GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-04-19 11:14:57 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000069 ST500DM0 rev.KC45 465,76GB Running: 38scsc7n.exe; Driver: C:\Users\Madzia\AppData\Local\Temp\fxldypod.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002fbd000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 626 fffff80002fbd042 4 bytes [00, 00, 00, 00] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1668] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075aecfca 5 bytes JMP 0000000175124620 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077e41465 2 bytes [E4, 77] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077e414bb 2 bytes [E4, 77] .text ... * 2 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3640] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075aecfca 5 bytes JMP 0000000175124620 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077e41465 2 bytes [E4, 77] .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077e414bb 2 bytes [E4, 77] .text ... * 2 .text C:\Program Files (x86)\Tlen.pl\tlen.exe[3660] C:\Windows\syswow64\user32.dll!DialogBoxParamW 0000000075aecfca 5 bytes JMP 0000000175124620 .text C:\Program Files (x86)\Tlen.pl\tlen.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077e41465 2 bytes [E4, 77] .text C:\Program Files (x86)\Tlen.pl\tlen.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077e414bb 2 bytes [E4, 77] .text ... * 2 .text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[2344] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075aecfca 5 bytes JMP 0000000175124620 .text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077e41465 2 bytes [E4, 77] .text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077e414bb 2 bytes [E4, 77] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[964] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075aecfca 5 bytes JMP 0000000175124620 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077e41465 2 bytes [E4, 77] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077e414bb 2 bytes [E4, 77] .text ... * 2 ---- EOF - GMER 2.1 ----