GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-25 20:02:02 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD800JB-00JJC0 rev.05.01C05 74,53GB Running: gmer.exe; Driver: C:\DOCUME~1\Dawid\USTAWI~1\Temp\pgdcapod.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF69473C0, 0x87BCBA, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 9C, 8C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 9F, 8C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 9C, 8C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 9D, 8C, 00] {TEST AL, 0x9d; MOV [EAX], ES} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B916298 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 9E, 8C, 00] {TEST AL, 0x9e; MOV [EAX], ES} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 9D, 8C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 9E, 8C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B916309 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 9C, 8C, 00] {TEST AL, 0x9c; MOV [EAX], ES} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B916437 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 9D, 8C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 9E, 8C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 9F, 8C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 6C, FF, 00] {SUB [EDI+EDI*8+0x0], CH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 6F, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 6C, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 6D, FF, 00] {TEST AL, 0x6d; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B91D568 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 6E, FF, 00] {TEST AL, 0x6e; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 6D, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 6E, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B91D5D9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 6C, FF, 00] {TEST AL, 0x6c; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91D707 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 6D, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 6E, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 6F, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [18, 20, C4, 01] {SBB [EAX], AH; LES EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip {9652c7a7-7363-4f0e-bf03-3b32b55ea241}Gt.sys AttachedDevice \Driver\Tcpip \Device\Tcp {9652c7a7-7363-4f0e-bf03-3b32b55ea241}Gt.sys AttachedDevice \Driver\Tcpip \Device\Udp {9652c7a7-7363-4f0e-bf03-3b32b55ea241}Gt.sys AttachedDevice \Driver\Tcpip \Device\RawIp {9652c7a7-7363-4f0e-bf03-3b32b55ea241}Gt.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{752EAFD5-D8F6-4F4D-B119-3077C399BF88}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{9A523C48-5268-494F-91D2-9AE5C49184AD}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{9BF84845-9F86-42A8-B875-086483C9764C}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{FFA87839-14FF-40C5-A3DC-C1789ED80D17}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet002\Control\Video\{752EAFD5-D8F6-4F4D-B119-3077C399BF88}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet002\Control\Video\{9A523C48-5268-494F-91D2-9AE5C49184AD}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet002\Control\Video\{9BF84845-9F86-42A8-B875-086483C9764C}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet002\Control\Video\{FFA87839-14FF-40C5-A3DC-C1789ED80D17}\0000@D3D_\x3332\x3331 2089309684 ---- EOF - GMER 2.1 ----