GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2014-11-06 18:45:04 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000036 HGST_HTS721075A9E630 rev.JB2OA3J0 698,64GB Running: m57g1hli.exe; Driver: C:\Users\Maciej\AppData\Local\Temp\ufldypod.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000226e00 15 bytes [00, F1, F6, 01, 40, 8F, 6C, ...] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 16 fffff96000226e10 11 bytes [00, 6D, FC, FF, 00, A3, C3, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\nvvsvc.exe[600] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 507 00007ffd7200169b 3 bytes [72, FD, 7F] .text C:\Windows\system32\nvvsvc.exe[600] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 515 00007ffd720016a3 3 bytes [72, FD, 7F] .text C:\Windows\system32\nvvsvc.exe[600] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 119 00007ffd7200181b 3 bytes [72, FD, 7F] .text C:\Windows\system32\nvvsvc.exe[600] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 143 00007ffd72001833 3 bytes [72, FD, 7F] .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 507 00007ffd7200169b 3 bytes [72, FD, 7F] .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 515 00007ffd720016a3 3 bytes [72, FD, 7F] .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 119 00007ffd7200181b 3 bytes [72, FD, 7F] .text C:\Windows\system32\WLANExt.exe[1440] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 143 00007ffd72001833 3 bytes [72, FD, 7F] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1324] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 507 00007ffd7200169b 3 bytes [72, FD, 7F] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1324] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 515 00007ffd720016a3 3 bytes [72, FD, 7F] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1324] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 119 00007ffd7200181b 3 bytes [72, FD, 7F] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1324] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 143 00007ffd72001833 3 bytes [72, FD, 7F] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1324] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffd61771f6a 4 bytes [77, 61, FD, 7F] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1324] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffd61771f82 4 bytes [77, 61, FD, 7F] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2768] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 507 00007ffd7200169b 3 bytes [72, FD, 7F] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2768] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 515 00007ffd720016a3 3 bytes [72, FD, 7F] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2768] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 119 00007ffd7200181b 3 bytes [72, FD, 7F] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2768] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 143 00007ffd72001833 3 bytes [72, FD, 7F] .text C:\Windows\system32\wbem\wmiprvse.exe[3936] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 507 00007ffd7200169b 3 bytes [72, FD, 7F] .text C:\Windows\system32\wbem\wmiprvse.exe[3936] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 515 00007ffd720016a3 3 bytes [72, FD, 7F] .text C:\Windows\system32\wbem\wmiprvse.exe[3936] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 119 00007ffd7200181b 3 bytes [72, FD, 7F] .text C:\Windows\system32\wbem\wmiprvse.exe[3936] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 143 00007ffd72001833 3 bytes [72, FD, 7F] .text D:\Programy\TortoiseSVN\bin\TSVNCache.exe[4408] C:\Windows\system32\KERNELBASE.dll!SetUnhandledExceptionFilter 00007ffd71cc93a0 3 bytes [33, C0, C3] .text D:\Programy\TortoiseSVN\bin\TSVNCache.exe[6884] C:\Windows\system32\KERNELBASE.dll!SetUnhandledExceptionFilter 00007ffd71cc93a0 3 bytes [33, C0, C3] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [724:756] fffff96000843b90 Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [6520:7020] 00007ffd5074d014 Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [6520:160] 00007ffd5074bbe8 Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [6520:6376] 00007ffd5090202c Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [6520:3252] 00007ffd5074d014 Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [6520:5568] 00007ffd4b3dba5c Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [6520:6936] 00007ffd4b3dba5c Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [6520:5100] 00007ffd4b3dba5c Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [6520:7088] 00007ffd5074d014 Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [6520:3940] 00007ffd5074d014 Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [6520:5460] 00007ffd5074d014 Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [6520:7072] 00007ffd5074d014 Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [6520:6224] 00007ffd5074d014 Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [6520:6476] 00007ffd5074d014 Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [6520:2992] 00007ffd5074d014 Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [6520:6328] 00007ffd5074d014 Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [6520:2232] 00007ffd5074d014 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----