTorrent.exe[1284] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077531525 2 bytes JMP 76348d02 C:\Windows\syswow64\kernel32.dll .text C:\Users\Bigi\AppData\Roaming\uTorrent\uTorrent.exe[1284] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007753153d 2 bytes JMP 762bfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Bigi\AppData\Roaming\uTorrent\uTorrent.exe[1284] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077531555 2 bytes JMP 762c6907 C:\Windows\syswow64\kernel32.dll .text C:\Users\Bigi\AppData\Roaming\uTorrent\uTorrent.exe[1284] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007753156d 2 bytes JMP 76349201 C:\Windows\syswow64\kernel32.dll .text C:\Users\Bigi\AppData\Roaming\uTorrent\uTorrent.exe[1284] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077531585 2 bytes JMP 76348d62 C:\Windows\syswow64\kernel32.dll .text C:\Users\Bigi\AppData\Roaming\uTorrent\uTorrent.exe[1284] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007753159d 2 bytes JMP 763488fc C:\Windows\syswow64\kernel32.dll .text C:\Users\Bigi\AppData\Roaming\uTorrent\uTorrent.exe[1284] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000775315b5 2 bytes JMP 762bfd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\Bigi\AppData\Roaming\uTorrent\uTorrent.exe[1284] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000775315cd 2 bytes JMP 762cb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Bigi\AppData\Roaming\uTorrent\uTorrent.exe[1284] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000775316b2 2 bytes JMP 763490c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Bigi\AppData\Roaming\uTorrent\uTorrent.exe[1284] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000775316bd 2 bytes JMP 76348891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000773a2280 5 bytes JMP 00000000002e075c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000773a6130 5 bytes JMP 00000000002e03a4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000773cbe00 7 bytes [48, B8, 60, 04, FD, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000773cbe08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000773cbf70 7 bytes [48, B8, E0, 04, FD, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000773cbf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773cbf90 7 bytes [48, B8, D0, 08, FD, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000773cbf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000773cbfa0 7 bytes [48, B8, C0, 06, FD, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000773cbfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000773cbfb0 7 bytes [48, B8, 40, 03, FD, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000773cbfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000773cbfd0 7 bytes [48, B8, B0, 03, FD, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000773cbfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000773cc020 7 bytes [48, B8, 50, 05, FD, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000773cc028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000773cc030 7 bytes [48, B8, 20, 09, FD, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000773cc038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000773cc060 7 bytes [48, B8, 40, 06, FD, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000773cc068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000773cc100 7 bytes [48, B8, 80, 06, FD, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000773cc108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000773cc280 7 bytes [48, B8, C0, 05, FD, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000773cc288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000773cccf0 7 bytes [48, B8, 00, 09, FD, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000773cccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773ccd40 7 bytes [48, B8, A0, 08, FD, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000773ccd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000773cce90 7 bytes [48, B8, A0, 06, FD, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000773cce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000773a2280 5 bytes JMP 00000000001a075c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000773a6130 5 bytes JMP 00000000001a03a4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000773cbe00 7 bytes [48, B8, 60, 04, FD, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000773cbe08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000773cbf70 7 bytes [48, B8, E0, 04, FD, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000773cbf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773cbf90 7 bytes [48, B8, D0, 08, FD, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000773cbf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000773cbfa0 7 bytes [48, B8, C0, 06, FD, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000773cbfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000773cbfb0 7 bytes [48, B8, 40, 03, FD, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000773cbfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000773cbfd0 7 bytes [48, B8, B0, 03, FD, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000773cbfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000773cc020 7 bytes [48, B8, 50, 05, FD, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000773cc028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000773cc030 