GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-05-13 10:58:02 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000018 WDC_WD10JPCX-24UE4T0 rev.01.01A01 931,51GB Running: ij9t3fe9.exe; Driver: C:\Users\Kuba\AppData\Local\Temp\pxldapob.sys ---- User code sections - GMER 2.2 ---- ? C:\WINDOWS\system32\wbem\wbemsvc.dll [2340] entry point in ".rdata" section 0000000071fe8fc0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ff9a8eb65c0 16 bytes {MOV RAX, 0x7ff999f762b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ff9a8eb6260 16 bytes {MOV RAX, 0x7ff68766f960; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadToken 00007ff9a8eb6540 16 bytes {MOV RAX, 0x7ff68766f9e0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ff9a8eb6580 16 bytes {MOV RAX, 0x7ff68766fdd0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationFile 00007ff9a8eb65a0 16 bytes {MOV RAX, 0x7ff68766fbc0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ff9a8eb65c0 16 bytes {MOV RAX, 0x7ff68766f840; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ff9a8eb6600 16 bytes {MOV RAX, 0x7ff68766f8b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00007ff9a8eb66a0 16 bytes {MOV RAX, 0x7ff68766fa50; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00007ff9a8eb66c0 16 bytes {MOV RAX, 0x7ff68766fe20; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenFile 00007ff9a8eb6720 16 bytes {MOV RAX, 0x7ff68766fb40; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00007ff9a8eb6860 16 bytes {MOV RAX, 0x7ff68766fb80; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ff9a8eb6b60 16 bytes {MOV RAX, 0x7ff68766fac0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessToken 00007ff9a8eb83d0 16 bytes {MOV RAX, 0x7ff68766fe00; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ff9a8eb8490 16 bytes {MOV RAX, 0x7ff68766fda0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5612] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00007ff9a8eb8730 16 bytes {MOV RAX, 0x7ff68766fba0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ff9a8eb6260 16 bytes {MOV RAX, 0x7ff68766f960; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadToken 00007ff9a8eb6540 16 bytes {MOV RAX, 0x7ff68766f9e0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ff9a8eb6580 16 bytes {MOV RAX, 0x7ff68766fdd0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationFile 00007ff9a8eb65a0 16 bytes {MOV RAX, 0x7ff68766fbc0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ff9a8eb65c0 16 bytes {MOV RAX, 0x7ff68766f840; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ff9a8eb6600 16 bytes {MOV RAX, 0x7ff68766f8b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00007ff9a8eb66a0 16 bytes {MOV RAX, 0x7ff68766fa50; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00007ff9a8eb66c0 16 bytes {MOV RAX, 0x7ff68766fe20; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenFile 00007ff9a8eb6720 16 bytes {MOV RAX, 0x7ff68766fb40; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00007ff9a8eb6860 16 bytes {MOV RAX, 0x7ff68766fb80; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ff9a8eb6b60 16 bytes {MOV RAX, 0x7ff68766fac0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessToken 00007ff9a8eb83d0 16 bytes {MOV RAX, 0x7ff68766fe00; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ff9a8eb8490 16 bytes {MOV RAX, 0x7ff68766fda0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5100] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00007ff9a8eb8730 16 bytes {MOV RAX, 0x7ff68766fba0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ff9a8eb6260 16 bytes {MOV RAX, 0x7ff68766f960; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadToken 00007ff9a8eb6540 16 bytes {MOV RAX, 0x7ff68766f9e0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ff9a8eb6580 16 bytes {MOV RAX, 0x7ff68766fdd0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationFile 00007ff9a8eb65a0 16 bytes {MOV RAX, 0x7ff68766fbc0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ff9a8eb65c0 16 bytes {MOV RAX, 0x7ff68766f840; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ff9a8eb6600 16 bytes {MOV RAX, 0x7ff68766f8b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00007ff9a8eb66a0 16 bytes {MOV RAX, 0x7ff68766fa50; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00007ff9a8eb66c0 16 bytes {MOV RAX, 0x7ff68766fe20; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenFile 00007ff9a8eb6720 16 bytes {MOV RAX, 0x7ff68766fb40; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00007ff9a8eb6860 16 bytes {MOV RAX, 0x7ff68766fb80; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ff9a8eb6b60 16 bytes {MOV RAX, 0x7ff68766fac0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessToken 00007ff9a8eb83d0 16 bytes {MOV RAX, 0x7ff68766fe00; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ff9a8eb8490 16 bytes {MOV RAX, 0x7ff68766fda0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00007ff9a8eb8730 16 bytes {MOV RAX, 0x7ff68766fba0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7000] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ff9a8eb6260 16 bytes {MOV RAX, 0x7ff68766f960; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7000] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadToken 00007ff9a8eb6540 16 bytes {MOV RAX, 0x7ff68766f9e0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7000] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ff9a8eb6580 16 bytes {MOV RAX, 0x7ff68766fdd0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7000] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationFile 00007ff9a8eb65a0 16 bytes {MOV RAX, 0x7ff68766fbc0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7000] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ff9a8eb65c0 16 bytes {MOV RAX, 0x7ff68766f840; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7000] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ff9a8eb6600 16 bytes {MOV RAX, 0x7ff68766f8b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7000] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00007ff9a8eb66a0 