GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-04-22 21:22:55 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-3 WDC_WD10EZEX-00BN5A0 rev.01.01A01 931,51GB Running: p5vi0ugr.exe; Driver: C:\Users\nikan\AppData\Local\Temp\pxldapow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xBB6A8ACC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0xBBD5D31C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xBB6A95AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xBB6B56A0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xBB6B56EC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xBB6B5886] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xBB6B560E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0xBBD5D6F6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xBB6B5656] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0xBBD5D986] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xBB6B5840] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xBB6AA398] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xBB6A8B32] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwDuplicateObject [0xBBD5DB74] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0xBBD5D3F4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwLoadDriver [0xBBD5A78E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xBBD5D7D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xBB6A8B98] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xBB6ADFE0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xBB6AAEDC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xBB6B56CA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xBB6B570E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xBB6B58AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xBB6B5634] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xBB6AD4E2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xBB6B57BE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xBB6B567E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xBB6AD8CE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xBB6B5864] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xBBD5D574] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xBB6AACF4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xBB6AA84A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xBB6A8BFE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xBB6A8C64] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0xBBD5D8D2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xBB6A87B8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xBB6A898A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xBB6A8918] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xBB6AA562] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xBB6AA6C4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xBB6A8A12] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0xBBD5D642] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xBB6AA1F2] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0xBBD5A7BE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xBB6A8CCA] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0xBBD5D4A6] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0xBBD5DA70] INT 0x51 ? B17212D0 INT 0x62 ? B3C00CD0 INT 0x71 ? B3C002D0 INT 0x72 ? B3C00A50 INT 0x82 ? B1721050 INT 0x92 ? B17217D0 INT 0xA2 ? B1721A50 INT 0xB1 ? B1721CD0 INT 0xB2 ? B1721550 ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 10D E32AF6D0 4 Bytes [CC, 8A, 6A, BB] {INT 3 ; MOV CH, [EDX-0x45]} .text ntkrnlpa.exe!KeSetEvent + 131 E32AF6F4 4 Bytes [1C, D3, D5, BB] {SBB AL, 0xd3; AAD 0xbb} .text ntkrnlpa.exe!KeSetEvent + 191 E32AF754 4 Bytes [AA, 95, 6A, BB] {STOSB ; XCHG EBP, EAX; PUSH -0x45} .text ntkrnlpa.exe!KeSetEvent + 1D1 E32AF794 8 Bytes [A0, 56, 6B, BB, EC, 56, 6B, ...] .text ntkrnlpa.exe!KeSetEvent + 1DD E32AF7A0 4 Bytes [86, 58, 6B, BB] .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 E343D091 4 Bytes CALL BB6AB5C3 \SystemRoot\system32\drivers\aswSnx.sys PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 E3440D05 4 Bytes CALL BB6AB5D9 \SystemRoot\system32\drivers\aswSnx.sys ? C:\Windows\system32\Drivers\PROCEXP113.SYS Nie można odnaleźć określonego pliku. ! ? C:\Users\nikan\AppData\Local\Temp\catchme.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[1396] ntdll.dll!LdrLoadDll 77809318 5 Bytes JMP 002101F8 .text C:\Program Files\Internet Explorer\iexplore.exe[1396] ntdll.dll!LdrUnloadDll 7781B600 5 Bytes JMP 002103FC .text C:\Program Files\Internet Explorer\iexplore.exe[1396] ntdll.dll!RtlExitUserThread 77821C5F 5 Bytes JMP 6F8EF0EC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1396] KERNEL32.dll!TerminateThread 777444DB 5 Bytes JMP 6F8EF105 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1396] KERNEL32.dll!CreateThread 7774CBEE 5 Bytes JMP 6F7574F3 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!CreateDialogParamW 775072A2 5 Bytes JMP 6F8EEE04 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!GetAsyncKeyState 7750863C 5 Bytes JMP 6F73DEAD C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 6F79298C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!CallNextHookEx 77508E3B 5 Bytes JMP 6F7B7CCF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 6F7DE230 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!EnableWindow 7750CD8B 5 Bytes JMP 6F79A2AC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!DefWindowProcA 7750DB88 7 Bytes JMP 6F759729 