7 bytes [48, B8, 20, 09, FD, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000773cc038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000773cc060 7 bytes [48, B8, 40, 06, FD, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000773cc068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000773cc100 7 bytes [48, B8, 80, 06, FD, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000773cc108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000773cc280 7 bytes [48, B8, C0, 05, FD, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000773cc288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000773cccf0 7 bytes [48, B8, 00, 09, FD, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000773cccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773ccd40 7 bytes [48, B8, A0, 08, FD, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000773ccd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000773cce90 7 bytes [48, B8, A0, 06, FD, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000773cce98 6 bytes {ADD [RAX], AL; JMP RAX} ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\Explorer.EXE[USER32.dll!MoveWindow] [7fefa4a1a60] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\Explorer.EXE[USER32.dll!SetWindowPos] [7fefa4a1bf0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\Explorer.EXE[USER32.dll!DeferWindowPos] [7fefa4a1da0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\Explorer.EXE[USER32.dll!EndPaint] [7fefa4a1f40] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\system32\SHELL32.dll[USER32.dll!MoveWindow] [7fefa4a1a60] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\system32\SHELL32.dll[USER32.dll!SetWindowPos] [7fefa4a1bf0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\system32\SHELL32.dll[USER32.dll!DeferWindowPos] [7fefa4a1da0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\system32\SHELL32.dll[USER32.dll!EndPaint] [7fefa4a1f40] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\system32\ole32.dll[USER32.dll!MoveWindow] [7fefa4a1a60] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\system32\EXPLORERFRAME.dll[USER32.dll!EndPaint] [7fefa4a1f40] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\system32\EXPLORERFRAME.dll[USER32.dll!MoveWindow] [7fefa4a1a60] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\system32\EXPLORERFRAME.dll[USER32.dll!SetWindowPos] [7fefa4a1bf0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\system32\DUser.dll[USER32.dll!EndPaint] [7fefa4a1f40] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\system32\DUI70.dll[USER32.dll!SetWindowPos] [7fefa4a1bf0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\system32\IMM32.dll[USER32.dll!EndPaint] [7fefa4a1f40] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\system32\IMM32.dll[USER32.dll!SetWindowPos] [7fefa4a1bf0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\system32\MSCTF.dll[USER32.dll!MoveWindow] [7fefa4a1a60] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\system32\MSCTF.dll[USER32.dll!EndPaint] [7fefa4a1f40] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\system32\MSCTF.dll[USER32.dll!SetWindowPos] [7fefa4a1bf0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\system32\UxTheme.dll[USER32.dll!SetWindowPos] [7fefa4a1bf0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!MoveWindow] [7fefa4a1a60] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!SetWindowPos] [7fefa4a1bf0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.23403_none_e36ad4593102f066\COMCTL32.dll[USER32.dll!DeferWindowPos] [7fefa4a1da0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.23403_none_e36ad4593102f066\COMCTL32.dll[USER32.dll!SetWindowPos] [7fefa4a1bf0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.23403_none_e36ad4593102f066\COMCTL32.dll[USER32.dll!MoveWindow] [7fefa4a1a60] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.23403_none_e36ad4593102f066\COMCTL32.dll[USER32.dll!EndPaint] [7fefa4a1f40] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5904] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee0906e44] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.76\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5904] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee0906668] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.76\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5904] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee0906e2c] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.76\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5904] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee0907078] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.76\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5904] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fedf8b09f8] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.76\chrome_child.dll ---- Threads - GMER 2.2 ---- Thread C:\Windows\System32\svchost.exe [1008:1160] 000007fefae3f304 Thread C:\Windows\System32\svchost.exe [1008:1176] 000007fefb4b6204 Thread C:\Windows\System32\svchost.exe [1008:1440] 000007fefa832070 Thread C:\Windows\System32\svchost.exe [1008:1444] 000007fefa705448 Thread C:\Windows\System32\svchost.exe [1008:2044] 000007feeed86b8c Thread C:\Windows\System32\svchost.exe [1008:3864] 000007feeed81d88 Thread C:\Windows\System32\svchost.exe [1008:4868] 000007feedc65fd0 Thread