GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-01-25 23:37:56 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKX-22ERMA0 rev.17.01H17 465,76GB Running: ut197j1y.exe; Driver: C:\Users\Adrian\AppData\Local\Temp\awrdypog.sys ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff88004927c0c] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3452:3844] 000007fefb1d2af8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3452:3872] 000007feed325648 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3452:3040] 000007feed286590 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3452:3028] 000007feed325648 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3452:3228] 000007fef7325124 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ??????????8??????v??????????????????????????????????????????????????????????????????????????? ???????????????????k?0?????????????????????????????????Esyst??????????????????????????????????????????? ???????????????????y??????????R????????????????4????R?????????????????Suma kontrolna bez obci??enia UDP (IPv4)????FltMgr??????? ???????????????????y??????????"????????7???????????R??????W??czone Rx??e????"??????R??????????3????????t???????7??????volume.inf??????? ??????????????????volume_install??????? ???A??????????t????????|???????????????????A??????????????? ??????????????????Microsoft????????7??????? ???????????????????n???????? ?F???????????? ???????T??????s???????????????? ??????????????????????????????$???????????????volume_install?g?~???t??????????????????? ???????A???????????????????? ?(???????????????????????3????????????? ??y???????t??W??czone Rx i Tx?t??Suma kontrolna bez obci??enia UDP (IPv6)?????????????7??{00000000-0000-0000-0000-000000000000}???????(0?????????????????????????????A?(???????????????? Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x1E 0xD3 0x6C 0x9A ... ---- EOF - GMER 2.1 ----