GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-10-29 01:39:07 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000DM003-1CH162 rev.CC47 931,51GB Running: swnhuy57.exe; Driver: C:\Users\Sebo\AppData\Local\Temp\aftcraod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe[1556] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 0000000077adfaa4 5 bytes JMP 0000000173ff2e30 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe[1556] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077ae0034 5 bytes JMP 0000000173ff2df0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000778e13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000778e1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000778e18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000778e1ad4 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000778e1bb4 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000778e1d35 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000778e1e9f 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000778e1f85 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 00000000778e2248 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007792dca0 8 bytes {JMP QWORD [RIP-0x4c0f2]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007792de20 8 bytes {JMP QWORD [RIP-0x4c0f1]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007792de50 8 bytes {JMP QWORD [RIP-0x4c912]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007792df70 8 bytes {JMP QWORD [RIP-0x4c4a2]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007792e020 8 bytes {JMP QWORD [RIP-0x4c758]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007792e650 8 bytes {JMP QWORD [RIP-0x4c40e]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007792e8a0 8 bytes {JMP QWORD [RIP-0x4c921]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4640] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007792f100 8 bytes {JMP QWORD [RIP-0x4d267]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4640] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000740213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4640] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007402146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4640] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000740216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4640] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000740219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4640] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000740219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4640] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074021a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000778e13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000778e1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000778e18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000778e1ad4 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000778e1bb4 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000778e1d35 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000778e1e9f 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000778e1f85 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 00000000778e2248 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007792dca0 8 bytes {JMP QWORD [RIP-0x4c0f2]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007792de20 8 bytes {JMP QWORD [RIP-0x4c0f1]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007792de50 8 bytes {JMP QWORD [RIP-0x4c912]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007792df70 8 bytes {JMP QWORD [RIP-0x4c4a2]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007792e020 8 bytes {JMP QWORD [RIP-0x4c758]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007792e650 8 bytes {JMP QWORD [RIP-0x4c40e]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007792e8a0 8 bytes {JMP QWORD [RIP-0x4c921]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007792f100 8 bytes {JMP QWORD [RIP-0x4d267]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4648] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000740213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4648] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007402146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4648] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000740216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4648] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000740219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4648] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000740219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4648] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074021a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007792de50 16 bytes [50, 48, B8, 34, 35, 75, F0, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007792dca0 4 bytes [50, 48, B8, FC] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 5 000000007792dca5 11 bytes [60, 3F, 01, 00, 00, 00, 48, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007792de10 16 bytes [50, 48, B8, 54, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007792de30 48 bytes [50, 48, B8, D0, 09, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007792de70 16 bytes [50, 48, B8, 20, 0B, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007792dec0 32 bytes [50, 48, B8, 78, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007792df00 16 bytes [50, 48, B8, 60, 09, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007792dfa0 16 bytes [50, 48, B8, A8, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007792e120 16 bytes [50, 48, B8, 24, 08, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007792eb90 16 bytes [50, 48, B8, F4, 09, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007792ebe0 16 bytes [50, 48, B8, 30, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007792ed30 16 bytes [50, 48, B8, BC, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007792dca0 4 bytes [50, 48, B8, FC] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 5 000000007792dca5 11 bytes [60, 3F, 01, 00, 00, 00, 48, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007792de10 16 bytes [50, 48, B8, 54, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007792de30 48 bytes [50, 48, B8, D0, 09, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007792de70 16 bytes [50, 48, B8, 20, 0B, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007792dec0 32 bytes [50, 48, B8, 78, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007792df00 