GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-01-23 21:41:55 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.891F Running: o03706lv.exe; Driver: C:\Users\Ilona\AppData\Local\Temp\kwnoikod.sys ---- Kernel code sections - GMER 1.0.15 ---- PAGE spsys.sys!?SPVersion@@3PADA + 1ABF A385203F 110 Bytes [8B, FF, 55, 8B, EC, 8B, 45, ...] PAGE spsys.sys!?SPVersion@@3PADA + 1B2F A38520AF 1 Byte [16] PAGE spsys.sys!?SPVersion@@3PADA + 1B2F A38520AF 128 Bytes [16, 3B, C8, 75, E2, B0, 01, ...] PAGE spsys.sys!?SPVersion@@3PADA + 1BB0 A3852130 6 Bytes [0E, 83, 78, 14, 01, 75] PAGE spsys.sys!?SPVersion@@3PADA + 1BB7 A3852137 2298 Bytes [83, 78, 18, 37, 75, 02, B3, ...] PAGE ... ---- User code sections - GMER 1.0.15 ---- .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtCreateFile + 6 771043DA 4 Bytes [28, 00, 06, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtCreateFile + B 771043DF 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtMapViewOfSection + 6 77104B2A 1 Byte [28] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtMapViewOfSection + 6 77104B2A 4 Bytes [28, 03, 06, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtMapViewOfSection + B 77104B2F 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtOpenFile + 6 77104BBA 4 Bytes [68, 00, 06, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtOpenFile + B 77104BBF 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtOpenProcess + 6 77104C3A 4 Bytes [A8, 01, 06, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtOpenProcess + B 77104C3F 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtOpenProcessToken + 6 77104C4A 4 Bytes CALL 76105250 C:\Windows\system32\ole32.dll (Microsoft OLE pour Windows/Microsoft Corporation) .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtOpenProcessToken + B 77104C4F 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtOpenProcessTokenEx + 6 77104C5A 4 Bytes [A8, 02, 06, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtOpenProcessTokenEx + B 77104C5F 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtOpenThread + 6 77104CAA 4 Bytes [68, 01, 06, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtOpenThread + B 77104CAF 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtOpenThreadToken + 6 77104CBA 4 Bytes [68, 02, 06, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtOpenThreadToken + B 77104CBF 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtOpenThreadTokenEx + 6 77104CCA 4 Bytes CALL 761052D1 C:\Windows\system32\ole32.dll (Microsoft OLE pour Windows/Microsoft Corporation) .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtOpenThreadTokenEx + B 77104CCF 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtQueryAttributesFile + 6 77104D5A 4 Bytes [A8, 00, 06, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtQueryAttributesFile + B 77104D5F 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtQueryFullAttributesFile + 6 77104E0A 4 Bytes CALL 7610540F C:\Windows\system32\ole32.dll (Microsoft OLE pour Windows/Microsoft Corporation) .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtQueryFullAttributesFile + B 77104E0F 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtSetInformationFile + 6 771052EA 4 Bytes [28, 01, 06, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtSetInformationFile + B 771052EF 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtSetInformationThread + 6 7710533A 4 Bytes [28, 02, 06, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtSetInformationThread + B 7710533F 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtUnmapViewOfSection + 6 771055DA 1 Byte [68] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtUnmapViewOfSection + 6 771055DA 4 Bytes [68, 03, 06, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtUnmapViewOfSection + B 771055DF 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtCreateFile + 6 771043DA 4 Bytes [28, 00, 06, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtCreateFile + B 771043DF 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtMapViewOfSection + 6 77104B2A 1 Byte [28] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtMapViewOfSection + 6 77104B2A 4 Bytes [28, 03, 06, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtMapViewOfSection + B 77104B2F 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenFile + 6 77104BBA 4 Bytes [68, 00, 06, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenFile + B 77104BBF 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenProcess + 6 77104C3A 4 Bytes [A8, 01, 06, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenProcess + B 77104C3F 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenProcessToken + 6 77104C4A 4 Bytes CALL 76105250 C:\Windows\system32\ole32.dll (Microsoft OLE pour Windows/Microsoft Corporation) .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenProcessToken + B 77104C4F 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenProcessTokenEx + 6 77104C5A 4 Bytes [A8, 02, 06, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenProcessTokenEx + B 77104C5F 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenThread + 6 77104CAA 4 Bytes [68, 01, 06, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenThread + B 77104CAF 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenThreadToken + 6 77104CBA 4 Bytes [68, 02, 06, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenThreadToken + B 77104CBF 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenThreadTokenEx + 6 77104CCA 4 Bytes CALL 761052D1 C:\Windows\system32\ole32.dll (Microsoft OLE pour Windows/Microsoft Corporation) .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenThreadTokenEx + B 77104CCF 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtQueryAttributesFile + 6 77104D5A 4 Bytes [A8, 00, 06, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtQueryAttributesFile + B 77104D5F 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtQueryFullAttributesFile + 6 77104E0A 4 Bytes CALL 7610540F C:\Windows\system32\ole32.dll (Microsoft OLE pour Windows/Microsoft Corporation) .