GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-01-31 18:01:58 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2120AT_PL rev.000000A0 111,79GB Running: fk8prmtl.exe; Driver: C:\DOCUME~1\Dominik\LOCALS~1\Temp\uftdqpog.sys ---- User code sections - GMER 2.1 ---- CODE C:\Documents and Settings\Dominik\Application Data\System32\svchost.exe[756] C:\Documents and Settings\Dominik\Application Data\System32\svchost.exe entry point in "CODE" section [0x00419BC4] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 34, 7B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 37, 7B, 00] {SUB [EDI], DH; JNP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 34, 7B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 35, 7B, 00] {TEST AL, 0x35; JNP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91514E .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 36, 7B, 00] {TEST AL, 0x36; JNP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 35, 7B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 36, 7B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9151BF .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 34, 7B, 00] {TEST AL, 0x34; JNP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9152ED .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 35, 7B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 36, 7B, 00] {SUB [ESI], DH; JNP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 37, 7B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 4C, CD, 00] {SUB [EBP+ECX*8+0x0], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 4F, CD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 4C, CD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 4D, CD, 00] {TEST AL, 0x4d; INT 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91A366 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 4E, CD, 00] {TEST AL, 0x4e; INT 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 4D, CD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 4E, CD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91A3D7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 4C, CD, 00] {TEST AL, 0x4c; INT 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91A505 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 4D, CD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 4E, CD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 4F, CD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3352] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, B4, 80, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3352] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3352] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, B7, 80, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3352] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3352] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, B4, 80, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3352] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3352] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, B5, 80, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3352] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3352] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9156CE .text C:\Program Files\Google\Chrome\Application\chrome.exe[3352] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3352] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, B6, 80, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3352] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3352] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, B5, 80, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3352] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3352] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, B6, 80, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3352] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3352] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91573F .text C:\Program Files\Google\Chrome\Application\chrome.exe[3352] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3352] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, B4, 80, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3352] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3352] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91586D .text C:\Program Files\Google\Chrome\Application\chrome.exe[3352] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3352] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, B5, 80, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3352] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3352] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, B6, 80, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3352] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3352] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, B7, 80, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3352] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 NBVol.sys AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 NBVolUp.sys ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----