GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-10 12:10:32 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0 SAMSUNG_ rev.VT10 232,83GB Running: cpj59z9t.exe; Driver: C:\DOCUME~1\Przemek\USTAWI~1\Temp\pwtdykog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, B4, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, B7, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, B4, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, B5, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B9158B0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, B6, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, B5, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, B6, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B915921 .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, B4, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B915A4F .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, B5, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, B6, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, B7, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[208] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, A8, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[208] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[208] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, AB, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[208] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[208] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, A8, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[208] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[208] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, A9, 34, 00] {TEST AL, 0xa9; XOR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[208] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[208] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B910AA4 .text C:\Program Files\Google\Chrome\Application\chrome.exe[208] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[208] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, AA, 34, 00] {TEST AL, 0xaa; XOR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[208] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[208] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, A9, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[208] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[208] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, AA, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[208] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[208] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B910B15 .text C:\Program Files\Google\Chrome\Application\chrome.exe[208] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[208] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, A8, 34, 00] {TEST AL, 0xa8; XOR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[208] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[208] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B910C43 .text C:\Program Files\Google\Chrome\Application\chrome.exe[208] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[208] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, A9, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[208] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[208] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, AA, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[208] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[208] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, AB, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[208] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, F0, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, F3, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, F0, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, F1, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B9157EC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, F2, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, F1, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, F2, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B91585D .text C:\Program Files\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, F0, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91598B .text C:\Program Files\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, F1, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, F2, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, F3, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [18, 20, C4, 01] {SBB [EAX], AH; LES EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] ---- Modules - GMER 2.1 ---- Module (noname) (*** hidden *** ) 01300000-025F0000 (19857408 bytes) ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\Control\Video\{0BCEDE4E-E0C1-4705-B344-E264F183C0B2}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet001\Control\Video\{43FF7723-6C53-47F1-B76E-E5A8C0D1E86A}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet001\Control\Video\{4A9FFD41-A68F-4A0A-83A9-ABF853F972DF}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet001\Control\Video\{68A74F31-1AA2-4710-9EE8-829E1BAFF04B}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet001\Control\Video\{7D6CB74A-688E-47B8-8335-A7E238146C09}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet001\Control\Video\{C69BAA0C-3E98-4F45-B634-96961CDF42D7}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet001\Control\Video\{F8FE9B00-FD4D-4730-9141-610F1FC912B5}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDF 0xD1 0xAD 0xC4 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 E:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDA 0xBB 0x55 0x26 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{0BCEDE4E-E0C1-4705-B344-E264F183C0B2}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{43FF7723-6C53-47F1-B76E-E5A8C0D1E86A}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{4A9FFD41-A68F-4A0A-83A9-ABF853F972DF}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{68A74F31-1AA2-4710-9EE8-829E1BAFF04B}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{7D6CB74A-688E-47B8-8335-A7E238146C09}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{C69BAA0C-3E98-4F45-B634-96961CDF42D7}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{F8FE9B00-FD4D-4730-9141-610F1FC912B5}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDF 0xD1 0xAD 0xC4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 E:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDA 0xBB 0x55 0x26 ... Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0xE8 0x1A 0x2F 0x6C ... Reg HKLM\SOFTWARE\Classes\CLSID\{81a20ec1-18f6-4526-888e-976654b1c60d}@Model 266 Reg HKLM\SOFTWARE\Classes\CLSID\{81a20ec1-18f6-4526-888e-976654b1c60d}@Therad 16 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6B519DFF-A0E4-661D-5F0E-752C675C0CCD} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6B519DFF-A0E4-661D-5F0E-752C675C0CCD}@lajjebmpfppfidcjiapeageb 0x64 0x62 0x6B 0x65 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6B519DFF-A0E4-661D-5F0E-752C675C0CCD}@lapidpkgdaoainjglaibedfn 0x64 0x62 0x6B 0x65 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6B519DFF-A0E4-661D-5F0E-752C675C0CCD}@hakknkebkhnhlpck 0x6A 0x61 0x63 0x6A ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6B519DFF-A0E4-661D-5F0E-752C675C0CCD}@hakknkebfimhjmak 0x6F 0x61 0x6E 0x67 ... ---- EOF - GMER 2.1 ----