GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-10-16 19:08:16 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 Running: 5dhxx6xj.exe; Driver: C:\Users\Kaper\AppData\Local\Temp\kgloqpow.sys ---- User code sections - GMER 1.0.15 ---- .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtCreateFile + 6 7739424A 4 Bytes [28, 60, 93, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtCreateFile + B 7739424F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtMapViewOfSection + 6 7739499A 4 Bytes [28, 63, 93, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtMapViewOfSection + B 7739499F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtOpenFile + 6 77394A2A 4 Bytes [68, 60, 93, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtOpenFile + B 77394A2F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtOpenProcess + 6 77394AAA 4 Bytes [A8, 61, 93, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtOpenProcess + B 77394AAF 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtOpenProcessToken + 6 77394ABA 4 Bytes CALL 7639DE20 .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtOpenProcessToken + B 77394ABF 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtOpenProcessTokenEx + 6 77394ACA 4 Bytes [A8, 62, 93, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtOpenProcessTokenEx + B 77394ACF 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtOpenThread + 6 77394B1A 4 Bytes [68, 61, 93, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtOpenThread + B 77394B1F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtOpenThreadToken + 6 77394B2A 4 Bytes [68, 62, 93, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtOpenThreadToken + B 77394B2F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtOpenThreadTokenEx + 6 77394B3A 4 Bytes CALL 7639DEA1 .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtOpenThreadTokenEx + B 77394B3F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtQueryAttributesFile + 6 77394BCA 4 Bytes [A8, 60, 93, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtQueryAttributesFile + B 77394BCF 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtQueryFullAttributesFile + 6 77394C7A 4 Bytes CALL 7639DFDF .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtQueryFullAttributesFile + B 77394C7F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtSetInformationFile + 6 7739515A 4 Bytes [28, 61, 93, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtSetInformationFile + B 7739515F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtSetInformationThread + 6 773951AA 4 Bytes [28, 62, 93, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtSetInformationThread + B 773951AF 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtUnmapViewOfSection + 6 7739544A 4 Bytes [68, 63, 93, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtUnmapViewOfSection + B 7739544F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[1680] WS2_32.dll!recv 7756343A 6 Bytes JMP 71A00F5A .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[1680] WS2_32.dll!WSASend 77564496 6 Bytes JMP 719D0F5A .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[1680] WS2_32.dll!WSALookupServiceNextW 7756455D 6 Bytes JMP 71A90F5A .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[1680] WS2_32.dll!WSALookupServiceBeginW 77564E93 6 Bytes JMP 71AF0F5A .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[1680] WS2_32.dll!WSALookupServiceEnd 77565564 6 Bytes JMP 71A60F5A .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[1680] WS2_32.dll!send 7756659B 6 Bytes JMP 71A30F5A .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[1680] WS2_32.dll!WSAGetOverlappedResult 77568143 6 Bytes JMP 71970F5A .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[1680] WS2_32.dll!WSARecv 77568400 6 Bytes JMP 719A0F5A .text C:\Windows\Explorer.EXE[2996] SHELL32.dll!SHFileOperationW 767D68E8 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtCreateFile + 6 7739424A 4 Bytes [28, 70, F2, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtCreateFile + B 7739424F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtMapViewOfSection + 6 7739499A 4 Bytes [28, 73, F2, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtMapViewOfSection + B 7739499F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenFile + 6 77394A2A 4 Bytes [68, 70, F2, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenFile + B 77394A2F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenProcess + 6 77394AAA 4 Bytes [A8, 71, F2, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenProcess + B 77394AAF 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenProcessToken + 6 77394ABA 4 Bytes CALL 763A3D30 .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenProcessToken + B 77394ABF 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenProcessTokenEx + 6 77394ACA 4 Bytes [A8, 72, F2, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenProcessTokenEx + B 77394ACF 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenThread + 6 77394B1A 4 Bytes [68, 71, F2, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenThread + B 77394B1F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenThreadToken + 6 77394B2A 4 Bytes [68, 72, F2, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenThreadToken + B 77394B2F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenThreadTokenEx + 6 77394B3A 4 Bytes CALL 763A3DB1 .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtOpenThreadTokenEx + B 77394B3F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtQueryAttributesFile + 6 77394BCA 4 Bytes [A8, 70, F2, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtQueryAttributesFile + B 77394BCF 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtQueryFullAttributesFile + 6 77394C7A 4 Bytes CALL 763A3EEF .