GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-09-03 18:09:18 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HDS721616PLA380 rev.P22OABEA 149,05GB Running: gmer.exe; Driver: C:\DOCUME~1\Sapper\USTAWI~1\Temp\kxtdrkoc.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0xBA4515D0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0xBA451700] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0xBA451010] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0xBA451300] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0xBA4513E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0xBA451120] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0xBA451210] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0xBA4514D0] ---- User code sections - GMER 2.1 ---- .text D:\Program Files\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 68, 95, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 6B, 95, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 68, 95, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 69, 95, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B916B82 .text D:\Program Files\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 6A, 95, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 69, 95, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 6A, 95, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B916BF3 .text D:\Program Files\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 68, 95, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B916D21 .text D:\Program Files\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 69, 95, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 6A, 95, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 6B, 95, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\WINDOWS\SYSTEM32\winlogon.exe[980] ntdll.dll!NtLockProductActivationKeys 7C90D4AE 5 Bytes JMP 10001000 C:\WINDOWS\SYSTEM32\antiwpa.dll .text C:\WINDOWS\SYSTEM32\winlogon.exe[980] USER32.dll!GetSystemMetrics 7E368F9C 5 Bytes JMP 10001018 C:\WINDOWS\SYSTEM32\antiwpa.dll .text D:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 80, C6, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 83, C6, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 80, C6, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 81, C6, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B919C9A .text D:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 82, C6, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 81, C6, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 82, C6, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B919D0B .text D:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 80, C6, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B919E39 .text D:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 81, C6, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 82, C6, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 83, C6, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 18, DC, 00] {SUB [EAX], BL; FADD QWORD [EAX]} .text D:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 1B, DC, 00] {SUB [EBX], BL; FADD QWORD [EAX]} .text D:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 18, DC, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 19, DC, 00] {TEST AL, 0x19; FADD QWORD [EAX]} .text D:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91B232 .text D:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 1A, DC, 00] {TEST AL, 0x1a; FADD QWORD [EAX]} .text D:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 19, DC, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 1A, DC, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91B2A3 .text D:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 18, DC, 00] {TEST AL, 0x18; FADD QWORD [EAX]} .text D:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91B3D1 .text D:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 19, DC, 00] {SUB [ECX], BL; FADD QWORD [EAX]} .text D:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 1A, DC, 00] {SUB [EDX], BL; FADD QWORD [EAX]} .text D:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 1B, DC, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 4C, 66, 00] {SUB [ESI+0x0], CL} .text D:\Program Files\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 4F, 66, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 4C, 66, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 4D, 66, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B913C66 .text D:\Program Files\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 4E, 66, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 4D, 66, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 4E, 66, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B913CD7 .text D:\Program Files\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 4C, 66, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B913E05 .text D:\Program Files\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 4D, 66, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 4E, 66, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 4F, 66, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 5C, 23, 00] {SUB [EBX+0x0], BL} .text D:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 5F, 23, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 5C, 23, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 5D, 23, 00] {TEST AL, 0x5d; AND EAX, [EAX]} .text D:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90F976 .text D:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 5E, 23, 00] {TEST AL, 0x5e; AND EAX, [EAX]} .text D:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 5D, 23, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 5E, 23, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90F9E7 .text D:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 5C, 23, 00] {TEST AL, 0x5c; AND EAX, [EAX]} .text D:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90FB15 .text D:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 5D, 23, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 5E, 23, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text D:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 5F, 23, 00] .text D:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys ---- EOF - GMER 2.1 ----