GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-08-25 00:38:05 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST500LT012-1DG142 rev.0001SDM1 465.76GB Running: zgd72mvm.exe; Driver: C:\Users\Maciek\AppData\Local\Temp\ufdiypod.sys ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!ZwSaveKeyEx + 13B1 82C478A9 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C672F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92427000, 0x2D5378, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtMapViewOfSection + 6 77305076 4 Bytes [18, 20, 4A, 6B] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtMapViewOfSection + B 7730507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtCreateFile + 6 77304A16 4 Bytes [28, 8C, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtCreateFile + B 77304A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtMapViewOfSection + 6 77305076 4 Bytes [28, 8F, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtMapViewOfSection + B 7730507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenFile + 6 77305126 4 Bytes [68, 8C, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenFile + B 7730512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenProcess + 6 773051D6 4 Bytes [A8, 8D, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenProcess + B 773051DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenProcessToken + 6 773051E6 4 Bytes CALL 76306F78 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenProcessToken + B 773051EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenProcessTokenEx + 6 773051F6 4 Bytes [A8, 8E, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenProcessTokenEx + B 773051FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenThread + 6 77305256 4 Bytes [68, 8D, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenThread + B 7730525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenThreadToken + 6 77305266 4 Bytes [68, 8E, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenThreadToken + B 7730526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenThreadTokenEx + 6 77305276 4 Bytes CALL 76307009 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenThreadTokenEx + B 7730527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtQueryAttributesFile + 6 77305386 4 Bytes [A8, 8C, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtQueryAttributesFile + B 7730538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtQueryFullAttributesFile + 6 77305436 4 Bytes CALL 763071C7 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtQueryFullAttributesFile + B 7730543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtSetInformationFile + 6 77305A86 4 Bytes [28, 8D, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtSetInformationFile + B 77305A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtSetInformationThread + 6 77305AE6 4 Bytes [28, 8E, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtSetInformationThread + B 77305AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtUnmapViewOfSection + 6 77305E06 4 Bytes [68, 8F, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtUnmapViewOfSection + B 77305E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtCreateFile + 6 77304A16 4 Bytes [28, 50, D9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtCreateFile + B 77304A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtMapViewOfSection + 6 77305076 4 Bytes [28, 53, D9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtMapViewOfSection + B 7730507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenFile + 6 77305126 4 Bytes [68, 50, D9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenFile + B 7730512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenProcess + 6 773051D6 4 Bytes [A8, 51, D9, 00] {TEST AL, 0x51; FLD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenProcess + B 773051DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenProcessToken + 6 773051E6 4 Bytes CALL 76312B3C C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenProcessToken + B 773051EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenProcessTokenEx + 6 773051F6 4 Bytes [A8, 52, D9, 00] {TEST AL, 0x52; FLD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenProcessTokenEx + B 773051FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenThread + 6 77305256 4 Bytes [68, 51, D9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenThread + B 7730525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenThreadToken + 6 77305266 4 Bytes [68, 52, D9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenThreadToken + B 7730526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenThreadTokenEx + 6 77305276 4 Bytes CALL 76312BCD C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenThreadTokenEx + B 7730527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtQueryAttributesFile + 6 77305386 4 Bytes [A8, 50, D9, 00] {TEST AL, 0x50; FLD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtQueryAttributesFile + B 7730538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtQueryFullAttributesFile + 6 77305436 4 Bytes CALL 76312D8B C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtQueryFullAttributesFile + B 7730543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtSetInformationFile + 6 77305A86 4 Bytes [28, 51, D9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtSetInformationFile + B 77305A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtSetInformationThread + 6 77305AE6 4 Bytes [28, 52, D9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtSetInformationThread + B 77305AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtUnmapViewOfSection + 6 77305E06 4 Bytes [68, 53, D9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtUnmapViewOfSection + B 77305E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtCreateFile + 6 77304A16 4 Bytes [28, 38, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtCreateFile + B 77304A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtMapViewOfSection + 6 77305076 4 Bytes [28, 3B, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtMapViewOfSection + B 7730507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenFile + 6 77305126 4 Bytes [68, 38, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenFile + B 7730512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcess + 6 773051D6 4 Bytes [A8, 39, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcess + B 773051DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcessToken + 6 773051E6 4 Bytes CALL 76314124 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcessToken + B 773051EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcessTokenEx + 6 773051F6 4 Bytes [A8, 3A, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcessTokenEx + B 773051FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThread + 6 77305256 4 Bytes [68, 39, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThread + B 7730525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThreadToken + 6 77305266 4 Bytes [68, 3A, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThreadToken + B 7730526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThreadTokenEx + 6 77305276 4 Bytes CALL 763141B5 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThreadTokenEx + B 7730527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtQueryAttributesFile + 6 77305386 4 Bytes [A8, 38, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtQueryAttributesFile + B 7730538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtQueryFullAttributesFile + 6 77305436 4 Bytes CALL 76314373 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtQueryFullAttributesFile + B 7730543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtSetInformationFile + 6 77305A86 4 Bytes [28, 39, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtSetInformationFile + B 77305A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtSetInformationThread + 6 77305AE6 4 Bytes [28, 3A, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtSetInformationThread + B 77305AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtUnmapViewOfSection + 6 77305E06 4 Bytes [68, 3B, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtUnmapViewOfSection + B 77305E0B 1 Byte [E2] ---- EOF - GMER 2.1 ----