GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-07-31 22:45:47 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD501LJ rev.CR100-13 465,76GB Running: 4i2w6hz1.exe; Driver: C:\Users\Kopacze\AppData\Local\Temp\fxldapod.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8C206000, 0x147F58, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1940] kernel32.dll!SetUnhandledExceptionFilter 7576A8B5 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtCreateFile + 6 770E424A 4 Bytes [28, 30, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtCreateFile + B 770E424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtMapViewOfSection + 6 770E499A 4 Bytes [28, 33, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtMapViewOfSection + B 770E499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtOpenFile + 6 770E4A2A 4 Bytes [68, 30, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtOpenFile + B 770E4A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtOpenProcess + 6 770E4AAA 4 Bytes [A8, 31, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtOpenProcess + B 770E4AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtOpenProcessToken + B 770E4ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtOpenProcessTokenEx + 6 770E4ACA 4 Bytes [A8, 32, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtOpenProcessTokenEx + B 770E4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtOpenThread + 6 770E4B1A 4 Bytes [68, 31, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtOpenThread + B 770E4B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtOpenThreadToken + 6 770E4B2A 4 Bytes [68, 32, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtOpenThreadToken + B 770E4B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtOpenThreadTokenEx + B 770E4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtQueryAttributesFile + 6 770E4BCA 4 Bytes [A8, 30, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtQueryAttributesFile + B 770E4BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtQueryFullAttributesFile + B 770E4C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtSetInformationFile + 6 770E515A 4 Bytes [28, 31, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtSetInformationFile + B 770E515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtSetInformationThread + 6 770E51AA 4 Bytes [28, 32, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtSetInformationThread + B 770E51AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtUnmapViewOfSection + 6 770E544A 4 Bytes [68, 33, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtUnmapViewOfSection + B 770E544F 1 Byte [E2] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[3324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73E97817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[3324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73EDB4F1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[3324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73E9BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[3324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73E8F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[3324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73E975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[3324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73E8E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[3324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73EC73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[3324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73E9DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[3324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73E8FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[3324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73E8FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[3324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73E871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[3324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73F1CB00] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[3324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73EBC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[3324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73E8D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[3324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73E86853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[3324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73E8687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[3324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73E92AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys AttachedDevice \Driver\tdx \Device\Tcp epfwtdir.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat eamon.sys ---- Files - GMER 2.1 ---- File C:\Program Files\Windows Defender\en-US\MpAsDesc.dll.mui 40960 bytes executable File C:\Program Files\Windows Defender\en-US\MpEvMsg.dll.mui 18944 bytes executable File C:\Program Files\Windows Defender\en-US\MsMpRes.dll.mui 61440 bytes executable File C:\Program Files\Windows Defender\pl-PL\MpAsDesc.dll.mui 49152 bytes executable File C:\Program Files\Windows Defender\pl-PL\MpEvMsg.dll.mui 23552 bytes executable File C:\Program Files\Windows Defender\pl-PL\MsMpRes.dll.mui 69632 bytes executable ---- EOF - GMER 2.1 ----