GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-10-26 13:53:42 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 Crucial_CT256MX100SSD1 rev.MU01 238,47GB Running: j1rt4x7h.exe; Driver: C:\Users\Marek\AppData\Local\Temp\uwldrpob.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[780] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter 0000000077659010 4 bytes [C3, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075951401 2 bytes JMP 752fb263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1664] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075951419 2 bytes JMP 752fb38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075951431 2 bytes JMP 753790f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007595144a 2 bytes CALL 752d48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1664] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759514dd 2 bytes JMP 753789ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759514f5 2 bytes JMP 75378bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1664] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007595150d 2 bytes JMP 753788e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075951525 2 bytes JMP 75378caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007595153d 2 bytes JMP 752efce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1664] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075951555 2 bytes JMP 752f6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007595156d 2 bytes JMP 753791a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075951585 2 bytes JMP 75378d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1664] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007595159d 2 bytes JMP 753788a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759515b5 2 bytes JMP 752efd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759515cd 2 bytes JMP 752fb324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759516b2 2 bytes JMP 7537906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759516bd 2 bytes JMP 75378839 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\AppecivreSpA\AppecivreSpA.exe[1696] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075951401 2 bytes JMP 752fb263 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\AppecivreSpA\AppecivreSpA.exe[1696] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075951419 2 bytes JMP 752fb38e C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\AppecivreSpA\AppecivreSpA.exe[1696] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075951431 2 bytes JMP 753790f1 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\AppecivreSpA\AppecivreSpA.exe[1696] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007595144a 2 bytes CALL 752d48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\AppecivreSpA\AppecivreSpA.exe[1696] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000759514dd 2 bytes JMP 753789ea C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\AppecivreSpA\AppecivreSpA.exe[1696] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000759514f5 2 bytes JMP 75378bc0 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\AppecivreSpA\AppecivreSpA.exe[1696] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007595150d 2 bytes JMP 753788e0 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\AppecivreSpA\AppecivreSpA.exe[1696] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075951525 2 bytes JMP 75378caa C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\AppecivreSpA\AppecivreSpA.exe[1696] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007595153d 2 bytes JMP 752efce8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\AppecivreSpA\AppecivreSpA.exe[1696] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075951555 2 bytes JMP 752f6937 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\AppecivreSpA\AppecivreSpA.exe[1696] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007595156d 2 bytes JMP 753791a9 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\AppecivreSpA\AppecivreSpA.exe[1696] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075951585 2 bytes JMP 75378d0a C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\AppecivreSpA\AppecivreSpA.exe[1696] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007595159d 2 bytes JMP 753788a4 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\AppecivreSpA\AppecivreSpA.exe[1696] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000759515b5 2 bytes JMP 752efd81 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\AppecivreSpA\AppecivreSpA.exe[1696] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000759515cd 2 bytes JMP 752fb324 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\AppecivreSpA\AppecivreSpA.exe[1696] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000759516b2 2 bytes JMP 7537906c C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\AppecivreSpA\AppecivreSpA.exe[1696] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000759516bd 2 bytes JMP 75378839 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\DCHP\DCHP.exe[1800] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075951401 2 bytes JMP 752fb263 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\DCHP\DCHP.exe[1800] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075951419 2 bytes JMP 752fb38e C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\DCHP\DCHP.exe[1800] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075951431 2 bytes JMP 753790f1 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\DCHP\DCHP.exe[1800] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007595144a 2 bytes CALL 752d48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\DCHP\DCHP.exe[1800] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000759514dd 2 bytes JMP 753789ea C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\DCHP\DCHP.exe[1800] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000759514f5 2 bytes JMP 75378bc0 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\DCHP\DCHP.exe[1800] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007595150d 2 bytes JMP 753788e0 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\DCHP\DCHP.exe[1800] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075951525 2 bytes JMP 75378caa C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\DCHP\DCHP.exe[1800] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007595153d 2 bytes JMP 752efce8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\DCHP\DCHP.exe[1800] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075951555 2 bytes JMP 752f6937 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\DCHP\DCHP.exe[1800] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007595156d 2 bytes JMP 753791a9 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\DCHP\DCHP.exe[1800] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075951585 2 bytes JMP 75378d0a C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\DCHP\DCHP.exe[1800] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007595159d 2 bytes JMP 753788a4 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\DCHP\DCHP.exe[1800] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000759515b5 2 bytes JMP 752efd81 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\DCHP\DCHP.exe[1800] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000759515cd 2 bytes JMP 752fb324 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\DCHP\DCHP.exe[1800] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000759516b2 2 bytes JMP 7537906c C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\DCHP\DCHP.exe[1800] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000759516bd 2 bytes JMP 75378839 C:\Windows\syswow64\kernel32.dll ---- Files - GMER 2.2 ---- File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00224.log 1048576 bytes File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00225.log 0 bytes ---- EOF - GMER 2.2 ----