GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-11-26 17:48:01 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 298,09GB Running: gmer.exe; Driver: C:\Users\Maciek\AppData\Local\Temp\kwrdrpog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2524] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d71530 16 bytes [50, 48, B8, D0, 34, 39, F8, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2908] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d71380 16 bytes [50, 48, B8, 28, D6, 82, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2908] C:\windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076d714f0 16 bytes [50, 48, B8, 80, D5, 82, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2908] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d71510 48 bytes [50, 48, B8, FC, D4, 82, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2908] C:\windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076d71550 16 bytes [50, 48, B8, 4C, D6, 82, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2908] C:\windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076d715a0 32 bytes [50, 48, B8, A4, D5, 82, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2908] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076d715e0 16 bytes [50, 48, B8, 8C, D4, 82, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2908] C:\windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076d71680 16 bytes [50, 48, B8, D4, D5, 82, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2908] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d71800 16 bytes [50, 48, B8, 50, D3, 82, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2908] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076d72270 16 bytes [50, 48, B8, 20, D5, 82, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2908] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d722c0 16 bytes [50, 48, B8, 5C, D5, 82, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2908] C:\windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076d72410 16 bytes [50, 48, B8, E8, D5, 82, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d71380 16 bytes [50, 48, B8, 28, D6, 82, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076d714f0 16 bytes [50, 48, B8, 80, D5, 82, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d71510 48 bytes [50, 48, B8, FC, D4, 82, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076d71550 16 bytes [50, 48, B8, 4C, D6, 82, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076d715a0 32 bytes [50, 48, B8, A4, D5, 82, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076d715e0 16 bytes [50, 48, B8, 8C, D4, 82, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076d71680 16 bytes [50, 48, B8, D4, D5, 82, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d71800 16 bytes [50, 48, B8, 50, D3, 82, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076d72270 16 bytes [50, 48, B8, 20, D5, 82, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d722c0 16 bytes [50, 48, B8, 5C, D5, 82, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076d72410 16 bytes [50, 48, B8, E8, D5, 82, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2784] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d71380 16 bytes [50, 48, B8, 28, D6, 82, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2784] C:\windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076d714f0 16 bytes [50, 48, B8, 80, D5, 82, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2784] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d71510 48 bytes [50, 48, B8, FC, D4, 82, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2784] C:\windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076d71550 16 bytes [50, 48, B8, 4C, D6, 82, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2784] C:\windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076d715a0 32 bytes [50, 48, B8, A4, D5, 82, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2784] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076d715e0 16 bytes [50, 48, B8, 8C, D4, 82, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2784] C:\windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076d71680 16 bytes [50, 48, B8, D4, D5, 82, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2784] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d71800 16 bytes [50, 48, B8, 50, D3, 82, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2784] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076d72270 16 bytes [50, 48, B8, 20, D5, 82, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2784] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d722c0 16 bytes [50, 48, B8, 5C, D5, 82, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2784] C:\windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076d72410 16 bytes [50, 48, B8, E8, D5, 82, 3F, ...] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2908] @ C:\windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7feef7c0728] C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2908] @ C:\windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feef7c0568] C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2908] @ C:\windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feef7c0710] C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2908] @ C:\windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7feef7c0878] C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2908] @ C:\windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7feef7c0708] C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1232] @ C:\windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7feef7c0728] C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1232] @ C:\windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feef7c0568] C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1232] @ C:\windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feef7c0710] C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1232] @ C:\windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7feef7c0878] C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1232] @ C:\windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7feef7c0708] C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1232] @ C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll[GDI32.dll!GetFontData] [7feef091ce8] C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2784] @ C:\windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7feef7c0728] C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2784] @ C:\windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feef7c0568] C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2784] @ C:\windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feef7c0710] C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2784] @ C:\windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7feef7c0878] C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2784] @ C:\windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7feef7c0708] C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2784] @ C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll[GDI32.dll!GetFontData] [7feef091ce8] C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2784] @ C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll[KERNEL32.dll!CreateNamedPipeW] [b6c00030] ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002454f1e1f4 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cedde6a3c77 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca971071c90 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e0ca944137c2 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF8 0xB9 0x33 0xE1 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002454f1e1f4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cedde6a3c77 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca971071c90 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e0ca944137c2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF8 0xB9 0x33 0xE1 ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----