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!CreateWindowExA 7750DC2A 5 Bytes JMP 6F763543 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!CreateWindowExW 77511305 5 Bytes JMP 6F7C005B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!GetKeyState 77518CB1 5 Bytes JMP 6F73DD87 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!DefWindowProcW 775203B4 7 Bytes JMP 6F7B7D32 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!IsDialogMessageW 77520745 5 Bytes JMP 6F8EF5D7 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!CreateDialogParamA 775217AA 5 Bytes JMP 6F8EEDCC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!IsDialogMessage 77521847 5 Bytes JMP 6F8EF5AF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!CreateDialogIndirectParamA 775226F1 5 Bytes JMP 6F8EEE3C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!CreateDialogIndirectParamW 77529A62 5 Bytes JMP 6F8EEE74 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!SetKeyboardState 77530987 5 Bytes JMP 6F8EFEC9 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!DialogBoxParamW 775310B0 5 Bytes JMP 6F6F190B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!DialogBoxIndirectParamW 77532EF5 5 Bytes JMP 6F8EEA9A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!SendInput 77532F75 5 Bytes JMP 6F8EFE71 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!EndDialog 7753326E 5 Bytes JMP 6F8EF883 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!SetCursorPos 77546FB2 5 Bytes JMP 6F8EFF4A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!DialogBoxParamA 77548152 5 Bytes JMP 6F8EEA35 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!DialogBoxIndirectParamA 7754847D 5 Bytes JMP 6F8EEAFF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!MessageBoxIndirectA 7755D4D9 5 Bytes JMP 6F8EE9BC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!MessageBoxIndirectW 7755D5D3 5 Bytes JMP 6F8EE943 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!MessageBoxExA 7755D639 5 Bytes JMP 6F8EE8DF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!MessageBoxExW 7755D65D 5 Bytes JMP 6F8EE87B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!keybd_event 7755D972 5 Bytes JMP 6F8EFE2E C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1396] SHELL32.dll!SHRestricted + D95 766388D8 4 Bytes [CF, 01, F7, 68] .text C:\Program Files\Internet Explorer\iexplore.exe[1396] SHELL32.dll!SHRestricted + D9D 766388E0 8 Bytes [E0, 61, F6, 68, 79, F7, F6, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[1396] ole32.dll!OleLoadFromStream 76061E80 5 Bytes JMP 6F8EF2E1 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1812] kernel32.dll!SetUnhandledExceptionFilter 7772A9BD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!LdrLoadDll 77809318 5 Bytes JMP 00C201F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!LdrUnloadDll 7781B600 5 Bytes JMP 00C203FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtCreateFile + 6 778440D6 4 Bytes [28, 24, AF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtCreateFile + B 778440DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtMapViewOfSection + 6 77844826 4 Bytes [28, 27, AF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtMapViewOfSection + B 7784482B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtOpenFile + 6 778448B6 4 Bytes [68, 24, AF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtOpenFile + B 778448BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtOpenProcess + 6 77844936 4 Bytes [A8, 25, AF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtOpenProcess + B 7784493B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtOpenProcessToken + B 7784494B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtOpenProcessTokenEx + 6 77844956 4 Bytes [A8, 26, AF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtOpenProcessTokenEx + B 7784495B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtOpenThread + 6 778449A6 4 Bytes [68, 25, AF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtOpenThread + B 778449AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtOpenThreadToken + 6 778449B6 4 Bytes [68, 26, AF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtOpenThreadToken + B 778449BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtOpenThreadTokenEx + B 778449CB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtQueryAttributesFile + 6 77844A56 4 Bytes [A8, 24, AF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtQueryAttributesFile + B 77844A5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtQueryFullAttributesFile + B 77844B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtSetInformationFile + 6 77844FE6 4 Bytes [28, 25, AF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtSetInformationFile + B 77844FEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtSetInformationThread + 6 77845036 4 Bytes [28, 26, AF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtSetInformationThread + B 7784503B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtUnmapViewOfSection + 6 778452D6 4 Bytes [68, 27, AF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtUnmapViewOfSection + B 778452DB 1 Byte [E2] .text C:\Program Files\AVAST Software\Avast\avastui.exe[2216] kernel32.dll!SetUnhandledExceptionFilter 7772A9BD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!LdrLoadDll 77809318 5 Bytes JMP 002401F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!LdrUnloadDll 7781B600 5 Bytes JMP 