GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-06-23 18:20:10 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925082 rev.3.AA 232,89GB Running: 0l9l9sid.exe; Driver: C:\DOCUME~1\ADMIN\USTAWI~1\Temp\axtdrpod.sys ---- Kernel code sections - GMER 2.1 ---- ? 12D175041.sys Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8749000, 0x189F82, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 98, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 9B, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 98, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 99, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B919FB2 .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 9A, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 99, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 9A, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91A023 .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 98, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91A151 .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 99, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 9A, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 9B, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[204] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1256] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 016E6E2C C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1256] ntdll.dll!NtFlushBuffersFile 7C90D32E 5 Bytes JMP 016E6CC7 C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1256] ntdll.dll!NtQueryFullAttributesFile 7C90D7AE 5 Bytes JMP 016E6EAD C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1256] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 016E6BA3 C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1256] ntdll.dll!NtReadFileScatter 7C90D9DE 5 Bytes JMP 016E6BEC C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1256] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 016E6C35 C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1256] ntdll.dll!NtWriteFileGather 7C90DF8E 5 Bytes JMP 016E6C7E C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1256] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10001F42 C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\mozglue.dll .text C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1256] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 016AEE7B C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1256] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 016AEEC3 C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1256] kernel32.dll!ValidateLocale + B648 7C844EE0 7 Bytes JMP 0268E562 C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1256] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 0206662C C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1256] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 016AEEEA C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, A4, 8C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, A7, 8C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, A4, 8C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, A5, 8C, 00] {TEST AL, 0xa5; MOV [EAX], ES} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9162BE .text C:\Program Files\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, A6, 8C, 00] {TEST AL, 0xa6; MOV [EAX], ES} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, A5, 8C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, A6, 8C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91632F .text C:\Program Files\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, A4, 8C, 00] {TEST AL, 0xa4; MOV [EAX], ES} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91645D .text C:\Program Files\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, A5, 8C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, A6, 8C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, A7, 8C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1440] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 38, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 3B, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 38, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 39, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91CB52 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 3A, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 39, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 3A, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91CBC3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 38, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91CCF1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 39, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 3A, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 3B, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 28, E2, 00] {SUB [EAX], CH; LOOP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 2B, E2, 00] {SUB [EBX], CH; LOOP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 28, E2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 29, E2, 00] {TEST AL, 0x29; LOOP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91B842 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 2A, E2, 00] {TEST AL, 0x2a; LOOP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 29, E2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 2A, E2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91B8B3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 28, E2, 00] {TEST AL, 0x28; LOOP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91B9E1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 29, E2, 00] {SUB [ECX], CH; LOOP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 2A, E2, 00] {SUB [EDX], CH; LOOP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 2B, E2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2572] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, B8, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, BB, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, B8, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, B9, 84, 00] {TEST AL, 0xb9; TEST [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B915AD2 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, BA, 84, 00] {TEST AL, 0xba; TEST [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, B9, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, BA, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B915B43 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, B8, 84, 00] {TEST AL, 0xb8; TEST [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B915C71 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, B9, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, BA, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, BB, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, B8, 24, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, BB, 24, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, B8, 24, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, B9, 24, 00] {TEST AL, 0xb9; AND AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90FAD2 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, BA, 24, 00] {TEST AL, 0xba; AND AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, B9, 24, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, BA, 24, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90FB43 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, B8, 24, 00] {TEST AL, 0xb8; AND AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90FC71 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, B9, 24, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, BA, 24, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, BB, 24, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3228] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [18, 20, C4, 01] {SBB [EAX], AH; LES EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] ---- EOF - GMER 2.1 ----