GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-12-28 00:11:25 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.13.0 Running: 3wjsr5cc.exe; Driver: C:\Users\home\AppData\Local\Temp\kwtdipow.sys ---- User code sections - GMER 1.0.15 ---- .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtCreateFile + 6 76EA422A 4 Bytes [28, 00, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtCreateFile + B 76EA422F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtMapViewOfSection + 6 76EA497A 1 Byte [28] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtMapViewOfSection + 6 76EA497A 4 Bytes [28, 03, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtMapViewOfSection + B 76EA497F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtOpenFile + 6 76EA4A0A 4 Bytes [68, 00, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtOpenFile + B 76EA4A0F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtOpenProcess + 6 76EA4A8A 4 Bytes [A8, 01, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtOpenProcess + B 76EA4A8F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtOpenProcessToken + 6 76EA4A9A 4 Bytes CALL 75EA50A0 C:\windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtOpenProcessToken + B 76EA4A9F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtOpenProcessTokenEx + 6 76EA4AAA 4 Bytes [A8, 02, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtOpenProcessTokenEx + B 76EA4AAF 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtOpenThread + 6 76EA4AFA 4 Bytes [68, 01, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtOpenThread + B 76EA4AFF 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtOpenThreadToken + 6 76EA4B0A 4 Bytes [68, 02, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtOpenThreadToken + B 76EA4B0F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtOpenThreadTokenEx + 6 76EA4B1A 4 Bytes CALL 75EA5121 C:\windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtOpenThreadTokenEx + B 76EA4B1F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtQueryAttributesFile + 6 76EA4BAA 4 Bytes [A8, 00, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtQueryAttributesFile + B 76EA4BAF 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtQueryFullAttributesFile + 6 76EA4C5A 4 Bytes CALL 75EA525F C:\windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtQueryFullAttributesFile + B 76EA4C5F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtSetInformationFile + 6 76EA513A 4 Bytes [28, 01, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtSetInformationFile + B 76EA513F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtSetInformationThread + 6 76EA518A 4 Bytes [28, 02, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtSetInformationThread + B 76EA518F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtUnmapViewOfSection + 6 76EA542A 1 Byte [68] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtUnmapViewOfSection + 6 76EA542A 4 Bytes [68, 03, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtUnmapViewOfSection + B 76EA542F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtCreateFile + 6 76EA422A 4 Bytes [28, 00, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtCreateFile + B 76EA422F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtMapViewOfSection + 6 76EA497A 1 Byte [28] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtMapViewOfSection + 6 76EA497A 4 Bytes [28, 03, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtMapViewOfSection + B 76EA497F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtOpenFile + 6 76EA4A0A 4 Bytes [68, 00, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtOpenFile + B 76EA4A0F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtOpenProcess + 6 76EA4A8A 4 Bytes [A8, 01, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtOpenProcess + B 76EA4A8F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtOpenProcessToken + 6 76EA4A9A 4 Bytes CALL 75EA50A0 C:\windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtOpenProcessToken + B 76EA4A9F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtOpenProcessTokenEx + 6 76EA4AAA 4 Bytes [A8, 02, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtOpenProcessTokenEx + B 76EA4AAF 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtOpenThread + 6 76EA4AFA 4 Bytes [68, 01, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtOpenThread + B 76EA4AFF 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtOpenThreadToken + 6 76EA4B0A 4 Bytes [68, 02, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtOpenThreadToken + B 76EA4B0F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtOpenThreadTokenEx + 6 76EA4B1A 4 Bytes CALL 75EA5121 C:\windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtOpenThreadTokenEx + B 76EA4B1F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtQueryAttributesFile + 6 76EA4BAA 4 Bytes [A8, 00, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtQueryAttributesFile + B 76EA4BAF 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtQueryFullAttributesFile + 6 76EA4C5A 4 Bytes CALL 75EA525F C:\windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtQueryFullAttributesFile + B 76EA4C5F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtSetInformationFile + 6 76EA513A 4 Bytes [28, 01, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtSetInformationFile + B 76EA513F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtSetInformationThread + 6 76EA518A 4 Bytes [28, 02, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtSetInformationThread + B 76EA518F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtUnmapViewOfSection + 6 76EA542A 1 Byte [68] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtUnmapViewOfSection + 6 76EA542A 4 Bytes [68, 03, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtUnmapViewOfSection + B 76EA542F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtCreateFile + 6 76EA422A 4 Bytes [28, 00, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtCreateFile + B 76EA422F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtMapViewOfSection + 6 76EA497A 1 Byte [28] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtMapViewOfSection + 6 76EA497A 4 Bytes [28, 03, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtMapViewOfSection + B 76EA497F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtOpenFile + 6 76EA4A0A 4 Bytes [68, 00, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtOpenFile + B 76EA4A0F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtOpenProcess + 6 76EA4A8A 4 Bytes [A8, 01, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtOpenProcess + B 76EA4A8F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtOpenProcessToken + 6 76EA4A9A 4 Bytes CALL 75EA50A0 C:\windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtOpenProcessToken + B 76EA4A9F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtOpenProcessTokenEx + 6 76EA4AAA 4 Bytes [A8, 02, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtOpenProcessTokenEx + B 76EA4AAF 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtOpenThread + 6 76EA4AFA 4 Bytes [68, 01, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtOpenThread + B 76EA4AFF 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtOpenThreadToken + 6 76EA4B0A 4 Bytes [68, 02, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtOpenThreadToken + B 76EA4B0F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtOpenThreadTokenEx + 6 76EA4B1A 4 Bytes CALL 75EA5121 C:\windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtOpenThreadTokenEx + B 76EA4B1F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtQueryAttributesFile + 6 76EA4BAA 4 Bytes [A8, 00, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtQueryAttributesFile + B 76EA4BAF 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtQueryFullAttributesFile + 6 76EA4C5A 4 Bytes CALL 75EA525F C:\windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtQueryFullAttributesFile + B 76EA4C5F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtSetInformationFile + 6 76EA513A 4 Bytes [28, 01, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtSetInformationFile + B 76EA513F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtSetInformationThread + 6 76EA518A 4 Bytes [28, 02, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtSetInformationThread + B 76EA518F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtUnmapViewOfSection + 6 76EA542A 1 Byte [68] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtUnmapViewOfSection + 6 76EA542A 4 Bytes [68, 03, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtUnmapViewOfSection + B 76EA542F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtCreateFile + 6 76EA422A 4 Bytes [28, 00, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtCreateFile + B 76EA422F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtMapViewOfSection + 6 76EA497A 1 Byte [28] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtMapViewOfSection + 6 76EA497A 4 Bytes [28, 03, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtMapViewOfSection + B 76EA497F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtOpenFile + 6 76EA4A0A 4 Bytes [68, 00, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtOpenFile + B 76EA4A0F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtOpenProcess + 6 76EA4A8A 4 Bytes [A8, 01, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtOpenProcess + B 76EA4A8F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtOpenProcessToken + 6 76EA4A9A 4 Bytes CALL 75EA50A0 C:\windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtOpenProcessToken + B 76EA4A9F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtOpenProcessTokenEx + 6 76EA4AAA 4 Bytes [A8, 02, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtOpenProcessTokenEx + B 76EA4AAF 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtOpenThread + 6 76EA4AFA 4 Bytes [68, 01, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtOpenThread + B 76EA4AFF 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtOpenThreadToken + 6 76EA4B0A 4 Bytes [68, 02, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtOpenThreadToken + B 76EA4B0F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtOpenThreadTokenEx + 6 76EA4B1A 4 Bytes CALL 75EA5121 C:\windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtOpenThreadTokenEx + B 76EA4B1F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtQueryAttributesFile + 6 76EA4BAA 4 Bytes [A8, 00, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtQueryAttributesFile + B 76EA4BAF 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtQueryFullAttributesFile + 6 76EA4C5A 4 Bytes CALL 75EA525F C:\windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtQueryFullAttributesFile + B 76EA4C5F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtSetInformationFile + 6 76EA513A 4 Bytes [28, 01, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtSetInformationFile + B 76EA513F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtSetInformationThread + 6 76EA518A 4 Bytes [28, 02, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtSetInformationThread + B 76EA518F 1 Byte [E2] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtUnmapViewOfSection + 6 76EA542A 1 Byte [68] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtUnmapViewOfSection + 6 76EA542A 4 Bytes [68, 03, 06, 00] .text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5932] ntdll.dll!NtUnmapViewOfSection + B 76EA542F 1 Byte [E2] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\windows\Explorer.EXE[328] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73827817] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[328] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7387A86D] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[328] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7382BB22] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[328] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7381F695] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[328] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [738275E9] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[328] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7381E7CA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[328] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73858395] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[328] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7382DA60] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[328] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7381FFFA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[328] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7381FF61] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[328] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [738171CF] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[328] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [738ACAE2] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[328] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7384C8D8] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[328] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7381D968] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[328] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree] [73816853] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[328] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7381687E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[328] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73822AD1] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[4796] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 IAT C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5152] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 IAT C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5508] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 IAT C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5932] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\BTHUSB \Device\000000a4 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation) Device \Driver\BTHUSB \Device\000000a6 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247e845693 Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00247e845693 (not active ControlSet) ---- EOF - GMER 1.0.15 ----