GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2015-09-27 20:22:20 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-7 ST3320418AS rev.CC35 Running: gmer.exe; Driver: C:\DOCUME~1\ASIAJO~1.000\USTAWI~1\Temp\awtdypog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (AVG IDS Application Activity Monitor Loader Driver/AVG Technologies CZ, s.r.o.) ZwNotifyChangeKey [0xB84516F0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (AVG IDS Application Activity Monitor Loader Driver/AVG Technologies CZ, s.r.o.) ZwNotifyChangeMultipleKeys [0xB8451820] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (AVG IDS Application Activity Monitor Loader Driver/AVG Technologies CZ, s.r.o.) ZwOpenProcess [0xB8451010] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (AVG IDS Application Activity Monitor Loader Driver/AVG Technologies CZ, s.r.o.) ZwOpenThread [0xB84514E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (AVG IDS Application Activity Monitor Loader Driver/AVG Technologies CZ, s.r.o.) ZwSuspendProcess [0xB8451300] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (AVG IDS Application Activity Monitor Loader Driver/AVG Technologies CZ, s.r.o.) ZwSuspendThread [0xB84513F0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (AVG IDS Application Activity Monitor Loader Driver/AVG Technologies CZ, s.r.o.) ZwTerminateProcess [0xB8451120] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (AVG IDS Application Activity Monitor Loader Driver/AVG Technologies CZ, s.r.o.) ZwTerminateThread [0xB8451210] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (AVG IDS Application Activity Monitor Loader Driver/AVG Technologies CZ, s.r.o.) ZwWriteVirtualMemory [0xB84515F0] ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6EB3360, 0x32B2AD, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[228] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, F0, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[228] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[228] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, F3, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[228] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[228] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, F0, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[228] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[228] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, F1, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[228] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[228] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912B0A .text C:\Program Files\Google\Chrome\Application\chrome.exe[228] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[228] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, F2, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[228] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[228] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, F1, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[228] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[228] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, F2, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[228] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[228] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912B7B .text C:\Program Files\Google\Chrome\Application\chrome.exe[228] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[228] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, F0, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[228] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[228] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912CA9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[228] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[228] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, F1, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[228] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[228] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, F2, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[228] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[228] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, F3, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[228] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, E4, 6A, 00] {SUB AH, AH; PUSH 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, E7, 6A, 00] {SUB BH, AH; PUSH 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, E4, 6A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, E5, 6A, 00] {TEST AL, 0xe5; PUSH 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9140FE .text C:\Program Files\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, E6, 6A, 00] {TEST AL, 0xe6; PUSH 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, E5, 6A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, E6, 6A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91416F .text C:\Program Files\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, E4, 6A, 00] {TEST AL, 0xe4; PUSH 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91429D .text C:\Program Files\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, E5, 6A, 00] {SUB CH, AH; PUSH 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, E6, 6A, 00] {SUB DH, AH; PUSH 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, E7, 6A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, EC, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, EF, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, EC, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, ED, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED06 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, EE, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, ED, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, EE, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED77 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, EC, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEA5 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, ED, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, EE, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, EF, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100A8AF0 C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [18, 20, C4, 01] {SBB [EAX], AH; LES EAX, DWORD [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100A8B10 C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 100A9020 C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 100A9680 C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 100A9660 C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100A9620 C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 100A9250 C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 100A9780 C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 100A97A0 C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100A9640 C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] kernel32.dll!GetModuleFileNameW 7C80B475 7 Bytes JMP 100A96C0 C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] kernel32.dll!GetModuleFileNameA 7C80B56F 5 Bytes JMP 100A96A0 C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100A96E0 C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100A91C0 C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100A9700 C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 100A9040 C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] kernel32.dll!GetFileAttributesExW 7C81166D 5 Bytes JMP 100A9200 C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] kernel32.dll!GetFileAttributesA 7C811AB4 5 Bytes JMP 100A91A0 C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] kernel32.dll!FlushFileBuffers 7C812BB9 5 Bytes JMP 100A9230 C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] kernel32.dll!GetModuleHandleExW 7C81ED19 5 Bytes JMP 100A9750 C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] kernel32.dll!MoveFileW 7C8202B9 5 Bytes JMP 100A90C0 C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] kernel32.dll!OpenFile 7C8209DA 5 Bytes JMP 100A9220 C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] kernel32.dll!CopyFileA 7C827746 5 Bytes JMP 100A9060 C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] kernel32.dll!CopyFileW 7C82E8BB 5 Bytes JMP 100A9080 C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] kernel32.dll!GetFileAttributesExA 7C82F9D1 5 Bytes JMP 100A91E0 C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] kernel32.dll!DeleteFileA 7C831F4D 5 Bytes JMP 100A9120 C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] kernel32.dll!DeleteFileW 7C831FD3 5 Bytes JMP 100A9140 C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] kernel32.dll!MoveFileExW 7C8356FB 5 Bytes JMP 100A9100 C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] kernel32.dll!MoveFileA 7C835F2F 5 Bytes JMP 100A90A0 C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] kernel32.dll!ReplaceFile 7C836CDC 5 Bytes JMP 100A9180 C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] kernel32.dll!MoveFileExA 7C85F033 5 Bytes JMP 100A90E0 C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] kernel32.dll!ReplaceFileA 7C85FE77 5 Bytes JMP 100A9160 C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] kernel32.dll!GetModuleHandleExA 7C860BE6 5 Bytes JMP 100A9720 C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1632] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 1000BC70 C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, C4, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, C7, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, C4, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, C5, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B913DDE .text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, C6, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, C5, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, C6, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B913E4F .text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, C4, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B913F7D .text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, C5, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, C6, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, C7, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2852] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 9C, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2852] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2852] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 9F, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2852] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2852] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 9C, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2852] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2852] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 9D, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2852] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2852] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B919FB6 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2852] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2852] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 9E, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2852] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2852] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 9D, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2852] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2852] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 9E, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2852] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2852] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91A027 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2852] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2852] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 9C, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2852] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2852] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91A155 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2852] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2852] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 9D, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2852] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2852] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 9E, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2852] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2852] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 9F, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2852] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, A0, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, A3, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, A0, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, A1, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91C2BA .text C:\Program Files\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, A2, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, A1, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, A2, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91C32B .text C:\Program Files\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, A0, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91C459 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, A1, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, A2, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, A3, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Google\Chrome\Application\chrome.exe[228] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 006B0010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[1080] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00810010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[1280] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2600] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 007E0010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2852] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00E00010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2992] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 01030010 ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Processes - GMER 1.0.15 ---- Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1656] 0x03520000 ---- EOF - GMER 1.0.15 ----