GMER 2.0.18444 - http://www.gmer.net Rootkit scan 2013-01-18 07:14:36 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD5000AAKX-001CA0 rev.15.01H15 465,76GB Running: kwq88s51.exe; Driver: C:\Users\Krzyniek\AppData\Local\Temp\ufddrkow.sys ---- User code sections - GMER 2.0 ---- .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1412] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000749e87b1 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075221401 2 bytes [22, 75] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1412] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075221419 2 bytes [22, 75] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075221431 2 bytes [22, 75] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007522144a 2 bytes [22, 75] .text ... * 9 .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1412] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752214dd 2 bytes [22, 75] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752214f5 2 bytes [22, 75] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1412] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007522150d 2 bytes [22, 75] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075221525 2 bytes [22, 75] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007522153d 2 bytes [22, 75] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1412] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075221555 2 bytes [22, 75] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007522156d 2 bytes [22, 75] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075221585 2 bytes [22, 75] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1412] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007522159d 2 bytes [22, 75] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752215b5 2 bytes [22, 75] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752215cd 2 bytes [22, 75] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752216b2 2 bytes [22, 75] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752216bd 2 bytes [22, 75] ---- User IAT/EAT - GMER 2.0 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1660] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef9522750] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1660] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef9522b98] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1660] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef9527de0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1660] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef9528130] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1660] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef9521908] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1660] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef9521c00] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1660] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef95281d8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1660] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef9522878] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1660] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef9527a5c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1660] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmIncrement] [7fef9526c48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1660] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef95277bc] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1660] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef9527064] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1660] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef9526544] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1660] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef9525e30] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- Threads - GMER 2.0 ---- Thread C:\Windows\System32\svchost.exe [2848:1328] 000007fef6199688 ---- Processes - GMER 2.0 ---- Library ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [2848] 000007fefcf30000 ---- EOF - GMER 2.0 ----