GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-06-24 20:46:23 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925082 rev.3.AA 232,89GB Running: 0l9l9sid.exe; Driver: C:\DOCUME~1\ADMIN\USTAWI~1\Temp\axtdrpod.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8749000, 0x189F82, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [18, 20, C4, 01] {SBB [EAX], AH; LES EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1168] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 016E6E2C C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1168] ntdll.dll!NtFlushBuffersFile 7C90D32E 5 Bytes JMP 016E6CC7 C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1168] ntdll.dll!NtQueryFullAttributesFile 7C90D7AE 5 Bytes JMP 016E6EAD C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1168] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 016E6BA3 C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1168] ntdll.dll!NtReadFileScatter 7C90D9DE 5 Bytes JMP 016E6BEC C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1168] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 016E6C35 C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1168] ntdll.dll!NtWriteFileGather 7C90DF8E 5 Bytes JMP 016E6C7E C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1168] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10001F42 C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\mozglue.dll .text C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1168] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 016AEE7B C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1168] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 016AEEC3 C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1168] kernel32.dll!ValidateLocale + B648 7C844EE0 7 Bytes JMP 0268E562 C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1168] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 0206662C C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1168] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 016AEEEA C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe[1932] USER32.dll!DefWindowProcA + 11A 7E37C298 7 Bytes JMP 014CF149 C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe[1932] USER32.dll!SetWindowLongA + 19 7E37C2B6 7 Bytes JMP 014CF1BA C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe[1932] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 014D312E C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe[1932] USER32.dll!GetMenuContextHelpId + 1A 7E3B5319 7 Bytes JMP 014CC8F9 C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, C4, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, C7, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, C4, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, C5, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912ADE .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, C6, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, C5, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, C6, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912B4F .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, C4, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912C7D .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, C5, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, C6, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, C7, 54, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, B4, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, B7, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, B4, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, B5, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9131CE .text C:\Program Files\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, B6, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, B5, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, B6, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91323F .text C:\Program Files\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, B4, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91336D .text C:\Program Files\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, B5, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, B6, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, B7, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 3C, F9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 3F, F9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 3C, F9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 3D, F9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91CF56 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 3E, F9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 3D, F9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 3E, F9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91CFC7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 3C, F9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91D0F5 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 3D, F9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 3E, F9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 3F, F9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4048] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] ---- EOF - GMER 2.1 ----