C:\Windows\System32\svchost.exe [1008:4972] 000007fefa703288 Thread C:\Windows\System32\svchost.exe [864:1348] 000007fefab9ffc0 Thread C:\Windows\System32\svchost.exe [864:1376] 000007fefa85339c Thread C:\Windows\System32\svchost.exe [864:2112] 000007fef6a020c0 Thread C:\Windows\System32\svchost.exe [864:3396] 000007fef6a026a8 Thread C:\Windows\System32\svchost.exe [864:2056] 000007fef6a029dc Thread C:\Windows\System32\svchost.exe [864:4556] 000007fef2d989a8 Thread C:\Windows\system32\svchost.exe [1044:3364] 000007fef84c0ee8 Thread C:\Windows\system32\svchost.exe [1044:3368] 000007fef84b9ddc Thread C:\Windows\system32\svchost.exe [1044:3144] 000007fef84baa1c Thread C:\Windows\system32\svchost.exe [1044:3812] 000007fef84c1cd0 Thread C:\Windows\system32\svchost.exe [1044:4880] 000007fef3ddd3c8 Thread C:\Windows\system32\svchost.exe [1044:4884] 000007fef3ddd3c8 Thread C:\Windows\system32\svchost.exe [1044:4888] 000007fef3ddd3c8 Thread C:\Windows\system32\svchost.exe [1044:4892] 000007fef3ddd3c8 Thread C:\Windows\system32\svchost.exe [1068:332] 000007feefdf1aac Thread C:\Windows\system32\svchost.exe [1408:1472] 000007fefa743438 Thread C:\Windows\system32\svchost.exe [1408:1476] 000007fefa743a48 Thread C:\Windows\system32\svchost.exe [1408:1480] 000007fefa743784 Thread C:\Windows\system32\svchost.exe [1408:1484] 000007fefa745bfc Thread C:\Windows\system32\svchost.exe [1408:1656] 000007fefa74391c Thread C:\Windows\system32\svchost.exe [1408:2124] 000007fef8c2bd90 Thread C:\Windows\system32\svchost.exe [1408:2552] 000007fef96a50a0 Thread C:\Windows\system32\svchost.exe [1408:4912] 000007fef8bc5124 Thread C:\Windows\System32\spoolsv.exe [1904:4712] 000007feedc310c8 Thread C:\Windows\System32\spoolsv.exe [1904:4764] 000007fee9356008 Thread C:\Windows\System32\spoolsv.exe [1904:4784] 000007feedc65fd0 Thread C:\Windows\System32\spoolsv.exe [1904:4788] 000007feedbb3438 Thread C:\Windows\System32\spoolsv.exe [1904:4708] 000007feedc663ec Thread C:\Windows\System32\spoolsv.exe [1904:1452] 000007fef0125e5c Thread C:\Windows\System32\spoolsv.exe [1904:1748] 000007fee9385060 Thread C:\Windows\system32\svchost.exe [2020:1116] 000007fefca81a70 Thread C:\Windows\system32\svchost.exe [2020:1040] 000007fefca81a70 Thread C:\Windows\system32\svchost.exe [2020:1428] 000007fefca81a70 Thread C:\Windows\system32\svchost.exe [2020:1548] 000007fef9942c70 Thread C:\Windows\system32\svchost.exe [2020:1540] 000007fef994fb40 Thread C:\Windows\system32\svchost.exe [2020:1584] 000007fef9961d20 Thread C:\Windows\system32\svchost.exe [2020:1620] 000007fef994f6f0 Thread C:\Windows\system32\svchost.exe [2020:2096] 000007fef90435c0 Thread C:\Windows\system32\svchost.exe [2020:2248] 000007fef9045600 Thread C:\Windows\system32\svchost.exe [2020:3604] 000007feefd52888 Thread C:\Windows\system32\svchost.exe [2020:3112] 000007feefd42940 Thread C:\Windows\system32\svchost.exe [2020:3380] 000007feefd52a40 Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [1820:1796] 000007fefe79a80c Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [1820:2220] 00000000703c1dbc Thread C:\Windows\System32\svchost.exe [1456:2164] 000007fef8f3a1b0 Thread C:\Windows\System32\svchost.exe [1456:2168] 000007fef8f206e0 Thread C:\Windows\System32\svchost.exe [1456:2172] 000007fef8f206d0 Thread C:\Windows\System32\svchost.exe [1456:2176] 000007fef8ee6d60 Thread C:\Windows\System32\svchost.exe [1456:2180] 000007fef8ef8d40 Thread C:\Windows\System32\svchost.exe [1456:2184] 000007fef8ee6d50 Thread C:\Windows\System32\svchost.exe [1456:2188] 000007fef8f5c380 Thread C:\Windows\System32\rundll32.exe [2584:2600] 000000006cfd1e74 Thread C:\Windows\System32\rundll32.exe [2584:2604] 000007fefb4b6204 Thread C:\Windows\system32\svchost.exe [3580:3596] 000007fefe79a80c Thread C:\Windows\system32\svchost.exe [3580:3620] 000007fef0e87a88 Thread C:\Windows\system32\svchost.exe [3580:3624] 000007fef0e7df5c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4244:4856] 000007fefea2fb40 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4244:4988] 000007fefb6b2be0 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4244:4392] 000007fef8bc5124 Thread C:\Windows\sysWOW64\wbem\wmiprvse.exe [4580:4672] 00000000775af523 Thread C:\Windows\sysWOW64\wbem\wmiprvse.exe [4580:4676] 000000006d8d1df9 Thread C:\Windows\sysWOW64\wbem\wmiprvse.exe [4580:4696] 00000000775b046c Thread C:\Windows\sysWOW64\wbem\wmiprvse.exe [4580:4700] 000000006d8a1070 Thread C:\Windows\sysWOW64\wbem\wmiprvse.exe [4580:4192] 00000000775b046c Thread C:\Windows\system32\svchost.exe [4736:4904] 000007feecd78470 Thread C:\Windows\system32\svchost.exe [4736:4908] 000007feecd82418 Thread C:\Windows\system32\svchost.exe [4736:5104] 000007feecd8976c Thread C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [4160:4112] 000007fef42f7944 Thread C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [4160:4144] 000007fef41bbeb4 Thread C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [4160:5036] 000007fef41bbeb4 Thread C:\Windows\system32\taskhost.exe [1688:828] 000007feefe1edb4 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001638ca7969 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001638ca7969@848edf2fbff1 0x96 0x92 0x71 0x71 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001638ca7969 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001638ca7969@848edf2fbff1 0x96 0x92 0x71 0x71 ... ---- EOF - GMER 2.2 ----