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtQueryFullAttributesFile + B 77104E0F 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtSetInformationFile + 6 771052EA 4 Bytes [28, 01, 06, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtSetInformationFile + B 771052EF 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtSetInformationThread + 6 7710533A 4 Bytes [28, 02, 06, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtSetInformationThread + B 7710533F 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtUnmapViewOfSection + 6 771055DA 1 Byte [68] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtUnmapViewOfSection + 6 771055DA 4 Bytes [68, 03, 06, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtUnmapViewOfSection + B 771055DF 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5288] ntdll.dll!NtCreateFile + 6 771043DA 4 Bytes [28, 00, 16, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5288] ntdll.dll!NtCreateFile + B 771043DF 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5288] ntdll.dll!NtMapViewOfSection + 6 77104B2A 1 Byte [28] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5288] ntdll.dll!NtMapViewOfSection + 6 77104B2A 4 Bytes [28, 03, 16, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5288] ntdll.dll!NtMapViewOfSection + B 77104B2F 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5288] ntdll.dll!NtOpenFile + 6 77104BBA 4 Bytes [68, 00, 16, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5288] ntdll.dll!NtOpenFile + B 77104BBF 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5288] ntdll.dll!NtOpenProcess + 6 77104C3A 4 Bytes [A8, 01, 16, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5288] ntdll.dll!NtOpenProcess + B 77104C3F 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5288] ntdll.dll!NtOpenProcessToken + 6 77104C4A 4 Bytes CALL 76106250 C:\Windows\system32\ole32.dll (Microsoft OLE pour Windows/Microsoft Corporation) .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5288] ntdll.dll!NtOpenProcessToken + B 77104C4F 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5288] ntdll.dll!NtOpenProcessTokenEx + 6 77104C5A 4 Bytes [A8, 02, 16, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5288] ntdll.dll!NtOpenProcessTokenEx + B 77104C5F 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5288] ntdll.dll!NtOpenThread + 6 77104CAA 4 Bytes [68, 01, 16, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5288] ntdll.dll!NtOpenThread + B 77104CAF 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5288] ntdll.dll!NtOpenThreadToken + 6 77104CBA 4 Bytes [68, 02, 16, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5288] ntdll.dll!NtOpenThreadToken + B 77104CBF 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5288] ntdll.dll!NtOpenThreadTokenEx + 6 77104CCA 4 Bytes CALL 761062D1 C:\Windows\system32\ole32.dll (Microsoft OLE pour Windows/Microsoft Corporation) .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5288] ntdll.dll!NtOpenThreadTokenEx + B 77104CCF 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5288] ntdll.dll!NtQueryAttributesFile + 6 77104D5A 4 Bytes [A8, 00, 16, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5288] ntdll.dll!NtQueryAttributesFile + B 77104D5F 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5288] ntdll.dll!NtQueryFullAttributesFile + 6 77104E0A 4 Bytes CALL 7610640F C:\Windows\system32\ole32.dll (Microsoft OLE pour Windows/Microsoft Corporation) .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5288] ntdll.dll!NtQueryFullAttributesFile + B 77104E0F 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5288] ntdll.dll!NtSetInformationFile + 6 771052EA 4 Bytes [28, 01, 16, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5288] ntdll.dll!NtSetInformationFile + B 771052EF 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5288] ntdll.dll!NtSetInformationThread + 6 7710533A 4 Bytes [28, 02, 16, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5288] ntdll.dll!NtSetInformationThread + B 7710533F 1 Byte [E2] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5288] ntdll.dll!NtUnmapViewOfSection + 6 771055DA 1 Byte [68] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5288] ntdll.dll!NtUnmapViewOfSection + 6 771055DA 4 Bytes [68, 03, 16, 00] .text C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5288] ntdll.dll!NtUnmapViewOfSection + B 771055DF 1 Byte [E2] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[2732] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 IAT C:\Windows\Explorer.EXE[3020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [738D7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7392A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [738DBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [738CF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [738D75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [738CE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73908395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [738DDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [738CFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [738CFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [738C71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7395CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [738FC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [738CD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [738C6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [738C687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [738D2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5120] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 IAT C:\Users\Ilona\AppData\Local\Google\Chrome\Application\chrome.exe[5288] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 ---- Devices - GMER 1.0.15 ---- Device Ntfs.sys (Pilote du système de fichiers NT/Microsoft Corporation) Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation) Device udfs.sys (UDF File System Driver/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF dynamique/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 snman380.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 snman380.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 snman380.sys (Acronis Snapshot API/Acronis) AttachedDevice fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000f3d38e95e Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000f3d38e95e (not active ControlSet) ---- EOF - GMER 1.0.15 ----