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtQueryFullAttributesFile + B 77394C7F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtSetInformationFile + 6 7739515A 4 Bytes [28, 71, F2, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtSetInformationFile + B 7739515F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtSetInformationThread + 6 773951AA 4 Bytes [28, 72, F2, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtSetInformationThread + B 773951AF 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtUnmapViewOfSection + 6 7739544A 4 Bytes [68, 73, F2, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[3968] ntdll.dll!NtUnmapViewOfSection + B 7739544F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6376] ntdll.dll!NtCreateFile + 6 7739424A 4 Bytes [28, 94, C6, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6376] ntdll.dll!NtCreateFile + B 7739424F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6376] ntdll.dll!NtMapViewOfSection + 6 7739499A 4 Bytes [28, 97, C6, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6376] ntdll.dll!NtMapViewOfSection + B 7739499F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6376] ntdll.dll!NtOpenFile + 6 77394A2A 4 Bytes [68, 94, C6, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6376] ntdll.dll!NtOpenFile + B 77394A2F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6376] ntdll.dll!NtOpenProcess + 6 77394AAA 4 Bytes [A8, 95, C6, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6376] ntdll.dll!NtOpenProcess + B 77394AAF 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6376] ntdll.dll!NtOpenProcessToken + 6 77394ABA 4 Bytes CALL 763A1154 .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6376] ntdll.dll!NtOpenProcessToken + B 77394ABF 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6376] ntdll.dll!NtOpenProcessTokenEx + 6 77394ACA 4 Bytes [A8, 96, C6, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6376] ntdll.dll!NtOpenProcessTokenEx + B 77394ACF 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6376] ntdll.dll!NtOpenThread + 6 77394B1A 4 Bytes [68, 95, C6, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6376] ntdll.dll!NtOpenThread + B 77394B1F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6376] ntdll.dll!NtOpenThreadToken + 6 77394B2A 4 Bytes [68, 96, C6, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6376] ntdll.dll!NtOpenThreadToken + B 77394B2F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6376] ntdll.dll!NtOpenThreadTokenEx + 6 77394B3A 4 Bytes CALL 763A11D5 .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6376] ntdll.dll!NtOpenThreadTokenEx + B 77394B3F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6376] ntdll.dll!NtQueryAttributesFile + 6 77394BCA 4 Bytes [A8, 94, C6, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6376] ntdll.dll!NtQueryAttributesFile + B 77394BCF 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6376] ntdll.dll!NtQueryFullAttributesFile + 6 77394C7A 4 Bytes CALL 763A1313 .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6376] ntdll.dll!NtQueryFullAttributesFile + B 77394C7F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6376] ntdll.dll!NtSetInformationFile + 6 7739515A 4 Bytes [28, 95, C6, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6376] ntdll.dll!NtSetInformationFile + B 7739515F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6376] ntdll.dll!NtSetInformationThread + 6 773951AA 4 Bytes [28, 96, C6, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6376] ntdll.dll!NtSetInformationThread + B 773951AF 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6376] ntdll.dll!NtUnmapViewOfSection + 6 7739544A 4 Bytes [68, 97, C6, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6376] ntdll.dll!NtUnmapViewOfSection + B 7739544F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6564] ntdll.dll!NtCreateFile + 6 7739424A 4 Bytes [28, 64, 5D, 00] {SUB [EBP+EBX*2+0x0], AH} .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6564] ntdll.dll!NtCreateFile + B 7739424F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6564] ntdll.dll!NtMapViewOfSection + 6 7739499A 4 Bytes [28, 67, 5D, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6564] ntdll.dll!NtMapViewOfSection + B 7739499F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6564] ntdll.dll!NtOpenFile + 6 77394A2A 4 Bytes [68, 64, 5D, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6564] ntdll.dll!NtOpenFile + B 77394A2F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6564] ntdll.dll!NtOpenProcess + 6 77394AAA 4 Bytes [A8, 65, 5D, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6564] ntdll.dll!NtOpenProcess + B 77394AAF 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6564] ntdll.dll!NtOpenProcessToken + 6 77394ABA 4 Bytes CALL 7639A824 .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6564] ntdll.dll!NtOpenProcessToken + B 77394ABF 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6564] ntdll.dll!NtOpenProcessTokenEx + 6 77394ACA 4 Bytes [A8, 66, 5D, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6564] ntdll.dll!NtOpenProcessTokenEx + B 77394ACF 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6564] ntdll.dll!NtOpenThread + 6 77394B1A 4 Bytes [68, 65, 5D, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6564] ntdll.dll!NtOpenThread + B 77394B1F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6564] ntdll.dll!NtOpenThreadToken + 6 77394B2A 4 Bytes [68, 66, 5D, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6564] ntdll.dll!NtOpenThreadToken + B 77394B2F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6564] ntdll.dll!NtOpenThreadTokenEx + 6 77394B3A 4 Bytes CALL 7639A8A5 .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6564] ntdll.dll!NtOpenThreadTokenEx + B 77394B3F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6564] ntdll.dll!NtQueryAttributesFile + 6 77394BCA 4 Bytes [A8, 64, 5D, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6564] ntdll.dll!NtQueryAttributesFile + B 77394BCF 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6564] ntdll.dll!NtQueryFullAttributesFile + 6 77394C7A 4 Bytes CALL 7639A9E3 .