GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-11-25 10:18:13 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST500DM002-1BD142 rev.KC45 465,76GB Running: j2663huy.exe; Driver: C:\Users\Szkola\AppData\Local\Temp\fwrdipow.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 81E47A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81E81212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 2.1 ---- ÒuÛŠëÔÿÿÿÿwinlogonentry point in "ÒuÛŠëÔÿÿÿÿwinlogonentry point in "" section [0x0042E238] C:\Users\Szkola\AppData\Local\winlogon.exe[1568] C:\Users\Szkola\AppData\Local\winlogon.exe entry point in "ÒuÛŠëÔÿÿÿÿwinlogonentry point in "" section [0x0042E238] ÒuÛŠëÔÿÿÿÿwinlogonunknown last code section [0x00424000, 0x19000, 0xC00000E0] C:\Users\Szkola\AppData\Local\winlogon.exe[1568] C:\Users\Szkola\AppData\Local\winlogon.exe unknown last code section [0x00424000, 0x19000, 0xC00000E0] ÒuÛŠëÔÿÿÿÿservicesentry point in "ÒuÛŠëÔÿÿÿÿservicesentry point in "" section [0x0042E238] C:\Users\Szkola\AppData\Local\services.exe[1760] C:\Users\Szkola\AppData\Local\services.exe entry point in "ÒuÛŠëÔÿÿÿÿservicesentry point in "" section [0x0042E238] ÒuÛŠëÔÿÿÿÿservicesunknown last code section [0x00424000, 0x19000, 0xC00000E0] C:\Users\Szkola\AppData\Local\services.exe[1760] C:\Users\Szkola\AppData\Local\services.exe unknown last code section [0x00424000, 0x19000, 0xC00000E0] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtCreateFile + 6 774C560E 4 Bytes [28, 40, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtCreateFile + B 774C5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtMapViewOfSection + 6 774C5C6E 4 Bytes [28, 43, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtMapViewOfSection + B 774C5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtOpenFile + 6 774C5D1E 4 Bytes [68, 40, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtOpenFile + B 774C5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtOpenProcess + 6 774C5DCE 4 Bytes [A8, 41, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtOpenProcess + B 774C5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtOpenProcessToken + B 774C5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtOpenProcessTokenEx + 6 774C5DEE 4 Bytes [A8, 42, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtOpenProcessTokenEx + B 774C5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtOpenThread + 6 774C5E4E 4 Bytes [68, 41, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtOpenThread + B 774C5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtOpenThreadToken + 6 774C5E5E 4 Bytes [68, 42, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtOpenThreadToken + B 774C5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtOpenThreadTokenEx + B 774C5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtQueryAttributesFile + 6 774C5F7E 4 Bytes [A8, 40, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtQueryAttributesFile + B 774C5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtQueryFullAttributesFile + B 774C6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtSetInformationFile + 6 774C667E 4 Bytes [28, 41, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtSetInformationFile + B 774C6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtSetInformationThread + 6 774C66DE 4 Bytes [28, 42, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtSetInformationThread + B 774C66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtUnmapViewOfSection + 6 774C69FE 4 Bytes [68, 43, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtUnmapViewOfSection + B 774C6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2016] ntdll.dll!NtMapViewOfSection + 6 774C5C6E 4 Bytes [18, 20, DA, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2016] ntdll.dll!NtMapViewOfSection + B 774C5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtCreateFile + 6 774C560E 4 Bytes [28, 8C, DF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtCreateFile + B 774C5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtMapViewOfSection + 6 774C5C6E 4 Bytes [28, 8F, DF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtMapViewOfSection + B 774C5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenFile + 6 774C5D1E 4 Bytes [68, 8C, DF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenFile + B 774C5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenProcess + 6 774C5DCE 4 Bytes [A8, 8D, DF, 00] {TEST AL, 0x8d; FILD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenProcess + B 774C5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenProcessToken + B 774C5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenProcessTokenEx + 6 774C5DEE 4 Bytes [A8, 8E, DF, 00] {TEST AL, 0x8e; FILD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenProcessTokenEx + B 774C5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenThread + 6 774C5E4E 4 Bytes [68, 8D, DF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenThread + B 774C5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenThreadToken + 6 774C5E5E 4 Bytes [68, 8E, DF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenThreadToken + B 774C5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenThreadTokenEx + B 774C5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtQueryAttributesFile + 6 774C5F7E 4 Bytes [A8, 8C, DF, 00] {TEST AL, 0x8c; FILD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtQueryAttributesFile + B 774C5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtQueryFullAttributesFile + B 774C6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtSetInformationFile + 6 774C667E 4 Bytes [28, 8D, DF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtSetInformationFile + B 774C6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtSetInformationThread + 6 774C66DE 4 Bytes [28, 8E, DF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtSetInformationThread + B 774C66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtUnmapViewOfSection + 6 774C69FE 4 Bytes [68, 8F, DF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtUnmapViewOfSection + B 774C6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2584] ntdll.dll!NtCreateFile + 6 774C560E 4 Bytes [28, 28, 5F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2584] ntdll.dll!NtCreateFile + B 774C5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2584] ntdll.dll!NtMapViewOfSection + 6 774C5C6E 4 Bytes [28, 2B, 5F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2584] ntdll.dll!NtMapViewOfSection + B 774C5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2584] ntdll.dll!NtOpenFile + 6 774C5D1E 4 Bytes [68, 28, 5F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2584] ntdll.dll!NtOpenFile + B 774C5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2584] ntdll.dll!NtOpenProcess + 6 774C5DCE 4 Bytes [A8, 29, 5F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2584] ntdll.dll!NtOpenProcess + B 774C5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2584] ntdll.dll!NtOpenProcessToken + B 774C5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2584] ntdll.dll!NtOpenProcessTokenEx + 6 774C5DEE 4 Bytes [A8, 2A, 5F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2584] ntdll.dll!NtOpenProcessTokenEx + B 774C5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2584] ntdll.dll!NtOpenThread + 6 774C5E4E 4 Bytes [68, 29, 5F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2584] ntdll.dll!NtOpenThread + B 774C5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2584] ntdll.dll!NtOpenThreadToken + 6 774C5E5E 4 Bytes [68, 2A, 5F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2584] ntdll.dll!NtOpenThreadToken + B 774C5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2584] ntdll.dll!NtOpenThreadTokenEx + B 774C5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2584] ntdll.dll!NtQueryAttributesFile + 6 774C5F7E 4 Bytes [A8, 28, 5F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2584] ntdll.dll!NtQueryAttributesFile + B 774C5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2584] ntdll.dll!NtQueryFullAttributesFile + B 774C6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2584] ntdll.dll!NtSetInformationFile + 6 774C667E 4 Bytes [28, 29, 5F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2584] ntdll.dll!NtSetInformationFile + B 774C6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2584] ntdll.dll!NtSetInformationThread + 6 774C66DE 4 Bytes [28, 2A, 5F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2584] ntdll.dll!NtSetInformationThread + B 774C66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2584] ntdll.dll!NtUnmapViewOfSection + 6 774C69FE 4 Bytes [68, 2B, 5F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2584] ntdll.dll!NtUnmapViewOfSection + B 774C6A03 1 Byte [E2] ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Files - GMER 2.1 ---- File C:\Windows\Temp\TMP00000014EC5EDC9608166BD9 0 bytes ---- EOF - GMER 2.1 ----