GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-11 19:51:00 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST320LT012-1DG14C rev.0001SDM1 298,09GB Running: mbb8w8bu.exe; Driver: C:\Users\Asus\AppData\Local\Temp\aftcqaoc.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwCreateThread [0x8F93F7F0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwLoadDriver [0x8F93F8B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSystemInformation [0x8F93F870] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSystemDebugControl [0x8F93F830] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRequestWaitReplyPort + 1495 828909E5 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 828CA312 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 1203 828D1688 4 Bytes [F0, F7, 93, 8F] .text ntkrnlpa.exe!KeRemoveQueueEx + 1313 828D1798 4 Bytes [B0, F8, 93, 8F] .text ntkrnlpa.exe!KeRemoveQueueEx + 161F 828D1AA4 4 Bytes [70, F8, 93, 8F] .text ntkrnlpa.exe!KeRemoveQueueEx + 1667 828D1AEC 4 Bytes [30, F8, 93, 8F] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET Endpoint Antivirus\ekrn.exe[1584] kernel32.dll!SetUnhandledExceptionFilter 7656F5AB 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtCreateFile + 6 77D8560E 4 Bytes [28, 84, 7B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtCreateFile + B 77D85613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtMapViewOfSection + 6 77D85C6E 4 Bytes [28, 87, 7B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtMapViewOfSection + B 77D85C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtOpenFile + 6 77D85D1E 4 Bytes [68, 84, 7B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtOpenFile + B 77D85D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtOpenProcess + 6 77D85DCE 4 Bytes [A8, 85, 7B, 00] {TEST AL, 0x85; JNP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtOpenProcess + B 77D85DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtOpenProcessToken + 6 77D85DDE 4 Bytes CALL 76D8D968 C:\Windows\system32\WININET.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtOpenProcessToken + B 77D85DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtOpenProcessTokenEx + 6 77D85DEE 4 Bytes [A8, 86, 7B, 00] {TEST AL, 0x86; JNP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtOpenProcessTokenEx + B 77D85DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtOpenThread + 6 77D85E4E 4 Bytes [68, 85, 7B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtOpenThread + B 77D85E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtOpenThreadToken + 6 77D85E5E 4 Bytes [68, 86, 7B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtOpenThreadToken + B 77D85E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtOpenThreadTokenEx + 6 77D85E6E 4 Bytes CALL 76D8D9F9 C:\Windows\system32\WININET.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtOpenThreadTokenEx + B 77D85E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtQueryAttributesFile + 6 77D85F7E 4 Bytes [A8, 84, 7B, 00] {TEST AL, 0x84; JNP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtQueryAttributesFile + B 77D85F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtQueryFullAttributesFile + 6 77D8602E 4 Bytes CALL 76D8DBB7 C:\Windows\system32\WININET.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtQueryFullAttributesFile + B 77D86033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtSetInformationFile + 6 77D8667E 4 Bytes [28, 85, 7B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtSetInformationFile + B 77D86683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtSetInformationThread + 6 77D866DE 4 Bytes [28, 86, 7B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtSetInformationThread + B 77D866E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtUnmapViewOfSection + 6 77D869FE 4 Bytes [68, 87, 7B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtUnmapViewOfSection + B 77D86A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2220] ntdll.dll!NtMapViewOfSection + 6 77D85C6E 4 Bytes [18, 20, 1A, 6E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2220] ntdll.dll!NtMapViewOfSection + B 77D85C73 1 Byte [E2] ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Download@LastSuccessTime 2015-02-11 18:17:48 ---- EOF - GMER 2.1 ----