GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-04-12 13:18:39 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\00000063 MAXTOR_STM380211AS rev.3.AAE 74,53GB Running: odszds57.exe; Driver: C:\DOCUME~1\viola\USTAWI~1\Temp\kwxyipoc.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[364] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [18, F0, C3, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[364] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[456] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 48, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[456] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[456] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 4B, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[456] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[456] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 48, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[456] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[456] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 49, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[456] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[456] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED62 .text C:\Program Files\Google\Chrome\Application\chrome.exe[456] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[456] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 4A, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[456] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[456] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 49, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[456] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[456] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 4A, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[456] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[456] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EDD3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[456] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[456] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 48, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[456] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[456] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EF01 .text C:\Program Files\Google\Chrome\Application\chrome.exe[456] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[456] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 49, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[456] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[456] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 4A, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[456] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[456] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 4B, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[456] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 78, 7E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 7B, 7E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 78, 7E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 79, 7E, 00] {TEST AL, 0x79; JLE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B915492 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 7A, 7E, 00] {TEST AL, 0x7a; JLE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 79, 7E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 7A, 7E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B915503 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 78, 7E, 00] {TEST AL, 0x78; JLE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B915631 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 79, 7E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 7A, 7E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 7B, 7E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1572] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, E4, FC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1572] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1572] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, E7, FC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1572] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1572] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, E4, FC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1572] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1572] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, E5, FC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1572] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1572] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91D2FE .text C:\Program Files\Google\Chrome\Application\chrome.exe[1572] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1572] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, E6, FC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1572] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1572] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, E5, FC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1572] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1572] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, E6, FC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1572] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1572] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91D36F .text C:\Program Files\Google\Chrome\Application\chrome.exe[1572] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1572] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, E4, FC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1572] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1572] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91D49D .text C:\Program Files\Google\Chrome\Application\chrome.exe[1572] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1572] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, E5, FC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1572] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1572] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, E6, FC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1572] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1572] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, E7, FC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1572] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 90, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 93, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 90, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 91, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90FCAA .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 92, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 91, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 92, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90FD1B .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 90, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90FE49 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 91, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 92, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 93, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] ---- Devices - GMER 2.2 ---- AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.sys AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys ---- EOF - GMER 2.2 ----