002403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtCreateFile + 6 778440D6 4 Bytes [28, 44, 1E, 00] {SUB [ESI+EBX+0x0], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtCreateFile + B 778440DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtMapViewOfSection + 6 77844826 4 Bytes [28, 47, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtMapViewOfSection + B 7784482B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenFile + 6 778448B6 4 Bytes [68, 44, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenFile + B 778448BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenProcess + 6 77844936 4 Bytes [A8, 45, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenProcess + B 7784493B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenProcessToken + B 7784494B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenProcessTokenEx + 6 77844956 4 Bytes [A8, 46, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenProcessTokenEx + B 7784495B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenThread + 6 778449A6 4 Bytes [68, 45, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenThread + B 778449AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenThreadToken + 6 778449B6 4 Bytes [68, 46, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenThreadToken + B 778449BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenThreadTokenEx + B 778449CB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtQueryAttributesFile + 6 77844A56 4 Bytes [A8, 44, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtQueryAttributesFile + B 77844A5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtQueryFullAttributesFile + B 77844B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtSetInformationFile + 6 77844FE6 4 Bytes [28, 45, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtSetInformationFile + B 77844FEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtSetInformationThread + 6 77845036 4 Bytes [28, 46, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtSetInformationThread + B 7784503B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtUnmapViewOfSection + 6 778452D6 4 Bytes [68, 47, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtUnmapViewOfSection + B 778452DB 1 Byte [E2] .text C:\Program Files\Internet Explorer\iexplore.exe[4144] ntdll.dll!LdrLoadDll 77809318 5 Bytes JMP 001101F8 .text C:\Program Files\Internet Explorer\iexplore.exe[4144] ntdll.dll!LdrUnloadDll 7781B600 5 Bytes JMP 001103FC .text C:\Program Files\Internet Explorer\iexplore.exe[4144] USER32.dll!EnableWindow 7750CD8B 5 Bytes JMP 6F79A2AC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4144] USER32.dll!DialogBoxParamW 775310B0 5 Bytes JMP 6F6F190B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4144] USER32.dll!DialogBoxIndirectParamW 77532EF5 5 Bytes JMP 6F8EEA9A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4144] USER32.dll!DialogBoxParamA 77548152 5 Bytes JMP 6F8EEA35 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4144] USER32.dll!DialogBoxIndirectParamA 7754847D 5 Bytes JMP 6F8EEAFF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4144] USER32.dll!MessageBoxIndirectA 7755D4D9 5 Bytes JMP 6F8EE9BC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4144] USER32.dll!MessageBoxIndirectW 7755D5D3 5 Bytes JMP 6F8EE943 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4144] USER32.dll!MessageBoxExA 7755D639 5 Bytes JMP 6F8EE8DF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4144] USER32.dll!MessageBoxExW 7755D65D 5 Bytes JMP 6F8EE87B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4188] ntdll.dll!LdrLoadDll 77809318 5 Bytes JMP 00AB01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4188] ntdll.dll!LdrUnloadDll 7781B600 5 Bytes JMP 00AB03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4188] ntdll.dll!NtCreateFile + 6 778440D6 4 Bytes [28, A8, A5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4188] ntdll.dll!NtCreateFile + B 778440DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4188] ntdll.dll!NtMapViewOfSection + 6 77844826 4 Bytes [28, AB, A5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4188] ntdll.dll!NtMapViewOfSection + B 7784482B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4188] ntdll.dll!NtOpenFile + 6 778448B6 4 Bytes [68, A8, A5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4188] ntdll.dll!NtOpenFile + B 778448BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4188] ntdll.dll!NtOpenProcess + 6 77844936 4 Bytes [A8, A9, A5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4188] ntdll.dll!NtOpenProcess + B 7784493B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4188] ntdll.dll!NtOpenProcessToken + B 7784494B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4188] ntdll.dll!NtOpenProcessTokenEx + 6 77844956 4 Bytes [A8, AA, A5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4188] ntdll.dll!NtOpenProcessTokenEx + B 7784495B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4188] ntdll.dll!NtOpenThread + 6 778449A6 4 Bytes [68, A9, A5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4188] ntdll.dll!NtOpenThread + B 778449AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4188] ntdll.dll!NtOpenThreadToken + 6 778449B6 4 Bytes [68, AA, A5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4188] ntdll.dll!NtOpenThreadToken + B 778449BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4188] ntdll.dll!NtOpenThreadTokenEx + B 778449CB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4188] ntdll.dll!NtQueryAttributesFile + 6 77844A56 4 Bytes [A8, A8, A5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4188] ntdll.dll!NtQueryAttributesFile + B 77844A5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4188] ntdll.dll!NtQueryFullAttributesFile + B 77844B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4188] ntdll.dll!NtSetInformationFile + 6 77844FE6 4 Bytes [28, A9, A5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4188] ntdll.dll!NtSetInformationFile + B 77844FEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4188] ntdll.dll!NtSetInformationThread + 6 77845036 4 Bytes [28, AA, A5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4188] ntdll.dll!NtSetInformationThread + B 7784503B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4188] ntdll.dll!NtUnmapViewOfSection + 6 778452D6 4 Bytes [68, AB, A5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4188] ntdll.dll!NtUnmapViewOfSection + B 778452DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!LdrLoadDll 77809318 5 Bytes JMP 000601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!LdrUnloadDll 7781B600 5 Bytes JMP 000603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtMapViewOfSection + 6 77844826 4 Bytes [18, 20, EB, 6E] {SBB [EAX], AH; JMP 0x72} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtMapViewOfSection + B 7784482B 1 Byte [E2] .text C:\Program Files\Internet Explorer\iexplore.exe[5472] ntdll.dll!LdrLoadDll 77809318 5 Bytes JMP 001101F8 .text C:\Program Files\Internet Explorer\iexplore.exe[5472] ntdll.dll!LdrUnloadDll 7781B600 5 Bytes JMP 001103FC .text C:\Program Files\Internet Explorer\iexplore.exe[5472] ntdll.dll!RtlExitUserThread 77821C5F 5 Bytes JMP 6F8EF0EC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5472] KERNEL32.dll!TerminateThread 777444DB 5 Bytes JMP 6F8EF105 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5472] KERNEL32.dll!CreateThread 7774CBEE 5 Bytes JMP 6F7574F3 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!CreateDialogParamW 775072A2 5 Bytes JMP 6F8EEE04 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!GetAsyncKeyState 7750863C 5 Bytes JMP 6F73DEAD C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 6F79298C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!CallNextHookEx 77508E3B 5 Bytes JMP 6F7B7CCF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 6F7DE230 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!EnableWindow 7750CD8B 5 Bytes JMP 6F79A2AC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!DefWindowProcA 7750DB88 7 Bytes JMP 6F759729 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!CreateWindowExA 7750DC2A 5 Bytes JMP 6F763543 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!CreateWindowExW 77511305 5 Bytes JMP 6F7C005B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!GetKeyState 77518CB1 5 Bytes JMP 6F73DD87 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!DefWindowProcW 775203B4 7 Bytes JMP 6F7B7D32 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!IsDialogMessageW 77520745 5 Bytes JMP 6F8EF5D7 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!CreateDialogParamA 775217AA 5 Bytes JMP 6F8EEDCC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!IsDialogMessage 77521847 5 Bytes JMP 6F8EF5AF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!CreateDialogIndirectParamA 775226F1 5 Bytes JMP 6F8EEE3C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!CreateDialogIndirectParamW 77529A62 5 Bytes JMP 6F8EEE74 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!SetKeyboardState 77530987 5 Bytes JMP 6F8EFEC9 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!DialogBoxParamW 775310B0 5 Bytes JMP 6F6F190B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!DialogBoxIndirectParamW 77532EF5 5 Bytes JMP 6F8EEA9A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!SendInput 77532F75 5 Bytes JMP 6F8EFE71 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!EndDialog 7753326E 5 Bytes JMP 6F8EF883 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!SetCursorPos 77546FB2 5 Bytes JMP 6F8EFF4A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!DialogBoxParamA 77548152 5 Bytes JMP 6F8EEA35 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!DialogBoxIndirectParamA 7754847D 5 Bytes JMP 6F8EEAFF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!MessageBoxIndirectA 7755D4D9 5 Bytes JMP 6F8EE9BC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!MessageBoxIndirectW 7755D5D3 5 Bytes JMP 6F8EE943 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!MessageBoxExA 7755D639 5 Bytes JMP 6F8EE8DF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!MessageBoxExW 7755D65D 5 Bytes JMP 6F8EE87B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!keybd_event 7755D972 5 Bytes JMP 6F8EFE2E C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5472] SHELL32.dll!SHRestricted + D95 766388D8 4 Bytes [CF, 01, F7, 68] .text C:\Program Files\Internet Explorer\iexplore.exe[5472] SHELL32.dll!SHRestricted + D9D 766388E0 8 Bytes [E0, 61, F6, 68, 79, F7, F6, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[5472] ole32.dll!OleLoadFromStream 76061E80 5 Bytes JMP 6F8EF2E1 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!LdrLoadDll 77809318 5 Bytes JMP 00F701F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!LdrUnloadDll 7781B600 5 Bytes JMP 00F703FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtCreateFile + 6 778440D6 4 Bytes [28, 98, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtCreateFile + B 778440DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtMapViewOfSection + 6 77844826 4 Bytes [28, 9B, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtMapViewOfSection + B 7784482B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenFile + 6 778448B6 4 Bytes [68, 98, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenFile + B 778448BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenProcess + 6 77844936 4 Bytes [A8, 99, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenProcess + B 7784493B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenProcessToken + B 7784494B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenProcessTokenEx + 6 77844956 4 Bytes [A8, 9A, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenProcessTokenEx + B 7784495B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenThread + 6 778449A6 4 Bytes [68, 99, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenThread + B 778449AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenThreadToken + 6 778449B6 4 Bytes [68, 9A, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenThreadToken + B 778449BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenThreadTokenEx + B 778449CB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtQueryAttributesFile + 6 77844A56 4 Bytes [A8, 98, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtQueryAttributesFile + B 77844A5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtQueryFullAttributesFile + B 77844B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtSetInformationFile + 6 77844FE6 4 Bytes [28, 99, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtSetInformationFile + B 77844FEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtSetInformationThread + 6 77845036 4 Bytes [28, 9A, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtSetInformationThread + B 7784503B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtUnmapViewOfSection + 6 778452D6 4 Bytes [68, 9B, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtUnmapViewOfSection + B 778452DB 1 Byte [E2] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.exe[2508] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [746A7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19299_none_9e595caeca0ff663\gdiplus.dll IAT C:\Windows\Explorer.exe[2508] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [746E5EFD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19299_none_9e595caeca0ff663\gdiplus.dll IAT C:\Windows\Explorer.exe[2508] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [746ABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19299_none_9e595caeca0ff663\gdiplus.dll IAT C:\Windows\Explorer.exe[2508] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7469F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19299_none_9e595caeca0ff663\gdiplus.dll IAT C:\Windows\Explorer.exe[2508] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [746A75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19299_none_9e595caeca0ff663\gdiplus.dll IAT C:\Windows\Explorer.exe[2508] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [7469E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19299_none_9e595caeca0ff663\gdiplus.dll IAT C:\Windows\Explorer.exe[2508] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [746F92D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19299_none_9e595caeca0ff663\gdiplus.dll IAT C:\Windows\Explorer.exe[2508] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [746ADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19299_none_9e595caeca0ff663\gdiplus.dll IAT C:\Windows\Explorer.exe[2508] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [7469FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19299_none_9e595caeca0ff663\gdiplus.dll IAT C:\Windows\Explorer.exe[2508] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [7469FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19299_none_9e595caeca0ff663\gdiplus.dll IAT C:\Windows\Explorer.exe[2508] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [746971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19299_none_9e595caeca0ff663\gdiplus.dll IAT C:\Windows\Explorer.exe[2508] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [7472CB4D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19299_none_9e595caeca0ff663\gdiplus.dll IAT C:\Windows\Explorer.exe[2508] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [746CC840] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19299_none_9e595caeca0ff663\gdiplus.dll IAT C:\Windows\Explorer.exe[2508] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [7469D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19299_none_9e595caeca0ff663\gdiplus.dll IAT C:\Windows\Explorer.exe[2508] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [74696853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19299_none_9e595caeca0ff663\gdiplus.dll IAT C:\Windows\Explorer.exe[2508] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [7469687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19299_none_9e595caeca0ff663\gdiplus.dll IAT C:\Windows\Explorer.exe[2508] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [746A2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19299_none_9e595caeca0ff663\gdiplus.dll ---- Devices - GMER 2.1 ---- Device Ntfs.sys AttachedDevice \Driver\tdx \Device\Tcp aswTdi.sys AttachedDevice \Driver\tdx \Device\Udp aswTdi.sys AttachedDevice \Driver\tdx \Device\RawIp SbFw.sys ---- EOF - GMER 2.1 ----