GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-06-10 22:46:35 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000001b WDC_WD10JPVX-75JC3T0 rev.01.01A01 931,51GB Running: b8sjpez0.exe; Driver: C:\Users\Kuba\AppData\Local\Temp\uxldypoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\atiesrxx.exe[956] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe3816169a 4 bytes [16, 38, FE, 7F] .text C:\Windows\system32\atiesrxx.exe[956] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe381616a2 4 bytes [16, 38, FE, 7F] .text C:\Windows\system32\atiesrxx.exe[956] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe3816181a 4 bytes [16, 38, FE, 7F] .text C:\Windows\system32\atiesrxx.exe[956] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe38161832 4 bytes [16, 38, FE, 7F] .text C:\Windows\system32\mfevtps.exe[2076] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffe3816169a 4 bytes [16, 38, FE, 7F] .text C:\Windows\system32\mfevtps.exe[2076] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffe381616a2 4 bytes [16, 38, FE, 7F] .text C:\Windows\system32\mfevtps.exe[2076] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118 00007ffe3816181a 4 bytes [16, 38, FE, 7F] .text C:\Windows\system32\mfevtps.exe[2076] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142 00007ffe38161832 4 bytes [16, 38, FE, 7F] .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2264] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe3816169a 4 bytes [16, 38, FE, 7F] .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2264] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe381616a2 4 bytes [16, 38, FE, 7F] .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2264] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe3816181a 4 bytes [16, 38, FE, 7F] .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2264] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe38161832 4 bytes [16, 38, FE, 7F] .text C:\Windows\system32\atieclxx.exe[6124] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe3816169a 4 bytes [16, 38, FE, 7F] .text C:\Windows\system32\atieclxx.exe[6124] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe381616a2 4 bytes [16, 38, FE, 7F] .text C:\Windows\system32\atieclxx.exe[6124] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe3816181a 4 bytes [16, 38, FE, 7F] .text C:\Windows\system32\atieclxx.exe[6124] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe38161832 4 bytes [16, 38, FE, 7F] .text C:\Windows\Explorer.EXE[1012] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe3816169a 4 bytes [16, 38, FE, 7F] .text C:\Windows\Explorer.EXE[1012] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe381616a2 4 bytes [16, 38, FE, 7F] .text C:\Windows\Explorer.EXE[1012] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe3816181a 4 bytes [16, 38, FE, 7F] .text C:\Windows\Explorer.EXE[1012] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe38161832 4 bytes [16, 38, FE, 7F] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3816] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe3816169a 4 bytes [16, 38, FE, 7F] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3816] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe381616a2 4 bytes [16, 38, FE, 7F] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3816] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe3816181a 4 bytes [16, 38, FE, 7F] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3816] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe38161832 4 bytes [16, 38, FE, 7F] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3816] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffe300d1f6a 4 bytes [0D, 30, FE, 7F] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3816] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffe300d1f82 4 bytes [0D, 30, FE, 7F] .text C:\Program Files\Internet Explorer\iexplore.exe[4204] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe3816169a 4 bytes [16, 38, FE, 7F] .text C:\Program Files\Internet Explorer\iexplore.exe[4204] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe381616a2 4 bytes [16, 38, FE, 7F] .text C:\Program Files\Internet Explorer\iexplore.exe[4204] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe3816181a 4 bytes [16, 38, FE, 7F] .text C:\Program Files\Internet Explorer\iexplore.exe[4204] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe38161832 4 bytes [16, 38, FE, 7F] .text C:\Windows\system32\NOTEPAD.EXE[5840] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe3816169a 4 bytes [16, 38, FE, 7F] .text C:\Windows\system32\NOTEPAD.EXE[5840] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe381616a2 4 bytes [16, 38, FE, 7F] .text C:\Windows\system32\NOTEPAD.EXE[5840] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe3816181a 4 bytes [16, 38, FE, 7F] .text C:\Windows\system32\NOTEPAD.EXE[5840] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe38161832 4 bytes [16, 38, FE, 7F] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [4860:3140] fffff96000872b90 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----