GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-11-26 16:52:40 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS725016A9A362 rev.PCBOC70E 149,05GB Running: tgtscowd.exe; Driver: C:\Users\Lenovo\AppData\Local\Temp\kfrdapow.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C7FA35 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CB9392 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91234000, 0x147288, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3088] USER32.dll!RegisterMessagePumpHook + 2F1 76088B9E 7 Bytes JMP 1003B000 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3088] USER32.dll!PostMessageW + 43A 760948B5 7 Bytes JMP 1003AC50 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3088] USER32.dll!SetDlgItemTextA + 25 760A709F 7 Bytes JMP 1003ABC0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3088] USER32.dll!MessageBoxIndirectA + F5 760DE95E 7 Bytes JMP 1003AF50 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3088] USER32.dll!MessageBoxIndirectW + 61 760DE9C4 7 Bytes JMP 1003ADF0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3088] USER32.dll!MessageBoxExA + 1F 760DE9E8 7 Bytes JMP 1003AF00 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3136] ntdll.dll!NtMapViewOfSection + 6 77335C6E 4 Bytes [18, 20, 25, 6C] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3136] ntdll.dll!NtMapViewOfSection + B 77335C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtCreateFile + 6 7733560E 4 Bytes [28, F0, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtCreateFile + B 77335613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtMapViewOfSection + 6 77335C6E 4 Bytes [28, F3, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtMapViewOfSection + B 77335C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtOpenFile + 6 77335D1E 4 Bytes [68, F0, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtOpenFile + B 77335D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtOpenProcess + 6 77335DCE 4 Bytes [A8, F1, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtOpenProcess + B 77335DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtOpenProcessToken + B 77335DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtOpenProcessTokenEx + 6 77335DEE 4 Bytes [A8, F2, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtOpenProcessTokenEx + B 77335DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtOpenThread + 6 77335E4E 4 Bytes [68, F1, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtOpenThread + B 77335E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtOpenThreadToken + 6 77335E5E 4 Bytes [68, F2, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtOpenThreadToken + B 77335E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtOpenThreadTokenEx + B 77335E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtQueryAttributesFile + 6 77335F7E 4 Bytes [A8, F0, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtQueryAttributesFile + B 77335F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtQueryFullAttributesFile + B 77336033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtSetInformationFile + 6 7733667E 4 Bytes [28, F1, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtSetInformationFile + B 77336683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtSetInformationThread + 6 773366DE 4 Bytes [28, F2, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtSetInformationThread + B 773366E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtTerminateProcess 77336908 3 Bytes JMP 0133DE79 C:\Program Files\Google\Chrome\Application\chrome.exe .text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtTerminateProcess + 4 7733690C 1 Byte [8A] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtUnmapViewOfSection + 6 773369FE 4 Bytes [68, F3, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtUnmapViewOfSection + B 77336A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtCreateFile + 6 7733560E 4 Bytes [28, B0, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtCreateFile + B 77335613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtMapViewOfSection + 6 77335C6E 4 Bytes [28, B3, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtMapViewOfSection + B 77335C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenFile + 6 77335D1E 4 Bytes [68, B0, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenFile + B 77335D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenProcess + 6 77335DCE 4 Bytes [A8, B1, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenProcess + B 77335DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenProcessToken + B 77335DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenProcessTokenEx + 6 77335DEE 4 Bytes [A8, B2, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenProcessTokenEx + B 77335DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenThread + 6 77335E4E 4 Bytes [68, B1, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenThread + B 77335E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenThreadToken + 6 77335E5E 4 Bytes [68, B2, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenThreadToken + B 77335E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenThreadTokenEx + B 77335E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtQueryAttributesFile + 6 77335F7E 4 Bytes [A8, B0, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtQueryAttributesFile + B 77335F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtQueryFullAttributesFile + B 77336033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtSetInformationFile + 6 7733667E 4 Bytes [28, B1, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtSetInformationFile + B 77336683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtSetInformationThread + 6 773366DE 4 Bytes [28, B2, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtSetInformationThread + B 773366E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtTerminateProcess 77336908 3 Bytes JMP 0133DE79 C:\Program Files\Google\Chrome\Application\chrome.exe .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtTerminateProcess + 4 7733690C 1 Byte [8A] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtUnmapViewOfSection + 6 773369FE 4 Bytes [68, B3, 2E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtUnmapViewOfSection + B 77336A03 1 Byte [E2] .text C:\Program Files\Maxthon\Bin\Maxthon.exe[5176] kernel32.dll!GetTickCount + 7 75F9C347 6 Bytes JMP 5EBE2CD0 C:\Users\Lenovo\AppData\Roaming\Maxthon3\Public\VodCtrl\MxVodCtrl.dll .text C:\Program Files\Maxthon\Bin\Maxthon.exe[5176] kernel32.dll!QueryPerformanceCounter 75F9C4D2 5 Bytes JMP 5EBE2D00 C:\Users\Lenovo\AppData\Roaming\Maxthon3\Public\VodCtrl\MxVodCtrl.dll .text C:\Program Files\Maxthon\Bin\Maxthon.exe[5176] kernel32.dll!GetSystemTime 75F9EB01 5 Bytes JMP 5EBE2AE0 C:\Users\Lenovo\AppData\Roaming\Maxthon3\Public\VodCtrl\MxVodCtrl.dll .text C:\Program Files\Maxthon\Bin\Maxthon.exe[5176] ole32.dll!CoCreateInstance 761A9D0B 5 Bytes JMP 5EBE29D0 C:\Users\Lenovo\AppData\Roaming\Maxthon3\Public\VodCtrl\MxVodCtrl.dll ---- EOF - GMER 2.1 ----