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6564] ntdll.dll!NtQueryFullAttributesFile + B 77394C7F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6564] ntdll.dll!NtSetInformationFile + 6 7739515A 4 Bytes [28, 65, 5D, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6564] ntdll.dll!NtSetInformationFile + B 7739515F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6564] ntdll.dll!NtSetInformationThread + 6 773951AA 4 Bytes [28, 66, 5D, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6564] ntdll.dll!NtSetInformationThread + B 773951AF 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6564] ntdll.dll!NtUnmapViewOfSection + 6 7739544A 4 Bytes [68, 67, 5D, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6564] ntdll.dll!NtUnmapViewOfSection + B 7739544F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6692] ntdll.dll!NtCreateFile + 6 7739424A 4 Bytes [28, AC, 5E, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6692] ntdll.dll!NtCreateFile + B 7739424F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6692] ntdll.dll!NtMapViewOfSection + 6 7739499A 4 Bytes [28, AF, 5E, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6692] ntdll.dll!NtMapViewOfSection + B 7739499F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6692] ntdll.dll!NtOpenFile + 6 77394A2A 4 Bytes [68, AC, 5E, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6692] ntdll.dll!NtOpenFile + B 77394A2F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6692] ntdll.dll!NtOpenProcess + 6 77394AAA 4 Bytes [A8, AD, 5E, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6692] ntdll.dll!NtOpenProcess + B 77394AAF 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6692] ntdll.dll!NtOpenProcessToken + 6 77394ABA 4 Bytes CALL 7639A96C .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6692] ntdll.dll!NtOpenProcessToken + B 77394ABF 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6692] ntdll.dll!NtOpenProcessTokenEx + 6 77394ACA 4 Bytes [A8, AE, 5E, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6692] ntdll.dll!NtOpenProcessTokenEx + B 77394ACF 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6692] ntdll.dll!NtOpenThread + 6 77394B1A 4 Bytes [68, AD, 5E, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6692] ntdll.dll!NtOpenThread + B 77394B1F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6692] ntdll.dll!NtOpenThreadToken + 6 77394B2A 4 Bytes [68, AE, 5E, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6692] ntdll.dll!NtOpenThreadToken + B 77394B2F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6692] ntdll.dll!NtOpenThreadTokenEx + 6 77394B3A 4 Bytes CALL 7639A9ED .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6692] ntdll.dll!NtOpenThreadTokenEx + B 77394B3F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6692] ntdll.dll!NtQueryAttributesFile + 6 77394BCA 4 Bytes [A8, AC, 5E, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6692] ntdll.dll!NtQueryAttributesFile + B 77394BCF 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6692] ntdll.dll!NtQueryFullAttributesFile + 6 77394C7A 4 Bytes CALL 7639AB2B .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6692] ntdll.dll!NtQueryFullAttributesFile + B 77394C7F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6692] ntdll.dll!NtSetInformationFile + 6 7739515A 4 Bytes [28, AD, 5E, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6692] ntdll.dll!NtSetInformationFile + B 7739515F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6692] ntdll.dll!NtSetInformationThread + 6 773951AA 4 Bytes [28, AE, 5E, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6692] ntdll.dll!NtSetInformationThread + B 773951AF 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6692] ntdll.dll!NtUnmapViewOfSection + 6 7739544A 4 Bytes [68, AF, 5E, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6692] ntdll.dll!NtUnmapViewOfSection + B 7739544F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6696] WS2_32.dll!recv 7756343A 6 Bytes JMP 71A00F5A .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6696] WS2_32.dll!WSASend 77564496 6 Bytes JMP 719D0F5A .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6696] WS2_32.dll!WSALookupServiceNextW 7756455D 6 Bytes JMP 71A90F5A .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6696] WS2_32.dll!WSALookupServiceBeginW 77564E93 6 Bytes JMP 71AF0F5A .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6696] WS2_32.dll!WSALookupServiceEnd 77565564 6 Bytes JMP 71A60F5A .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6696] WS2_32.dll!send 7756659B 6 Bytes JMP 71A30F5A .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6696] WS2_32.dll!WSAGetOverlappedResult 77568143 6 Bytes JMP 71970F5A .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6696] WS2_32.dll!WSARecv 77568400 6 Bytes JMP 719A0F5A .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] ntdll.dll!NtCreateFile + 6 7739424A 4 Bytes [28, D0, A1, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] ntdll.dll!NtCreateFile + B 7739424F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] ntdll.dll!NtMapViewOfSection + 6 7739499A 4 Bytes [28, D3, A1, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] ntdll.dll!NtMapViewOfSection + B 7739499F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] ntdll.dll!NtOpenFile + 6 77394A2A 4 Bytes [68, D0, A1, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] ntdll.dll!NtOpenFile + B 77394A2F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] ntdll.dll!NtOpenProcess + 6 77394AAA 4 Bytes [A8, D1, A1, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] ntdll.dll!NtOpenProcess + B 77394AAF 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] ntdll.dll!NtOpenProcessToken + 6 77394ABA 4 Bytes CALL 7639EC90 .