16 bytes [50, 48, B8, 60, 09, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007792dfa0 16 bytes [50, 48, B8, A8, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007792e120 16 bytes [50, 48, B8, 24, 08, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007792eb90 16 bytes [50, 48, B8, F4, 09, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007792ebe0 16 bytes [50, 48, B8, 30, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007792ed30 16 bytes [50, 48, B8, BC, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007792dca0 4 bytes [50, 48, B8, FC] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 5 000000007792dca5 11 bytes [60, 3F, 01, 00, 00, 00, 48, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007792de10 16 bytes [50, 48, B8, 54, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007792de30 48 bytes [50, 48, B8, D0, 09, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007792de70 16 bytes [50, 48, B8, 20, 0B, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007792dec0 32 bytes [50, 48, B8, 78, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007792df00 16 bytes [50, 48, B8, 60, 09, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007792dfa0 16 bytes [50, 48, B8, A8, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007792e120 16 bytes [50, 48, B8, 24, 08, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007792eb90 16 bytes [50, 48, B8, F4, 09, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007792ebe0 16 bytes [50, 48, B8, 30, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007792ed30 16 bytes [50, 48, B8, BC, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007792dca0 4 bytes [50, 48, B8, FC] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 5 000000007792dca5 11 bytes [60, 3F, 01, 00, 00, 00, 48, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007792de10 16 bytes [50, 48, B8, 54, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007792de30 48 bytes [50, 48, B8, D0, 09, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007792de70 16 bytes [50, 48, B8, 20, 0B, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007792dec0 32 bytes [50, 48, B8, 78, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007792df00 16 bytes [50, 48, B8, 60, 09, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007792dfa0 16 bytes [50, 48, B8, A8, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007792e120 16 bytes [50, 48, B8, 24, 08, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007792eb90 16 bytes [50, 48, B8, F4, 09, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007792ebe0 16 bytes [50, 48, B8, 30, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007792ed30 16 bytes [50, 48, B8, BC, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007792dca0 4 bytes [50, 48, B8, FC] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 5 000000007792dca5 11 bytes [60, 3F, 01, 00, 00, 00, 48, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007792de10 16 bytes [50, 48, B8, 54, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007792de30 48 bytes [50, 48, B8, D0, 09, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007792de70 16 bytes [50, 48, B8, 20, 0B, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007792dec0 32 bytes [50, 48, B8, 78, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007792df00 16 bytes [50, 48, B8, 60, 09, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007792dfa0 16 bytes [50, 48, B8, A8, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007792e120 16 bytes [50, 48, B8, 24, 08, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007792eb90 16 bytes [50, 48, B8, F4, 09, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007792ebe0 16 bytes [50, 48, B8, 30, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007792ed30 16 bytes [50, 48, B8, BC, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007792dca0 4 bytes [50, 48, B8, FC] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 5 000000007792dca5 11 bytes [60, 3F, 01, 00, 00, 00, 48, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007792de10 16 bytes [50, 48, B8, 54, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007792de30 48 bytes [50, 48, B8, D0, 09, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007792de70 16 bytes [50, 48, B8, 20, 0B, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007792dec0 32 bytes [50, 48, B8, 78, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007792df00 16 bytes [50, 48, B8, 60, 09, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007792dfa0 16 bytes [50, 48, B8, A8, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007792e120 16 bytes [50, 48, B8, 24, 08, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007792eb90 16 bytes [50, 48, B8, F4, 09, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007792ebe0 16 bytes [50, 48, B8, 30, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007792ed30 16 bytes [50, 48, B8, BC, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007792dca0 4 bytes [50, 48, B8, FC] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 5 000000007792dca5 11 bytes [60, 3F, 01, 00, 00, 00, 48, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007792de10 16 bytes [50, 48, B8, 54, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007792de30 48 bytes [50, 48, B8, D0, 09, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007792de70 16 bytes [50, 48, B8, 20, 0B, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007792dec0 32 bytes [50, 48, B8, 78, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007792df00 16 bytes [50, 48, B8, 60, 09, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007792dfa0 16 bytes [50, 48, B8, A8, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007792e120 16 bytes [50, 48, B8, 24, 08, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007792eb90 16 bytes [50, 48, B8, F4, 09, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007792ebe0 16 bytes [50, 48, B8, 30, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007792ed30 16 bytes [50, 48, B8, BC, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007792dca0 4 bytes [50, 48, B8, FC] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 5 000000007792dca5 11 bytes [60, 3F, 01, 00, 00, 00, 48, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007792de10 16 bytes [50, 48, B8, 54, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007792de30 48 bytes [50, 48, B8, D0, 09, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007792de70 16 bytes [50, 48, B8, 20, 0B, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007792dec0 32 