GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-11-08 15:48:19 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD754JJ rev.1AJ10001 698,64GB Running: tddivu4v.exe; Driver: C:\Users\prywal\AppData\Local\Temp\uwdiapob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1916] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075011401 2 bytes JMP 7506b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1916] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075011419 2 bytes JMP 7506b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1916] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075011431 2 bytes JMP 750e8f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1916] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007501144a 2 bytes CALL 7504489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1916] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000750114dd 2 bytes JMP 750e8822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1916] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000750114f5 2 bytes JMP 750e89f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1916] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007501150d 2 bytes JMP 750e8718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1916] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075011525 2 bytes JMP 750e8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1916] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007501153d 2 bytes JMP 7505fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1916] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075011555 2 bytes JMP 750668ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1916] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007501156d 2 bytes JMP 750e8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1916] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075011585 2 bytes JMP 750e8b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1916] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007501159d 2 bytes JMP 750e86dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1916] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000750115b5 2 bytes JMP 7505fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1916] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000750115cd 2 bytes JMP 7506b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1916] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000750116b2 2 bytes JMP 750e8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1916] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000750116bd 2 bytes JMP 750e8671 C:\Windows\syswow64\kernel32.dll ---- Registry - GMER 2.1 ---- Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\prywal\Downloads\pliki r\x2c7\xacne\ComboFix.exe 1 ---- EOF - GMER 2.1 ----