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] ntdll.dll!NtOpenProcessToken + B 77394ABF 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] ntdll.dll!NtOpenProcessTokenEx + 6 77394ACA 4 Bytes [A8, D2, A1, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] ntdll.dll!NtOpenProcessTokenEx + B 77394ACF 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] ntdll.dll!NtOpenThread + 6 77394B1A 4 Bytes [68, D1, A1, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] ntdll.dll!NtOpenThread + B 77394B1F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] ntdll.dll!NtOpenThreadToken + 6 77394B2A 4 Bytes [68, D2, A1, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] ntdll.dll!NtOpenThreadToken + B 77394B2F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] ntdll.dll!NtOpenThreadTokenEx + 6 77394B3A 4 Bytes CALL 7639ED11 .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] ntdll.dll!NtOpenThreadTokenEx + B 77394B3F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] ntdll.dll!NtQueryAttributesFile + 6 77394BCA 4 Bytes [A8, D0, A1, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] ntdll.dll!NtQueryAttributesFile + B 77394BCF 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] ntdll.dll!NtQueryFullAttributesFile + 6 77394C7A 4 Bytes CALL 7639EE4F .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] ntdll.dll!NtQueryFullAttributesFile + B 77394C7F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] ntdll.dll!NtSetInformationFile + 6 7739515A 4 Bytes [28, D1, A1, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] ntdll.dll!NtSetInformationFile + B 7739515F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] ntdll.dll!NtSetInformationThread + 6 773951AA 4 Bytes [28, D2, A1, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] ntdll.dll!NtSetInformationThread + B 773951AF 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] ntdll.dll!NtUnmapViewOfSection + 6 7739544A 4 Bytes [68, D3, A1, 00] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] ntdll.dll!NtUnmapViewOfSection + B 7739544F 1 Byte [E2] .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] WS2_32.dll!recv 7756343A 6 Bytes JMP 71A00F5A .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] WS2_32.dll!WSASend 77564496 6 Bytes JMP 719D0F5A .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] WS2_32.dll!WSALookupServiceNextW 7756455D 6 Bytes JMP 71A90F5A .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] WS2_32.dll!WSALookupServiceBeginW 77564E93 6 Bytes JMP 71AF0F5A .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] WS2_32.dll!WSALookupServiceEnd 77565564 6 Bytes JMP 71A60F5A .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] WS2_32.dll!send 7756659B 6 Bytes JMP 71A30F5A .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] WS2_32.dll!WSAGetOverlappedResult 77568143 6 Bytes JMP 71970F5A .text C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] WS2_32.dll!WSARecv 77568400 6 Bytes JMP 719A0F5A ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[888] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00950010 IAT C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[1680] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00AB0000 IAT C:\Windows\Explorer.EXE[2996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73E27817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73E6B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73E2BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73E1F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73E275E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73E1E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73E573F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73E2DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73E1FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73E1FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73E171CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73EACAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73E4C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73E1D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73E16853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73E1687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73E22AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[3968] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00F30010 IAT C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6376] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00C80010 IAT C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6564] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 005F0010 IAT C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6692] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00700010 IAT C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[6696] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 023A0000 IAT C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 02060000 IAT C:\Users\Kaper\AppData\Local\Google\Chrome\Application\chrome.exe[7864] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00A20010 ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs tvtumon.sys (Windows Update Monitor Driver/Lenovo) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) Device \Driver\BTHUSB \Device\00000087 bthport.sys (Sterownik magistrali Bluetooth/Microsoft Corporation) Device \Driver\BTHUSB \Device\00000087 bthport.sys (Sterownik magistrali Bluetooth/Microsoft Corporation) Device \Driver\BTHUSB \Device\00000089 bthport.sys (Sterownik magistrali Bluetooth/Microsoft Corporation) Device \Driver\BTHUSB \Device\00000089 bthport.sys (Sterownik magistrali Bluetooth/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat tvtumon.sys (Windows Update Monitor Driver/Lenovo) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002556eb46f2 Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002556eb46f2 (not active ControlSet) ---- EOF - GMER 1.0.15 ----