GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-02-09 00:19:11 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2080BH rev.0085002A 73,13GB Running: idb5uktf.exe; Driver: C:\DOCUME~1\Ania\USTAWI~1\Temp\axrdqpob.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6F48000, 0x1C5D58, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[816] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 80, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[816] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[816] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 83, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[816] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[816] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 80, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[816] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[816] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 81, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[816] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[816] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B91727C .text C:\Program Files\Google\Chrome\Application\chrome.exe[816] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[816] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 82, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[816] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[816] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 81, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[816] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[816] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 82, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[816] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[816] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B9172ED .text C:\Program Files\Google\Chrome\Application\chrome.exe[816] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[816] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 80, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[816] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[816] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91741B .text C:\Program Files\Google\Chrome\Application\chrome.exe[816] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[816] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 81, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[816] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[816] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 82, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[816] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[816] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 83, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[816] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, D4, 6B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, D7, 6B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, D4, 6B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, D5, 6B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B9141D0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, D6, 6B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, D5, 6B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, D6, 6B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B914241 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, D4, 6B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91436F .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, D5, 6B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, D6, 6B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, D7, 6B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtCreateFile + 6 7C90D096 2 Bytes [28, 1C] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtCreateFile + 9 7C90D099 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtCreateFile + 9 7C90D099 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtMapViewOfSection + 6 7C90D506 2 Bytes [28, 1F] {SUB [EDI], BL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtMapViewOfSection + 9 7C90D509 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtMapViewOfSection + 9 7C90D509 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenFile + 6 7C90D586 2 Bytes [68, 1C] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenFile + 9 7C90D589 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenFile + 9 7C90D589 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenProcess + 6 7C90D5E6 2 Bytes [A8, 1D] {TEST AL, 0x1d} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenProcess + 9 7C90D5E9 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenProcess + 9 7C90D5E9 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 2 Bytes CALL 7B91D418 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenProcessToken + 9 7C90D5F9 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenProcessToken + 9 7C90D5F9 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 2 Bytes [A8, 1E] {TEST AL, 0x1e} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenProcessTokenEx + 9 7C90D609 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenProcessTokenEx + 9 7C90D609 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenThread + 6 7C90D646 2 Bytes [68, 1D] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenThread + 9 7C90D649 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenThread + 9 7C90D649 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenThreadToken + 6 7C90D656 2 Bytes [68, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenThreadToken + 9 7C90D659 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenThreadToken + 9 7C90D659 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 2 Bytes CALL 7B91D489 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenThreadTokenEx + 9 7C90D669 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenThreadTokenEx + 9 7C90D669 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 2 Bytes [A8, 1C] {TEST AL, 0x1c} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtQueryAttributesFile + 9 7C90D6F9 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtQueryAttributesFile + 9 7C90D6F9 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 2 Bytes CALL 7B91D5B7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtQueryFullAttributesFile + 9 7C90D799 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtQueryFullAttributesFile + 9 7C90D799 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtSetInformationFile + 6 7C90DC46 2 Bytes [28, 1D] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtSetInformationFile + 9 7C90DC49 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtSetInformationFile + 9 7C90DC49 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtSetInformationThread + 6 7C90DC96 2 Bytes [28, 1E] {SUB [ESI], BL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtSetInformationThread + 9 7C90DC99 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtSetInformationThread + 9 7C90DC99 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 2 Bytes [68, 1F] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtUnmapViewOfSection + 9 7C90DEF9 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtUnmapViewOfSection + 9 7C90DEF9 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 18, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 1B, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 18, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 19, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B913314 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 1A, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 19, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 1A, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B913385 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 18, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B9134B3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 19, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 1A, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 1B, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0010c6763bee Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0010c6763bee (not active ControlSet) ---- EOF - GMER 2.1 ----