GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-05-25 13:37:47
Windows 6.1.7600  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-4 ST3120827AS rev.3.42 111,79GB
Running: thvi3kom.exe; Driver: C:\Users\sebek\AppData\Local\Temp\kwddykog.sys


---- System - GMER 2.1 ----

Code            \??\C:\Windows\system32\drivers\hitmanpro37.sys                                                                         ZwAllocateVirtualMemory [0xA4867562]
Code            \??\C:\Windows\system32\drivers\hitmanpro37.sys                                                                         NtAllocateVirtualMemory

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                         83062579 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                  83086F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE            ntkrnlpa.exe!NtAllocateVirtualMemory                                                                                    8326AE0F 5 Bytes  JMP A4867566 \??\C:\Windows\system32\drivers\hitmanpro37.sys
PAGE            spsys.sys!?SPRevision@@3PADA + 4F90                                                                                     A488D000 290 Bytes  [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 50B3                                                                                     A488D123 629 Bytes  [85, 88, A4, FE, 05, 34, 85, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 5329                                                                                     A488D399 101 Bytes  [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 538F                                                                                     A488D3FF 148 Bytes  [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 543B                                                                                     A488D4AB 2228 Bytes  [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE            ...                                                                                                                     

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation)

---- Registry - GMER 2.1 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{71ED2E9F-FE54-11D5-8BD9-806E6F6E6963}  3463755896

---- Files - GMER 2.1 ----

File            C:\Users\sebek\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thmF7A7.tmp                                  0 bytes
File            C:\Users\sebek\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thmF7A8.tmp                                  0 bytes
File            C:\Users\sebek\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thmF7A9.tmp                                  0 bytes
File            C:\Users\sebek\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thmF7AA.tmp                                  0 bytes
File            C:\Users\sebek\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thmF7AB.tmp                                  0 bytes

---- EOF - GMER 2.1 ----