GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-01-23 12:35:21 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD1200BEVS-22UST0 rev.01.01A01 111,79GB Running: 8g2n47um.exe; Driver: C:\Users\Serge_2\AppData\Local\Temp\kgtdypob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtCreateFile + 6 773E426A 4 Bytes [28, 84, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtCreateFile + B 773E426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtMapViewOfSection + 6 773E49BA 4 Bytes [28, 87, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtMapViewOfSection + B 773E49BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtOpenFile + 6 773E4A4A 4 Bytes [68, 84, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtOpenFile + B 773E4A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtOpenProcess + 6 773E4ACA 4 Bytes [A8, 85, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtOpenProcess + B 773E4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtOpenProcessToken + B 773E4ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtOpenProcessTokenEx + 6 773E4AEA 4 Bytes [A8, 86, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtOpenProcessTokenEx + B 773E4AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtOpenThread + 6 773E4B3A 4 Bytes [68, 85, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtOpenThread + B 773E4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtOpenThreadToken + 6 773E4B4A 4 Bytes [68, 86, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtOpenThreadToken + B 773E4B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtOpenThreadTokenEx + B 773E4B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtQueryAttributesFile + 6 773E4BEA 4 Bytes [A8, 84, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtQueryAttributesFile + B 773E4BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtQueryFullAttributesFile + B 773E4C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtSetInformationFile + 6 773E517A 4 Bytes [28, 85, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtSetInformationFile + B 773E517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtSetInformationThread + 6 773E51CA 4 Bytes [28, 86, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtSetInformationThread + B 773E51CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtUnmapViewOfSection + 6 773E546A 4 Bytes [68, 87, 44, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtUnmapViewOfSection + B 773E546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtCreateFile + 6 773E426A 4 Bytes [28, 60, 2A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtCreateFile + B 773E426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtMapViewOfSection + 6 773E49BA 4 Bytes [28, 63, 2A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtMapViewOfSection + B 773E49BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenFile + 6 773E4A4A 4 Bytes [68, 60, 2A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenFile + B 773E4A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcess + 6 773E4ACA 4 Bytes [A8, 61, 2A, 00] {TEST AL, 0x61; SUB AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcess + B 773E4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcessToken + B 773E4ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcessTokenEx + 6 773E4AEA 4 Bytes [A8, 62, 2A, 00] {TEST AL, 0x62; SUB AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcessTokenEx + B 773E4AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThread + 6 773E4B3A 4 Bytes [68, 61, 2A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThread + B 773E4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThreadToken + 6 773E4B4A 4 Bytes [68, 62, 2A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThreadToken + B 773E4B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThreadTokenEx + B 773E4B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtQueryAttributesFile + 6 773E4BEA 4 Bytes [A8, 60, 2A, 00] {TEST AL, 0x60; SUB AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtQueryAttributesFile + B 773E4BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtQueryFullAttributesFile + B 773E4C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtSetInformationFile + 6 773E517A 4 Bytes [28, 61, 2A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtSetInformationFile + B 773E517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtSetInformationThread + 6 773E51CA 4 Bytes [28, 62, 2A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtSetInformationThread + B 773E51CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtUnmapViewOfSection + 6 773E546A 4 Bytes [68, 63, 2A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtUnmapViewOfSection + B 773E546F 1 Byte [E2] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74307817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19227_none_9e528838ca1611c0\gdiplus.dll IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74345EFD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19227_none_9e528838ca1611c0\gdiplus.dll IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7430BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19227_none_9e528838ca1611c0\gdiplus.dll IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [742FF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19227_none_9e528838ca1611c0\gdiplus.dll IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [743075E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19227_none_9e528838ca1611c0\gdiplus.dll IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [742FE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19227_none_9e528838ca1611c0\gdiplus.dll IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [743592D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19227_none_9e528838ca1611c0\gdiplus.dll IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7430DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19227_none_9e528838ca1611c0\gdiplus.dll IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [742FFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19227_none_9e528838ca1611c0\gdiplus.dll IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [742FFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19227_none_9e528838ca1611c0\gdiplus.dll IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [742F71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19227_none_9e528838ca1611c0\gdiplus.dll IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7438CB4F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19227_none_9e528838ca1611c0\gdiplus.dll IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7432C840] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19227_none_9e528838ca1611c0\gdiplus.dll IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [742FD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19227_none_9e528838ca1611c0\gdiplus.dll IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [742F6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19227_none_9e528838ca1611c0\gdiplus.dll IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [742F687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19227_none_9e528838ca1611c0\gdiplus.dll IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74302AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19227_none_9e528838ca1611c0\gdiplus.dll ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----