16 bytes {MOV RAX, 0x7ff68766fa50; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7000] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00007ff9a8eb66c0 16 bytes {MOV RAX, 0x7ff68766fe20; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7000] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenFile 00007ff9a8eb6720 16 bytes {MOV RAX, 0x7ff68766fb40; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7000] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00007ff9a8eb6860 16 bytes {MOV RAX, 0x7ff68766fb80; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7000] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ff9a8eb6b60 16 bytes {MOV RAX, 0x7ff68766fac0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7000] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessToken 00007ff9a8eb83d0 16 bytes {MOV RAX, 0x7ff68766fe00; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7000] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ff9a8eb8490 16 bytes {MOV RAX, 0x7ff68766fda0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7000] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00007ff9a8eb8730 16 bytes {MOV RAX, 0x7ff68766fba0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ff9a8eb6260 16 bytes {MOV RAX, 0x7ff68766f960; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadToken 00007ff9a8eb6540 16 bytes {MOV RAX, 0x7ff68766f9e0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ff9a8eb6580 16 bytes {MOV RAX, 0x7ff68766fdd0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationFile 00007ff9a8eb65a0 16 bytes {MOV RAX, 0x7ff68766fbc0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ff9a8eb65c0 16 bytes {MOV RAX, 0x7ff68766f840; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ff9a8eb6600 16 bytes {MOV RAX, 0x7ff68766f8b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00007ff9a8eb66a0 16 bytes {MOV RAX, 0x7ff68766fa50; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00007ff9a8eb66c0 16 bytes {MOV RAX, 0x7ff68766fe20; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenFile 00007ff9a8eb6720 16 bytes {MOV RAX, 0x7ff68766fb40; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00007ff9a8eb6860 16 bytes {MOV RAX, 0x7ff68766fb80; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ff9a8eb6b60 16 bytes {MOV RAX, 0x7ff68766fac0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessToken 00007ff9a8eb83d0 16 bytes {MOV RAX, 0x7ff68766fe00; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ff9a8eb8490 16 bytes {MOV RAX, 0x7ff68766fda0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6364] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00007ff9a8eb8730 16 bytes {MOV RAX, 0x7ff68766fba0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ff9a8eb6260 16 bytes {MOV RAX, 0x7ff68766f960; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadToken 00007ff9a8eb6540 16 bytes {MOV RAX, 0x7ff68766f9e0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ff9a8eb6580 16 bytes {MOV RAX, 0x7ff68766fdd0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationFile 00007ff9a8eb65a0 16 bytes {MOV RAX, 0x7ff68766fbc0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ff9a8eb65c0 16 bytes {MOV RAX, 0x7ff68766f840; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ff9a8eb6600 16 bytes {MOV RAX, 0x7ff68766f8b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00007ff9a8eb66a0 16 bytes {MOV RAX, 0x7ff68766fa50; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00007ff9a8eb66c0 16 bytes {MOV RAX, 0x7ff68766fe20; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenFile 00007ff9a8eb6720 16 bytes {MOV RAX, 0x7ff68766fb40; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00007ff9a8eb6860 16 bytes {MOV RAX, 0x7ff68766fb80; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ff9a8eb6b60 16 bytes {MOV RAX, 0x7ff68766fac0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessToken 00007ff9a8eb83d0 16 bytes {MOV RAX, 0x7ff68766fe00; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ff9a8eb8490 16 bytes {MOV RAX, 0x7ff68766fda0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2900] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00007ff9a8eb8730 16 bytes {MOV RAX, 0x7ff68766fba0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ff9a8eb6260 16 bytes {MOV RAX, 0x7ff68766f960; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadToken 00007ff9a8eb6540 16 bytes {MOV RAX, 0x7ff68766f9e0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ff9a8eb6580 16 bytes {MOV RAX, 0x7ff68766fdd0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationFile 00007ff9a8eb65a0 16 bytes {MOV RAX, 0x7ff68766fbc0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ff9a8eb65c0 16 bytes {MOV RAX, 0x7ff68766f840; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ff9a8eb6600 16 bytes {MOV RAX, 0x7ff68766f8b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00007ff9a8eb66a0 16 bytes {MOV RAX, 0x7ff68766fa50; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00007ff9a8eb66c0 16 bytes {MOV RAX, 0x7ff68766fe20; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenFile 00007ff9a8eb6720 16 bytes {MOV RAX, 0x7ff68766fb40; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00007ff9a8eb6860 16 bytes {MOV RAX, 0x7ff68766fb80; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ff9a8eb6b60 16 bytes {MOV RAX, 0x7ff68766fac0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessToken 00007ff9a8eb83d0 16 bytes {MOV RAX, 0x7ff68766fe00; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ff9a8eb8490 16 bytes {MOV RAX, 0x7ff68766fda0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00007ff9a8eb8730 16 bytes {MOV RAX, 0x7ff68766fba0; JMP RAX} ? C:\WINDOWS\system32\apphelp.dll [8064] entry point in ".rdata" section 0000000073b9f7c0 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5612] @ C:\WINDOWS\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5612] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5612] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ff9a8bd002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5612] @ C:\WINDOWS\System32\ole32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5612] @ C:\WINDOWS\System32\ole32.dll[USER32.dll!RegisterClassW] [7ff9a6e0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5612] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7ff9a6e0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5612] @ C:\WINDOWS\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5612] @ C:\WINDOWS\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ff9a6e0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5612] @ C:\WINDOWS\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5612] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5612] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[USER32.dll!RegisterClassW] [7ff9a6e0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5612] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ff979272730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5100] @ C:\WINDOWS\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5100] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5100] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ff9a8bd002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5100] @ C:\WINDOWS\System32\ole32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5100] @ C:\WINDOWS\System32\ole32.dll[USER32.dll!RegisterClassW] [7ff9a6e0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5100] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7ff9a6e0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5100] @ C:\WINDOWS\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5100] @ C:\WINDOWS\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ff9a6e0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5100] @ C:\WINDOWS\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5100] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5100] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[USER32.dll!RegisterClassW] [7ff9a6e0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5100] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ff979272730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] @ C:\WINDOWS\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ff9a8bd002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] @ C:\WINDOWS\System32\ole32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] @ C:\WINDOWS\System32\ole32.dll[USER32.dll!RegisterClassW] [7ff9a6e0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7ff9a6e0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] @ C:\WINDOWS\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] @ C:\WINDOWS\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ff9a6e0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] @ C:\WINDOWS\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[USER32.dll!RegisterClassW] [7ff9a6e0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ff979272730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7000] @ C:\WINDOWS\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7000] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7000] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ff9a8bd002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7000] @ C:\WINDOWS\System32\ole32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7000] @ C:\WINDOWS\System32\ole32.dll[USER32.dll!RegisterClassW] [7ff9a6e0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7000] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7ff9a6e0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7000] @ C:\WINDOWS\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7000] @ C:\WINDOWS\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ff9a6e0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7000] @ C:\WINDOWS\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7000] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7000] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[USER32.dll!RegisterClassW] [7ff9a6e0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7000] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ff979272730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6364] @ C:\WINDOWS\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6364] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6364] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ff9a8bd002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6364] @ C:\WINDOWS\System32\ole32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6364] @ C:\WINDOWS\System32\ole32.dll[USER32.dll!RegisterClassW] [7ff9a6e0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6364] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7ff9a6e0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6364] @ C:\WINDOWS\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6364] @ C:\WINDOWS\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ff9a6e0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6364] @ C:\WINDOWS\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6364] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6364] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[USER32.dll!RegisterClassW] [7ff9a6e0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6364] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ff979272730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2900] @ C:\WINDOWS\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2900] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2900] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ff9a8bd002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2900] @ C:\WINDOWS\System32\ole32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2900] @ C:\WINDOWS\System32\ole32.dll[USER32.dll!RegisterClassW] [7ff9a6e0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2900] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7ff9a6e0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2900] @ C:\WINDOWS\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2900] @ C:\WINDOWS\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ff9a6e0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2900] @ C:\WINDOWS\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2900] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2900] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[USER32.dll!RegisterClassW] [7ff9a6e0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2900] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ff979272730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] @ C:\WINDOWS\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ff9a8bd002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] @ C:\WINDOWS\System32\ole32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] @ C:\WINDOWS\System32\ole32.dll[USER32.dll!RegisterClassW] [7ff9a6e0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7ff9a6e0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] @ C:\WINDOWS\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] @ C:\WINDOWS\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ff9a6e0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] @ C:\WINDOWS\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[USER32.dll!RegisterClassW] [7ff9a6e0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7560] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ff979272730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[924] @ C:\WINDOWS\AppPatch\AppPatch64\AcGenral.dll[USER32.dll!GetMonitorInfoW] [7ff9a6e0012c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[924] @ C:\WINDOWS\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[924] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[924] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ff9a8bd002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[924] @ C:\WINDOWS\System32\ole32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[924] @ C:\WINDOWS\System32\ole32.dll[USER32.dll!RegisterClassW] [7ff9a6e0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[924] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7ff9a6e0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[924] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!EnumDisplayMonitors] [7ff9a6e0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[924] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!GetMonitorInfoW] [7ff9a6e0012c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[924] @ C:\WINDOWS\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[924] @ C:\WINDOWS\System32\IMM32.DLL[USER32.dll!GetMonitorInfoW] [7ff9a6e0012c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[924] @ C:\WINDOWS\System32\COMDLG32.dll[USER32.dll!GetMonitorInfoW] [7ff9a6e0012c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[924] @ C:\WINDOWS\System32\COMDLG32.dll[USER32.dll!EnumDisplayMonitors] [7ff9a6e0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[924] @ C:\WINDOWS\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ff9a6e0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[924] @ C:\WINDOWS\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[924] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[924] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[USER32.dll!RegisterClassW] [7ff9a6e0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[924] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[USER32.dll!GetMonitorInfoW] [7ff9a6e0012c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[924] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[USER32.dll!EnumDisplayMonitors] [7ff9a6e0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[924] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ff979272730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[924] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.953_none_7300116921188239\gdiplus.dll[GDI32.dll!GetStockObject] [7ff9a8bd006c] ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [3144:1168] ffff884542b96c20 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 1000280210 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS\Performance@PerfMMFileName Global\MMF_BITS7278804c-4b5d-40d3-8aa0-e40d37c18969 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\485ab6d6e260 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\485ab6d6e260@00116711416e 0x1D 0xAF 0xD2 0x5C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\485ab6d6e260@001ddfff47af 0x65 0xE6 0x8B 0xF8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x75 0x58 0x79 0x0B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x75 0xC0 0x3D 0x6D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x75 0xF0 0xB4 0xA9 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList@MRUList hagbcdef Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search@JumpListChangedAppIds Chrome? Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{DB0E92D1-314C-4827-AB92-C6768916B925}@LastAccessedTime 0x00 0xB6 0xFB 0x42 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{DB0E92D1-314C-4827-AB92-C6768916B925}@LaunchCount 2 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{DB0E92D1-314C-4827-AB92-C6768916B925}\RecentItems\{C97C6D63-1BD2-4BA7-9FD7-0393787AF113} Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{DB0E92D1-314C-4827-AB92-C6768916B925}\RecentItems\{C97C6D63-1BD2-4BA7-9FD7-0393787AF113}@Type 0 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{DB0E92D1-314C-4827-AB92-C6768916B925}\RecentItems\{C97C6D63-1BD2-4BA7-9FD7-0393787AF113}@Path C:\Users\Kuba\Desktop\Przy Trakcie\Dolin? Krzny\20150509-094212.gpx Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{DB0E92D1-314C-4827-AB92-C6768916B925}\RecentItems\{C97C6D63-1BD2-4BA7-9FD7-0393787AF113}@DisplayName 20150509-094212 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{DB0E92D1-314C-4827-AB92-C6768916B925}\RecentItems\{C97C6D63-1BD2-4BA7-9FD7-0393787AF113}@LastAccessedTime 0x00 0x00 0x00 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{DB0E92D1-314C-4827-AB92-C6768916B925}\RecentItems\{C97C6D63-1BD2-4BA7-9FD7-0393787AF113}@Points 0x00 0x00 0x00 0x00 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----