bytes [50, 48, B8, 78, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007792df00 16 bytes [50, 48, B8, 60, 09, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007792dfa0 16 bytes [50, 48, B8, A8, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007792e120 16 bytes [50, 48, B8, 24, 08, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007792eb90 16 bytes [50, 48, B8, F4, 09, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007792ebe0 16 bytes [50, 48, B8, 30, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007792ed30 16 bytes [50, 48, B8, BC, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007792dca0 4 bytes [50, 48, B8, FC] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 5 000000007792dca5 11 bytes [60, 3F, 01, 00, 00, 00, 48, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007792de10 16 bytes [50, 48, B8, 54, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007792de30 48 bytes [50, 48, B8, D0, 09, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007792de70 16 bytes [50, 48, B8, 20, 0B, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007792dec0 32 bytes [50, 48, B8, 78, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007792df00 16 bytes [50, 48, B8, 60, 09, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007792dfa0 16 bytes [50, 48, B8, A8, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007792e120 16 bytes [50, 48, B8, 24, 08, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007792eb90 16 bytes [50, 48, B8, F4, 09, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007792ebe0 16 bytes [50, 48, B8, 30, 0A, 60, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007792ed30 16 bytes [50, 48, B8, BC, 0A, 60, 3F, ...] .text C:\Users\Sebo\Downloads\Programs\swnhuy57.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000778e13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Sebo\Downloads\Programs\swnhuy57.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000778e1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Sebo\Downloads\Programs\swnhuy57.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000778e18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Sebo\Downloads\Programs\swnhuy57.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000778e1ad4 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Sebo\Downloads\Programs\swnhuy57.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000778e1bb4 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Sebo\Downloads\Programs\swnhuy57.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000778e1d35 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Sebo\Downloads\Programs\swnhuy57.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000778e1e9f 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Sebo\Downloads\Programs\swnhuy57.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000778e1f85 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Sebo\Downloads\Programs\swnhuy57.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 00000000778e2248 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...] .text C:\Users\Sebo\Downloads\Programs\swnhuy57.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007792dca0 8 bytes {JMP QWORD [RIP-0x4c0f2]} .text C:\Users\Sebo\Downloads\Programs\swnhuy57.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007792de20 8 bytes {JMP QWORD [RIP-0x4c0f1]} .text C:\Users\Sebo\Downloads\Programs\swnhuy57.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007792de50 8 bytes {JMP QWORD [RIP-0x4c912]} .text C:\Users\Sebo\Downloads\Programs\swnhuy57.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007792df70 8 bytes {JMP QWORD [RIP-0x4c4a2]} .text C:\Users\Sebo\Downloads\Programs\swnhuy57.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007792e020 8 bytes {JMP QWORD [RIP-0x4c758]} .text C:\Users\Sebo\Downloads\Programs\swnhuy57.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007792e650 8 bytes {JMP QWORD [RIP-0x4c40e]} .text C:\Users\Sebo\Downloads\Programs\swnhuy57.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007792e8a0 8 bytes {JMP QWORD [RIP-0x4c921]} .text C:\Users\Sebo\Downloads\Programs\swnhuy57.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007792f100 8 bytes {JMP QWORD [RIP-0x4d267]} .text C:\Users\Sebo\Downloads\Programs\swnhuy57.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000740213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Sebo\Downloads\Programs\swnhuy57.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007402146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\Sebo\Downloads\Programs\swnhuy57.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000740216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Sebo\Downloads\Programs\swnhuy57.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000740219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Sebo\Downloads\Programs\swnhuy57.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000740219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Sebo\Downloads\Programs\swnhuy57.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074021a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff88004552f58] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7feebbb9218] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feebbb9064] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feebbb9200] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7feebbb9368] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7feebbb91f8] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7feebbb9218] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feebbb9064] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feebbb9200] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7feebbb9368] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7feebbb91f8] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3668] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7feebbb9218] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3668] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feebbb9064] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3668] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feebbb9200] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3668] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7feebbb9368] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3668] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7feebbb91f8] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4240] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7feebbb9218] