GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-08-15 11:25:28 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000LM024_HN-M101MBB rev.2BA30001 931,51GB Running: rc3nucml.exe; Driver: C:\Users\Andrzej\AppData\Local\Temp\kxdiqpob.sys ---- User code sections - GMER 2.1 ---- .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c61401 2 bytes JMP 7691b20b C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[4676] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c61419 2 bytes JMP 7691b336 C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c61431 2 bytes JMP 76998f39 C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c6144a 2 bytes CALL 768f4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[4676] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c614dd 2 bytes JMP 76998832 C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c614f5 2 bytes JMP 76998a08 C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[4676] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c6150d 2 bytes JMP 76998728 C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c61525 2 bytes JMP 76998af2 C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c6153d 2 bytes JMP 7690fc98 C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[4676] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c61555 2 bytes JMP 769168df C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c6156d 2 bytes JMP 76998ff1 C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c61585 2 bytes JMP 76998b52 C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[4676] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c6159d 2 bytes JMP 769986ec C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c615b5 2 bytes JMP 7690fd31 C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c615cd 2 bytes JMP 7691b2cc C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c616b2 2 bytes JMP 76998eb4 C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c616bd 2 bytes JMP 76998681 C:\Windows\syswow64\kernel32.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\mfevtps.exe[1648] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryA] [13fdf1ba0] C:\Windows\system32\mfevtps.exe ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----