GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-10-30 19:12:59 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000038 ST1000LM024_HN-M101MBB rev.2BA30001 931,51GB Running: gmer.exe; Driver: C:\Users\SAWEK6~1\AppData\Local\Temp\kfrdypob.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff960000b4300 15 bytes [00, 0B, F2, 01, 00, 06, 6C, ...] .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff960000b4310 8 bytes [00, D7, FB, FF, 00, D3, CD, ...] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [712:736] fffff9600089e2d0 Thread [1444:1568] 0000000077534a00 Thread [1444:1572] 00000000749ef28e Thread [1444:1580] 000000007723b5b0 Thread [1444:1616] 000000007375c120 Thread [1444:1980] 0000000073b2b5b0 Thread [1444:1984] 0000000073b2a840 Thread [1444:1692] 00000000749ef28e Thread [1444:1148] 0000000077534a00 Thread [1444:1968] 00000000770ad7e0 Thread [1444:1816] 0000000073b15b60 Thread [1444:1964] 0000000073b15b60 Thread [1444:1960] 0000000073b15b60 Thread [1444:1956] 0000000073b15b60 Thread [1444:128] 0000000073b15b60 Thread [1444:2052] 0000000073b15b60 Thread [1444:2056] 0000000073b15b60 Thread [1444:2060] 0000000073b15b60 Thread [1444:2064] 0000000073b15b60 Thread [1444:2068] 0000000073b16bb0 Thread [1444:2072] 0000000073b16bb0 Thread [1444:2076] 0000000073b16110 Thread [1444:2080] 0000000073b75200 Thread [1444:2084] 0000000073b73ff0 Thread [1444:2088] 0000000073b74470 Thread [1444:2092] 0000000073b19040 Thread [1444:2096] 0000000073b19040 Thread [1444:2100] 0000000073b19040 Thread [1444:2104] 0000000073b19040 Thread [1444:2108] 0000000073b19040 Thread [1444:2112] 0000000073b19040 Thread [1444:2116] 0000000073b19040 Thread [1444:2120] 0000000073b19040 Thread [1444:2124] 0000000073b19040 Thread [1444:2128] 0000000073b18d30 Thread [1444:2136] 0000000071eb1080 Thread [1444:2140] 0000000071e714b0 Thread [1444:2144] 0000000071e754c0 Thread [1444:2148] 0000000071e754c0 Thread [1444:2156] 0000000073b2c5c0 Thread [1444:2160] 0000000073b18420 Thread [1444:2164] 00000000749ef28e Thread [1444:2168] 0000000071d5c640 Thread [1444:2172] 0000000073b95a40 Thread [1444:2188] 0000000073ab7840 Thread [1444:2192] 0000000071eb16d0 Thread [1444:2196] 0000000071a4b290 Thread [1444:2208] 00000000749ef28e Thread [1444:2216] 0000000073c9f620 Thread [1444:2220] 0000000073ca25d0 Thread [1444:2224] 00000000749ef28e Thread [1444:2272] 00000000749ef28e Thread [1444:2292] 00000000749ef28e Thread [1444:2296] 00000000749ef28e Thread [1444:2300] 00000000749ef28e Thread [1444:2304] 00000000749ef28e Thread [1444:2308] 00000000749ef28e Thread [1444:2312] 00000000749ef28e Thread [1444:2316] 00000000749ef28e Thread [1444:2320] 00000000749ef28e Thread [1444:2324] 00000000749ef28e Thread [1444:2328] 00000000749ef28e Thread [1444:2348] 00000000718c83a0 Thread [1444:2352] 00000000718c83a0 Thread [1444:2356] 00000000718c83a0 Thread [1444:2360] 00000000718c83a0 Thread [1444:2364] 00000000718c83a0 Thread [1444:2368] 00000000718c83a0 Thread [1444:2372] 00000000718c83a0 Thread [1444:2376] 00000000718c83a0 Thread [1444:2380] 00000000718c83a0 Thread [1444:2384] 00000000718c83a0 Thread [1444:2392] 00000000749ef28e Thread [1444:2448] 0000000073bb72b0 Thread [1444:2452] 00000000749ef28e Thread [1444:2484] 00000000749ef28e Thread [1444:2524] 00000000749ef28e Thread [1444:2540] 00000000749ef28e Thread [1444:2672] 00000000749ef28e Thread [1444:2676] 00000000749ef28e Thread [1444:2432] 0000000077534a00 Thread [1444:2436] 00000000749ef28e Thread [1444:5520] 0000000077534a00 Thread [1444:4320] 0000000077534a00 Thread [1444:4512] 0000000077534a00 Thread [1444:4972] 0000000077534a00 Thread [1444:4020] 00000000719ccf40 ---- Processes - GMER 2.1 ---- Library C:\Users\S (*** suspicious ***) @ C:\WINDOWS\Explorer.EXE [4024] 000000005ff80000 Library C:\Users\S (*** suspicious ***) @ C:\WINDOWS\explorer.exe [800] 000000005ff80000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----