GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-12-20 16:49:30 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\0000005b ST3500320AS rev.SD15 465,76GB Running: r3hnxx1q.exe; Driver: C:\DOCUME~1\ppp\USTAWI~1\Temp\uxtdypow.sys ---- System - GMER 2.1 ---- SSDT \WINDOWS\system32\ntkrnlpa.exe ZwCreateKey [0x804D70CC] SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D70CC] ZwCreateKey [0x804D70CC] SSDT \WINDOWS\system32\ntkrnlpa.exe ZwOpenKey [0x804D70D1] SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D70D1] ZwOpenKey [0x804D70D1] INT 0x03 \WINDOWS\system32\ntkrnlpa.exe[unknown section] 804D70D6 ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB5C363C0, 0x843A2A, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\aksfridge.sys section is writeable [0xB20A6000, 0x49C57, 0xE0000020] .init C:\WINDOWS\system32\DRIVERS\aksfridge.sys entry point in ".init" section [0xB20FD224] .init C:\WINDOWS\system32\DRIVERS\aksfridge.sys unknown last code section [0xB20FD000, 0x4000, 0xE20000E0] .text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xB1FED400, 0x6EED8, 0xE8000020] .protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xB2078020] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xB2078020] .protect˙˙˙˙hardlockunknown last code section [0xB2077E00, 0x50BA, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xB2077E00, 0x50BA, 0xE0000020] ? C:\WINDOWS\system32\drivers\IOMap.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[180] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 90, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[180] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[180] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 93, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[180] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[180] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 90, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[180] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[180] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 91, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[180] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[180] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91CEAA .text C:\Program Files\Google\Chrome\Application\chrome.exe[180] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[180] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 92, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[180] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[180] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 91, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[180] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[180] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 92, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[180] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[180] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91CF1B .text C:\Program Files\Google\Chrome\Application\chrome.exe[180] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[180] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 90, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[180] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[180] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91D049 .text C:\Program Files\Google\Chrome\Application\chrome.exe[180] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[180] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 91, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[180] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[180] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 92, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[180] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[180] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 93, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[180] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, D0, FC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, D3, FC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, D0, FC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, D1, FC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91D2EA .text C:\Program Files\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, D2, FC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, D1, FC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, D2, FC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91D35B .text C:\Program Files\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, D0, FC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91D489 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, D1, FC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, D2, FC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, D3, FC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2812] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 0C, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2812] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2812] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 0F, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2812] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2812] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 0C, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2812] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2812] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 0D, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2812] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2812] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91C226 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2812] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2812] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 0E, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2812] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2812] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 0D, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2812] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2812] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 0E, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2812] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2812] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91C297 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2812] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2812] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 0C, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2812] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2812] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91C3C5 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2812] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2812] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 0D, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2812] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2812] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 0E, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2812] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2812] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 0F, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2812] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 7C, 59, 00] {SUB [ECX+EBX*2+0x0], BH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 7F, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 7C, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 7D, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912F96 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 7E, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 7D, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 7E, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B913007 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 7C, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B913135 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 7D, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 7E, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 7F, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys ---- EOF - GMER 2.1 ----