GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2016-07-10 21:21:24
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000030 SAMSUNG_ rev.2AR1 465,76GB
Running: sw4dmt2c.exe; Driver: C:\Users\Magda\AppData\Local\Temp\fwddikoc.sys


---- User code sections - GMER 2.2 ----

.text  C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2428] C:\Windows\syswow64\kernel32.dll!CreateThread + 28             00000000763934f1 4 bytes {CALL 0xffffffff8b099604}
.text  C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[3436] C:\Windows\syswow64\kernel32.dll!CreateThread + 28             00000000763934f1 4 bytes {CALL 0xffffffff8b099604}
.text  C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69        00000000769e1465 2 bytes [9E, 76]
.text  C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155       00000000769e14bb 2 bytes [9E, 76]
.text  ...                                                                                                                    * 2
.text  C:\Program Files (x86)\Steam\Steam.exe[3444] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                           00000000763a1441 7 bytes JMP 0000000073e31e90
.text  C:\Program Files (x86)\Steam\Steam.exe[3444] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                  00000000763bb23b 5 bytes JMP 0000000073e31da0
.text  C:\Program Files (x86)\Steam\Steam.exe[3444] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                  00000000764388ec 7 bytes JMP 0000000073e31d90
.text  C:\Program Files (x86)\Steam\Steam.exe[3444] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                  0000000076438971 5 bytes JMP 0000000073e31e80
.text  C:\Program Files (x86)\Steam\Steam.exe[3444] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                    0000000076438cc7 5 bytes JMP 0000000073e31e10
.text  C:\Program Files (x86)\Steam\Steam.exe[3444] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                       0000000075401094 5 bytes JMP 0000000073e32450
.text  C:\Program Files (x86)\Steam\Steam.exe[3444] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                     0000000075401142 5 bytes JMP 0000000073e324b0
.text  C:\Program Files (x86)\Steam\Steam.exe[3444] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                         0000000075401bb2 5 bytes JMP 0000000073e32520
.text  C:\Program Files (x86)\Steam\Steam.exe[3444] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                            0000000075401d92 5 bytes JMP 0000000073e32670
.text  C:\Program Files (x86)\Steam\Steam.exe[3444] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                    000000007732e9a2 5 bytes JMP 0000000073e31a00
.text  C:\Program Files (x86)\Steam\Steam.exe[3444] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                      000000007732ebdc 5 bytes JMP 0000000073e31a90
.text  C:\Program Files (x86)\Steam\Steam.exe[3444] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                           0000000076875ea5 5 bytes JMP 0000000073e31ce0
.text  C:\Program Files (x86)\Steam\Steam.exe[3444] C:\Windows\syswow64\ole32.dll!CoCreateInstance                            00000000768a9d0b 5 bytes JMP 0000000073e31c70
.text  C:\Program Files\AVAST Software\Avast\AvastUI.exe[2672] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter   00000000763987c9 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]

---- Registry - GMER 2.2 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca971a8accc                                            
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca971a8accc (not active ControlSet)                        

---- Disk sectors - GMER 2.2 ----

Disk   \Device\Harddisk0\DR0                                                                                                  unknown MBR code

---- Files - GMER 2.2 ----

File   C:\avast! sandbox                                                                                                      0 bytes
File   C:\avast! sandbox\S-1-5-21-3828739249-2784346106-312559335-1000                                                        0 bytes
File   C:\avast! sandbox\S-1-5-21-3828739249-2784346106-312559335-1000\r12                                                    0 bytes
File   C:\avast! sandbox\S-1-5-21-3828739249-2784346106-312559335-1000\r12\FRST64.exe_{276a2d25-46b7-11e6-baa4-dca971a8accc}  0 bytes
File   C:\avast! sandbox\snx_rhive                                                                                            262144 bytes
File   C:\avast! sandbox\snx_rhive.LOG1                                                                                       5120 bytes
File   C:\avast! sandbox\snx_rhive.LOG2                                                                                       0 bytes
File   C:\avast! sandbox\snx_rhive{276a2d27-46b7-11e6-baa4-dca971a8accc}.TM.blf                                               65536 bytes
File   C:\avast! sandbox\snx_rhive{276a2d27-46b7-11e6-baa4-dca971a8accc}.TMContainer00000000000000000001.regtrans-ms          524288 bytes
File   C:\avast! sandbox\snx_rhive{276a2d27-46b7-11e6-baa4-dca971a8accc}.TMContainer00000000000000000002.regtrans-ms          524288 bytes

---- EOF - GMER 2.2 ----