GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-01-16 11:04:01 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9120822AS rev.3.ALC 111.79GB Running: izgqsebx.exe; Driver: C:\DOCUME~1\Aga\USTAWI~1\Temp\uwtorpod.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xEC535AC4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0xEC7B00BA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xEC5365A2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xEC57C5A0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xEC54263C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xEC542688] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xEC542822] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xEC57BF54] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xEC5425AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xEC5426CC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xEC5425F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xEC536AD8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xEC5427DC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xEC537390] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xEC535B2A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xEC57CC66] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xEC57CF1C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xEC53AB86] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xEC57CAD1] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xEC57C93C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xEC535716] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xEC7B0574] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xEC535B90] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xEC53AF7C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xEC537E78] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xEC542666] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xEC5426AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xEC542846] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xEC57C2B0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xEC5425D0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xEC53A47E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xEC54275A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xEC54261A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xEC53A86A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xEC542800] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xEC7B0312] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xEC57C7B7] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xEC537CEC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xEC57C609] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xEC537842] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xEC7BE358] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwReplaceKey [0xEC7BECC4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xEC57B597] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xEC535BF6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xEC535C5C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xEC53720A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xEC5357B0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xEC535982] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xEC57CD6D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xEC535910] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xEC53755A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xEC5376BC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xEC535A0A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xEC537048] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xEC5371EA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xEC535CC2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xEC5365FE] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2FD4 805048BC 12 Bytes [F6, 5B, 53, EC, 5C, 5C, 53, ...] {NEG BYTE [EBX+0x53]; IN AL, DX; POP ESP; POP ESP; PUSH EBX; IN AL, DX; OR DH, [EDX+0x53]; IN AL, DX} .text ntkrnlpa.exe!ZwCallbackReturn + 307C 80504964 12 Bytes [5A, 75, 53, EC, BC, 76, 53, ...] {POP EDX; JNZ 0x56; IN AL, DX; MOV ESP, 0xaec5376; POP EDX; PUSH EBX; IN AL, DX} PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64DC 2 Bytes CALL EC538549 \SystemRoot\system32\drivers\aswSnx.sys PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EF 805A64DF 1 Byte [6B] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1296] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1576] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, A0, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, A3, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, A0, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, A1, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9125BA .text C:\Program Files\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, A2, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, A1, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, A2, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91262B .text C:\Program Files\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, A0, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912759 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, A1, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, A2, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, A3, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 007D01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 007D03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 7C, 1A, 00] {SUB [EDX+EBX+0x0], BH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 7F, 1A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 7C, 1A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 7D, 1A, 00] {TEST AL, 0x7d; SBB AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90F096 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 7E, 1A, 00] {TEST AL, 0x7e; SBB AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 7D, 1A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 7E, 1A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90F107 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 7C, 1A, 00] {TEST AL, 0x7c; SBB AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90F235 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 7D, 1A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 7E, 1A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 7F, 1A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 04, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 07, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 04, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 05, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B917A1E .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 06, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 05, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 06, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B917A8F .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 04, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B917BBD .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 05, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 06, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 07, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00D101F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00D103FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [18, 20, C4, 01] {SBB [EAX], AH; LES EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003C03FC ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[896] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[896] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip {ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gt.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys AttachedDevice \Driver\Tcpip \Device\Tcp {ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gt.sys AttachedDevice \Driver\Tcpip \Device\Udp {ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gt.sys AttachedDevice \Driver\Tcpip \Device\RawIp {ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gt.sys AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 86 ---- EOF - GMER 2.1 ----