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4240] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feebbb9064] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4240] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feebbb9200] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4240] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7feebbb9368] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4240] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7feebbb91f8] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7feebbb9218] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feebbb9064] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feebbb9200] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7feebbb9368] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7feebbb91f8] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4980] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7feebbb9218] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4980] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feebbb9064] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4980] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feebbb9200] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4980] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7feebbb9368] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4980] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7feebbb91f8] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7feebbb9218] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feebbb9064] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feebbb9200] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7feebbb9368] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7feebbb91f8] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3520] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7feebbb9218] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3520] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feebbb9064] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3520] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feebbb9200] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3520] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7feebbb9368] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3520] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7feebbb91f8] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\chrome_child.dll ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\10x15 Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\10x15@FormKeyword 0x31 0x30 0x5F 0x58 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\10x15@ResourceNameID @hpzstwn7.dll,4435 Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\13x18 Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\13x18@FormKeyword 0x31 0x33 0x5F 0x58 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\13x18@ResourceNameID @hpzstwn7.dll,4424 Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Karta katalogowa 3x5 Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Karta katalogowa 3x5@FormKeyword 0x49 0x4E 0x44 0x45 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Karta katalogowa 3x5@ResourceNameID @hpzstwn7.dll,3416 Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Karta katalogowa 4x6 Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Karta katalogowa 4x6@FormKeyword 0x49 0x4E 0x44 0x45 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Karta katalogowa 4x6@ResourceNameID @hpzstwn7.dll,3414 Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Karta katalogowa 5x8 Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Karta katalogowa 5x8@FormKeyword 0x49 0x4E 0x44 0x45 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Karta katalogowa 5x8@ResourceNameID @hpzstwn7.dll,3415 Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Pap. hagaki bez obr. 100x148 Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Pap. hagaki bez obr. 100x148@FormKeyword 0x48 0x50 0x5F 0x42 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Pap. hagaki bez obr. 100x148@ResourceNameID @hpzstwn7.dll,3385 Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\10x15 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\10x15@FormKeyword 0x31 0x30 0x5F 0x58 ... Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\10x15@ResourceNameID @hpzstwn7.dll,4435 Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\13x18 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\13x18@FormKeyword 0x31 0x33 0x5F 0x58 ... Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\13x18@ResourceNameID @hpzstwn7.dll,4424 Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Karta katalogowa 3x5 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Karta katalogowa 3x5@FormKeyword 0x49 0x4E 0x44 0x45 ... Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Karta katalogowa 3x5@ResourceNameID @hpzstwn7.dll,3416 Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Karta katalogowa 4x6 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Karta katalogowa 4x6@FormKeyword 0x49 0x4E 0x44 0x45 ... Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Karta katalogowa 4x6@ResourceNameID @hpzstwn7.dll,3414 Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Karta katalogowa 5x8 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Karta katalogowa 5x8@FormKeyword 0x49 0x4E 0x44 0x45 ... Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Karta katalogowa 5x8@ResourceNameID @hpzstwn7.dll,3415 Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Pap. hagaki bez obr. 100x148 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Pap. hagaki bez obr. 100x148@FormKeyword 0x48 0x50 0x5F 0x42 ... Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Pap. hagaki bez obr. 100x148@ResourceNameID @hpzstwn7.dll,3385 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Sebo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KISS\\x30ab\x30b9\x30bf\x30e0\x30e1\x30a4\x30c93D\\x300c\x30ab\x30b9\x30bf\x30e0\x30e1\x30a4\x30c93D\x300d.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Sebo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KISS\\x30ab\x30b9\x30bf\x30e0\x30e1\x30a4\x30c93D\\x300c\x30ab\x30b9\x30bf\x30e0\x30e1\x30a4\x30c93D\x300d\x306e\x30a2\x30f3\x30a4\x30f3\x30b9\x30c8\x30fc\x30eb.lnk 1 ---- Files - GMER 2.1 ---- File C:\Users\Sebo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0087af 0 bytes File C:\Users\Sebo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0087b0 0 bytes File C:\Users\Sebo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0087b1 0 bytes ---- EOF - GMER 2.1 ----