GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-10-26 01:23:24 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS725016A9A362 rev.PCBOC70E 149,05GB Running: p1vzzpoz.exe; Driver: C:\Users\Lenovo\AppData\Local\Temp\kfrdapow.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C41A35 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C7B392 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9120D000, 0x147288, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3376] USER32.dll!RegisterMessagePumpHook + 2F1 75588B9E 7 Bytes JMP 1003B000 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3376] USER32.dll!PostMessageW + 43A 755948B5 7 Bytes JMP 1003AC50 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3376] USER32.dll!SetDlgItemTextA + 25 755A709F 7 Bytes JMP 1003ABC0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3376] USER32.dll!MessageBoxIndirectA + F5 755DE95E 7 Bytes JMP 1003AF50 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3376] USER32.dll!MessageBoxIndirectW + 61 755DE9C4 7 Bytes JMP 1003ADF0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3376] USER32.dll!MessageBoxExA + 1F 755DE9E8 7 Bytes JMP 1003AF00 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtMapViewOfSection + 6 77245C6E 4 Bytes [18, 20, F8, 70] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtMapViewOfSection + B 77245C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtCreateFile + 6 7724560E 4 Bytes [28, DC, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtCreateFile + B 77245613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtMapViewOfSection + 6 77245C6E 4 Bytes [28, DF, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtMapViewOfSection + B 77245C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenFile + 6 77245D1E 4 Bytes [68, DC, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenFile + B 77245D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenProcess + 6 77245DCE 4 Bytes [A8, DD, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenProcess + B 77245DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenProcessToken + B 77245DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenProcessTokenEx + 6 77245DEE 4 Bytes [A8, DE, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenProcessTokenEx + B 77245DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenThread + 6 77245E4E 4 Bytes [68, DD, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenThread + B 77245E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenThreadToken + 6 77245E5E 4 Bytes [68, DE, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenThreadToken + B 77245E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenThreadTokenEx + B 77245E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtQueryAttributesFile + 6 77245F7E 4 Bytes [A8, DC, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtQueryAttributesFile + B 77245F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtQueryFullAttributesFile + B 77246033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtSetInformationFile + 6 7724667E 4 Bytes [28, DD, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtSetInformationFile + B 77246683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtSetInformationThread + 6 772466DE 4 Bytes [28, DE, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtSetInformationThread + B 772466E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtTerminateProcess 77246908 5 Bytes JMP 0140D7BE C:\Program Files\Google\Chrome\Application\chrome.exe .text C:\Program Files\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtUnmapViewOfSection + 6 772469FE 4 Bytes [68, DF, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtUnmapViewOfSection + B 77246A03 1 Byte [E2] .text C:\Program Files\Internet Explorer\iexplore.exe[4732] shell32.DLL!RealDriveType + 173D 761CFD70 4 Bytes [71, CB, 6A, 61] {JNO 0xffffffcd; PUSH 0x61} .text C:\Program Files\Internet Explorer\iexplore.exe[4732] shell32.DLL!RealDriveType + 1745 761CFD78 8 Bytes CALL 527E66DF ---- Files - GMER 2.1 ---- File C:\Users\Lenovo\AppData\Local\Temp\svqzlm.tmp 0 bytes File C:\Users\Lenovo\AppData\Local\Temp\svqzlm.tmp\svr0tt.tmp 0 bytes File C:\Users\Lenovo\AppData\Roaming\OpenOffice.org\3\.lock 0 bytes ---- EOF - GMER 2.1 ----