GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-12-10 20:33:13 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000035 ST1000LM014-SSHD-8GB rev.LVD3 931,51GB Running: f08v36uo.exe; Driver: C:\Users\Mateusz\AppData\Local\Temp\kwrdrpoc.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff96000090100 15 bytes [40, A1, F1, 01, C0, E7, 6B, ...] .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff96000090110 11 bytes [00, 22, FC, FF, C0, DC, CA, ...] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [728:756] fffff960008e12d0 Thread C:\WINDOWS\Explorer.EXE [4468:2240] 00007ffc4ec5e630 Thread C:\WINDOWS\Explorer.EXE [4468:2720] 00007ffc5778e630 ---- Processes - GMER 2.1 ---- Library C:\Users\Mateusz\AppData\Local\SweetLabs App Platform\Engine\libPokki.dll (*** suspicious ***) @ C:\Users\Mateusz\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [1188] (Chromium/The Chromium Authors)(2015-10-30 16:20:24) 0000000058480000 Library C:\Users\Mateusz\AppData\Local\SweetLabs App Platform\Engine\icudt.dll (*** suspicious ***) @ C:\Users\Mateusz\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [1188] (ICU Data DLL/The ICU Project)(2015-04-28 20:15:22) 00000000578b0000 Library C:\Users\Mateusz\AppData\Local\SweetLabs App Platform\Engine\ppGoogleNaClPluginChrome.dll (*** suspicious ***) @ C:\Users\Mateusz\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [1188](2015-04-28 20:15:22) 0000000056880000 Library C:\Users\Mateusz\AppData\Local\SweetLabs App Platform\Engine\avcodec-54.dll (*** suspicious ***) @ C:\Users\Mateusz\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [1188](2015-04-28 20:15:22) 0000000056680000 Library C:\Users\Mateusz\AppData\Local\SweetLabs App Platform\Engine\avutil-51.dll (*** suspicious ***) @ C:\Users\Mateusz\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [1188](2015-04-28 20:15:22) 0000000068870000 Library C:\Users\Mateusz\AppData\Local\SweetLabs App Platform\Engine\avformat-54.dll (*** suspicious ***) @ C:\Users\Mateusz\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [1188](2015-04-28 20:15:22) 0000000056640000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----