GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-21 18:26:27 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1200BEVS-07LAT0 rev.01.06M01 111,79GB Running: jpykv5vs.exe; Driver: C:\Users\user\AppData\Local\Temp\pxldypod.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwCreateThread [0x8BD5A7F0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwLoadDriver [0x8BD5A8B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSystemInformation [0x8BD5A870] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSystemDebugControl [0x8BD5A830] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRequestWaitReplyPort + 1495 82A8A9E5 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AC4312 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 1203 82ACB688 4 Bytes [F0, A7, D5, 8B] {CMPSD ; AAD 0x8b} .text ntkrnlpa.exe!KeRemoveQueueEx + 1313 82ACB798 4 Bytes [B0, A8, D5, 8B] {MOV AL, 0xa8; AAD 0x8b} .text ntkrnlpa.exe!KeRemoveQueueEx + 161F 82ACBAA4 4 Bytes [70, A8, D5, 8B] {JO 0xffffffaa; AAD 0x8b} .text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82ACBAEC 4 Bytes [30, A8, D5, 8B] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET Endpoint Antivirus\ekrn.exe[1892] kernel32.dll!SetUnhandledExceptionFilter 7603F5AB 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtCreateFile + 6 7733560E 4 Bytes [28, 68, 13, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtCreateFile + B 77335613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtMapViewOfSection + 6 77335C6E 4 Bytes [28, 6B, 13, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtMapViewOfSection + B 77335C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenFile + 6 77335D1E 4 Bytes [68, 68, 13, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenFile + B 77335D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenProcess + 6 77335DCE 4 Bytes [A8, 69, 13, 00] {TEST AL, 0x69; ADC EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenProcess + B 77335DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenProcessToken + B 77335DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenProcessTokenEx + 6 77335DEE 4 Bytes [A8, 6A, 13, 00] {TEST AL, 0x6a; ADC EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenProcessTokenEx + B 77335DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenThread + 6 77335E4E 4 Bytes [68, 69, 13, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenThread + B 77335E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenThreadToken + 6 77335E5E 4 Bytes [68, 6A, 13, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenThreadToken + B 77335E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenThreadTokenEx + B 77335E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtQueryAttributesFile + 6 77335F7E 4 Bytes [A8, 68, 13, 00] {TEST AL, 0x68; ADC EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtQueryAttributesFile + B 77335F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtQueryFullAttributesFile + B 77336033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtSetInformationFile + 6 7733667E 4 Bytes [28, 69, 13, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtSetInformationFile + B 77336683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtSetInformationThread + 6 773366DE 4 Bytes [28, 6A, 13, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtSetInformationThread + B 773366E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtUnmapViewOfSection + 6 773369FE 4 Bytes [68, 6B, 13, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtUnmapViewOfSection + B 77336A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtMapViewOfSection + 6 77335C6E 4 Bytes [18, 20, 00, 6E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtMapViewOfSection + B 77335C73 1 Byte [E2] ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@5C6EAB6E 181 Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@CheckPointNumber 198 Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{846C8BEB-20EC-11E3-BEC5-806E6F6E6963} 1594068504 ---- EOF - GMER 2.1 ----