GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-08-30 13:40:18 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 HTS541060G9AT00 rev.MB3OA60A 55,89GB Running: fbmzlksb.exe; Driver: C:\DOCUME~1\UYTKON~1\USTAWI~1\Temp\fgrdypow.sys ---- System - GMER 2.2 ---- SSDT \??\C:\WINDOWS\system32\drivers\avgtpx86.sys ZwEnumerateKey [0xF76EF342] SSDT \??\C:\WINDOWS\system32\drivers\avgtpx86.sys ZwEnumerateValueKey [0xF76EF3F2] SSDT \??\C:\WINDOWS\system32\drivers\avgtpx86.sys ZwQueryValueKey [0xF76EF22A] ---- User code sections - GMER 2.2 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, B0, 87, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, B3, 87, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, B0, 87, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, B1, 87, 00] {TEST AL, 0xb1; XCHG [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B915DCA .text C:\Program Files\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, B2, 87, 00] {TEST AL, 0xb2; XCHG [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, B1, 87, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, B2, 87, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B915E3B .text C:\Program Files\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, B0, 87, 00] {TEST AL, 0xb0; XCHG [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B915F69 .text C:\Program Files\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, B1, 87, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, B2, 87, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, B3, 87, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 44, 98, 00] {SUB [EAX+EBX*4+0x0], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 47, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 44, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 45, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B916E5E .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 46, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 45, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 46, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B916ECF .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 44, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B916FFD .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 45, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 46, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 47, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, C0, 00, 01] {SUB AL, AL; ADD [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, C3, 00, 01] {SUB BL, AL; ADD [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, C0, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, C1, 00, 01] {TEST AL, 0xc1; ADD [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91D6DA .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, C2, 00, 01] {TEST AL, 0xc2; ADD [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, C1, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, C2, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91D74B .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, C0, 00, 01] {TEST AL, 0xc0; ADD [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91D879 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, C1, 00, 01] {SUB CL, AL; ADD [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, C2, 00, 01] {SUB DL, AL; ADD [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, C3, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 70, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 73, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 70, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 71, 8E, 00] {TEST AL, 0x71; MOV ES, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91648A .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 72, 8E, 00] {TEST AL, 0x72; MOV ES, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 71, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 72, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9164FB .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 70, 8E, 00] {TEST AL, 0x70; MOV ES, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B916629 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 71, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 72, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 73, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] ---- Devices - GMER 2.2 ---- Device Ntfs.sys Device Fastfat.SYS Device mrxsmb.sys AttachedDevice fltMgr.sys ---- Registry - GMER 2.2 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 339 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesSuccessful 35 ---- EOF - GMER 2.2 ----