GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-02-04 08:42:52 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVT-22A23T0 rev.01.01A01 232,89GB Running: 6trfy4f3.exe; Driver: C:\Users\ADMIN\AppData\Local\Temp\uwddakob.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003805000 63 bytes [00, 00, 0D, 02, 41, 76, 67, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592 fffff80003805040 73 bytes {SAR BYTE [RAX+0x25], 0x4; CMP DL, 0xff; CALL QWORD [RAX-0x7ffb9d04]} ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077551465 2 bytes [55, 77] .text C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775514bb 2 bytes [55, 77] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\svchost.exe [1172:2652] 000007fef53c506c Thread C:\Windows\system32\svchost.exe [1172:3416] 000007fef87f5124 Thread C:\Windows\system32\svchost.exe [1172:7084] 000007fef9b61ab0 Thread C:\Windows\system32\svchost.exe [1436:2832] 000007fef7c35170 Thread C:\Windows\system32\svchost.exe [1436:5764] 000007fefa02341c Thread C:\Windows\system32\svchost.exe [1436:5536] 000007fefa023a2c Thread C:\Windows\system32\svchost.exe [1436:1552] 000007fefa023768 Thread C:\Windows\system32\svchost.exe [1436:1824] 000007fefa025c20 Thread C:\Windows\system32\svchost.exe [1436:2504] 000007fefa023900 Thread C:\Windows\system32\WLANExt.exe [1524:1568] 000000018000b674 Thread C:\Windows\system32\WLANExt.exe [1524:1572] 000000018000b690 Thread C:\Windows\system32\WLANExt.exe [1524:1576] 000000018000b658 Thread C:\Windows\system32\WLANExt.exe [1524:1580] 0000000180022170 Thread C:\Windows\system32\WLANExt.exe [1524:1584] 000007fef8fe2f9c Thread C:\Windows\system32\svchost.exe [1808:1832] 000007fefcefa808 Thread C:\Windows\system32\svchost.exe [1808:1892] 000007fef8797130 Thread C:\Windows\system32\svchost.exe [1808:1896] 000007fef878d5c0 Thread C:\Windows\system32\svchost.exe [2724:2740] 000007fefcefa808 Thread C:\Windows\system32\svchost.exe [1904:2280] 000007feed758470 Thread C:\Windows\system32\svchost.exe [1904:3332] 000007feed762418 Thread C:\Windows\system32\svchost.exe [1904:912] 000007feed76976c Thread C:\Windows\system32\svchost.exe [1904:4848] 000007fef48d4734 Thread C:\Windows\system32\svchost.exe [1904:4036] 000007fef48d4734 ---- Registry - GMER 2.1 ---- Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electronic Arts\SimCity\x2122 Społeczności Na wakacjach\SimCity\x2122 Społeczności Na wakacjach.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\SimCity\x2122 Społeczności Na wakacjach\SimCity\x2122 Społeczności Na wakacjach.lnk 1 ---- EOF - GMER 2.1 ----