GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-09-09 15:41:52 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS721080G9AT00 rev.MC4IA41M Running: gplst3g8.exe; Driver: C:\DOCUME~1\AC882~1.DAL\USTAWI~1\Temp\fwtdrpow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xB21F6004] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xB21F60D4] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB21F5D76] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB21F5E1E] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB21F5EBA] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB21F5F56] ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB99E7000, 0x1C5D38, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 24, 00] {SUB [EAX], AL; AND AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 24, 00] {SUB [EBX], AL; AND AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 24, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 24, 00] {TEST AL, 0x1; AND AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90F9FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 24, 00] {TEST AL, 0x2; AND AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 24, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 24, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90FA6D .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 24, 00] {TEST AL, 0x0; AND AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90FB9B .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 24, 00] {SUB [ECX], AL; AND AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 24, 00] {SUB [EDX], AL; AND AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 24, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 37, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 37, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 37, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 37, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B910CFC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 37, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 37, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 37, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B910D6D .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 37, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B910E9B .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 37, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 37, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 37, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. ) AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) ---- EOF - GMER 1.0.15 ----