GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-01-06 04:48:54 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDS721616PLA380 rev.P22OABEA 149,05GB Running: 7vybzf1g.exe; Driver: C:\Users\Maciej\AppData\Local\Temp\kwrdrpog.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwSaveKey + 13C1 82E4C339 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E85D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 2.1 ---- .text C:\Program Files\CCleaner\CCleaner.exe[2224] USER32.dll!SetScrollRange 76718EC5 5 Bytes JMP 00CB5F15 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2224] USER32.dll!GetScrollInfo 76722DA3 5 Bytes JMP 00CB5EA8 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2224] USER32.dll!SetScrollInfo 767248DA 5 Bytes JMP 00CB5F4C C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2224] USER32.dll!GetScrollRange 7674045A 5 Bytes JMP 00CB5E4B C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2224] USER32.dll!SetScrollPos 767404BE 5 Bytes JMP 00CB5E26 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2224] USER32.dll!GetScrollPos 76740E43 5 Bytes JMP 00CB5E83 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2224] USER32.dll!EnableScrollBar 767419CE 5 Bytes JMP 00CB5F80 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2224] USER32.dll!ShowScrollBar 76743C89 5 Bytes JMP 00CB5EDB C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, 24, 70, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, 27, 70, 00] {SUB [EDI], AH; JO 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, 24, 70, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, 25, 70, 00] {TEST AL, 0x25; JO 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, 26, 70, 00] {TEST AL, 0x26; JO 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, 25, 70, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, 26, 70, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, 24, 70, 00] {TEST AL, 0x24; JO 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, 25, 70, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, 26, 70, 00] {SUB [ESI], AH; JO 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, 27, 70, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [18, 20, 83, 73] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6388] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, 98, 1A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6388] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6388] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, 9B, 1A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6388] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6388] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, 98, 1A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6388] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6388] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, 99, 1A, 00] {TEST AL, 0x99; SBB AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6388] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6388] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6388] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, 9A, 1A, 00] {TEST AL, 0x9a; SBB AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6388] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6388] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, 99, 1A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6388] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6388] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, 9A, 1A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6388] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6388] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6388] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, 98, 1A, 00] {TEST AL, 0x98; SBB AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6388] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6388] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6388] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, 99, 1A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6388] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6388] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, 9A, 1A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6388] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6388] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, 9B, 1A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6388] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6456] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, C4, 27, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6456] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6456] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, C7, 27, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6456] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6456] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, C4, 27, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6456] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6456] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, C5, 27, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6456] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6456] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6456] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, C6, 27, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6456] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6456] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, C5, 27, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6456] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6456] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, C6, 27, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6456] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6456] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6456] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, C4, 27, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6456] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6456] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6456] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, C5, 27, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6456] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6456] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, C6, 27, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6456] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6456] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, C7, 27, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6456] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6820] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, 5C, 65, 00] {SUB [EBP+0x0], BL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6820] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6820] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, 5F, 65, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6820] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6820] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, 5C, 65, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6820] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6820] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, 5D, 65, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6820] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6820] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6820] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, 5E, 65, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6820] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6820] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, 5D, 65, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6820] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6820] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, 5E, 65, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6820] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6820] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6820] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, 5C, 65, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6820] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6820] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6820] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, 5D, 65, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6820] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6820] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, 5E, 65, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6820] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6820] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, 5F, 65, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6820] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2] ---- EOF - GMER 2.1 ----