GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-04-08 16:22:35 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD800BB-00JHC0 rev.05.01C05 Running: 1vph3sc6.exe; Driver: C:\DOCUME~1\Gawrych1\USTAWI~1\Temp\fwldqpob.sys ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\wscntfy.exe[808] kernel32.dll!TerminateProcess 7C801E16 1 Byte [C3] .text C:\WINDOWS\system32\wscntfy.exe[808] kernel32.dll!TerminateThread 7C81CACB 1 Byte [C3] .text C:\Documents and Settings\Gawrych1\Moje dokumenty\Downloads\OTL.exe[1084] kernel32.dll!TerminateProcess 7C801E16 1 Byte [C3] .text C:\Documents and Settings\Gawrych1\Moje dokumenty\Downloads\OTL.exe[1084] kernel32.dll!TerminateThread 7C81CACB 1 Byte [C3] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1384] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 19, 00] {SUB [EAX], AL; SBB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1384] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1384] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1384] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 19, 00] {SUB [EBX], AL; SBB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1384] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1384] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 19, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1384] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1384] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 19, 00] {TEST AL, 0x1; SBB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1384] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1384] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F69C .text C:\Program Files\Google\Chrome\Application\chrome.exe[1384] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1384] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 19, 00] {TEST AL, 0x2; SBB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1384] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1384] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 19, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1384] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1384] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 19, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1384] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1384] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F730 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1384] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1384] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 19, 00] {TEST AL, 0x0; SBB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1384] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1384] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F8BD .text C:\Program Files\Google\Chrome\Application\chrome.exe[1384] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1384] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 19, 00] {SUB [ECX], AL; SBB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1384] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1384] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 19, 00] {SUB [EDX], AL; SBB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1384] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1384] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1384] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 19, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1384] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1384] kernel32.dll!TerminateProcess 7C801E16 1 Byte [C3] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1384] kernel32.dll!TerminateThread 7C81CACB 1 Byte [C3] .text C:\Documents and Settings\Gawrych1\Moje dokumenty\Downloads\1vph3sc6.exe[1400] kernel32.dll!TerminateProcess 7C801E16 1 Byte [C3] .text C:\Documents and Settings\Gawrych1\Moje dokumenty\Downloads\1vph3sc6.exe[1400] kernel32.dll!TerminateThread 7C81CACB 1 Byte [C3] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1656] kernel32.dll!TerminateProcess 7C801E16 1 Byte [C3] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1656] kernel32.dll!TerminateThread 7C81CACB 1 Byte [C3] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider) AttachedDevice \FileSystem\Fastfat \Fat sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider) ---- EOF - GMER 1.0.15 ----