GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-09-09 13:58:53 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS721080G9AT00 rev.MC4IA41M Running: gplst3g8.exe; Driver: C:\DOCUME~1\AC882~1.DAL\USTAWI~1\Temp\fwtdrpow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xB1C9A004] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xB1C9A0D4] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB1C99D76] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB1C99E1E] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB1C99EBA] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB1C99F56] ---- Kernel code sections - GMER 1.0.15 ---- .text atapi.sys B9F18852 1 Byte [CC] {INT 3 } .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB99E7000, 0x1C5D38, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 33, 00] {SUB [EAX], AL; XOR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 33, 00] {SUB [EBX], AL; XOR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 33, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 33, 00] {TEST AL, 0x1; XOR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B9108FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 33, 00] {TEST AL, 0x2; XOR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 33, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 33, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B91096D .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 33, 00] {TEST AL, 0x0; XOR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B910A9B .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 33, 00] {SUB [ECX], AL; XOR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 33, 00] {SUB [EDX], AL; XOR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 33, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1936] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 22, 00] {SUB [EAX], AL; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1936] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1936] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1936] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 22, 00] {SUB [EBX], AL; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1936] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1936] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1936] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1936] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 22, 00] {TEST AL, 0x1; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1936] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1936] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90F7FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1936] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1936] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 22, 00] {TEST AL, 0x2; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1936] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1936] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1936] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1936] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1936] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1936] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90F86D .text C:\Program Files\Google\Chrome\Application\chrome.exe[1936] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1936] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 22, 00] {TEST AL, 0x0; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1936] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1936] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90F99B .text C:\Program Files\Google\Chrome\Application\chrome.exe[1936] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1936] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 22, 00] {SUB [ECX], AL; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1936] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1936] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 22, 00] {SUB [EDX], AL; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1936] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1936] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1936] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1936] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 21, 00] {SUB [EAX], AL; AND [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 21, 00] {SUB [EBX], AL; AND [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 21, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 21, 00] {TEST AL, 0x1; AND [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90F6FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 21, 00] {TEST AL, 0x2; AND [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 21, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 21, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90F76D .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 21, 00] {TEST AL, 0x0; AND [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90F89B .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 21, 00] {SUB [ECX], AL; AND [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 21, 00] {SUB [EDX], AL; AND [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 21, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 29, 00] {SUB [EAX], AL; SUB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 29, 00] {SUB [EBX], AL; SUB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 29, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 29, 00] {TEST AL, 0x1; SUB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90FEFC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 29, 00] {TEST AL, 0x2; SUB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 29, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 29, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90FF6D .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 29, 00] {TEST AL, 0x0; SUB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91009B .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 29, 00] {SUB [ECX], AL; SUB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 29, 00] {SUB [EDX], AL; SUB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 29, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3552] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 3B, 00] {SUB [EAX], AL; CMP EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3552] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3552] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3552] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 3B, 00] {SUB [EBX], AL; CMP EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3552] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3552] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 3B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3552] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3552] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 3B, 00] {TEST AL, 0x1; CMP EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3552] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3552] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B9110FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3552] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3552] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 3B, 00] {TEST AL, 0x2; CMP EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3552] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3552] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 3B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3552] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3552] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 3B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3552] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3552] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B91116D .text C:\Program Files\Google\Chrome\Application\chrome.exe[3552] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3552] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 3B, 00] {TEST AL, 0x0; CMP EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3552] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3552] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91129B .text C:\Program Files\Google\Chrome\Application\chrome.exe[3552] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3552] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 3B, 00] {SUB [ECX], AL; CMP EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3552] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3552] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 3B, 00] {SUB [EDX], AL; CMP EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3552] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3552] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3552] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 3B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3552] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. ) AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) ---- Threads - GMER 1.0.15 ---- Thread System [4:140] 89B0139F Thread System [4:744] 8973E0F4 ---- EOF - GMER 1.0.15 ----