GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-03-07 11:17:36 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3250318AS rev.CC38 232,89GB Running: 8mytdwsk.exe; Driver: C:\Users\Mirek\AppData\Local\Temp\kwddikog.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\Slimjet\slimjet.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000775cbdb0 14 bytes {MOV RAX, 0x7fef25549f4; JMP RAX} ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff880043a3964] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\AUDIODG.EXE[3932] @ C:\Windows\system32\AUDIODG.EXE[ntdll.dll!NtClose] [77730010] IAT C:\Windows\system32\AUDIODG.EXE[3932] @ C:\Windows\system32\AUDIODG.EXE[ntdll.dll!NtAlpcSendWaitReceivePort] [77730000] IAT C:\Windows\system32\AUDIODG.EXE[3932] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtClose] [77730010] IAT C:\Windows\system32\AUDIODG.EXE[3932] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtClose] [77730010] IAT C:\Windows\system32\AUDIODG.EXE[3932] @ C:\Windows\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [77730000] IAT C:\Windows\system32\AUDIODG.EXE[3932] @ C:\Windows\system32\RPCRT4.dll[ntdll.dll!NtClose] [77730010] IAT C:\Windows\system32\AUDIODG.EXE[3932] @ C:\Windows\system32\USER32.dll[ntdll.dll!NtClose] [77730010] IAT C:\Windows\system32\AUDIODG.EXE[3932] @ C:\Windows\system32\GDI32.dll[ntdll.dll!NtClose] [77730010] IAT C:\Windows\system32\AUDIODG.EXE[3932] @ C:\Windows\system32\ole32.dll[ntdll.dll!NtClose] [77730010] IAT C:\Windows\system32\AUDIODG.EXE[3932] @ C:\Windows\system32\MSCTF.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [77730000] IAT C:\Windows\system32\AUDIODG.EXE[3932] @ C:\Windows\system32\MSCTF.dll[ntdll.dll!NtClose] [77730010] IAT C:\Windows\system32\AUDIODG.EXE[3932] @ C:\Windows\system32\ADVAPI32.dll[ntdll.dll!NtClose] [77730010] IAT C:\Windows\system32\AUDIODG.EXE[3932] @ C:\Windows\system32\CRYPTBASE.dll[ntdll.dll!NtClose] [77730010] IAT C:\Windows\system32\AUDIODG.EXE[3932] @ C:\Windows\system32\RpcRtRemote.dll[ntdll.dll!NtClose] [77730010] IAT C:\Windows\system32\AUDIODG.EXE[3932] @ C:\Windows\system32\ntmarta.dll[ntdll.dll!NtClose] [77730010] IAT C:\Windows\system32\AUDIODG.EXE[3932] @ C:\Windows\system32\CRYPTSP.dll[ntdll.dll!NtClose] [77730010] IAT C:\Windows\system32\AUDIODG.EXE[3932] @ C:\Windows\system32\rsaenh.dll[ntdll.dll!NtClose] [77730010] IAT C:\Windows\system32\AUDIODG.EXE[3932] @ C:\Windows\System32\audioses.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [77730000] IAT C:\Windows\system32\AUDIODG.EXE[3932] @ C:\Windows\System32\AVRT.dll[ntdll.dll!NtClose] [77730010] IAT C:\Windows\system32\AUDIODG.EXE[3932] @ C:\Windows\System32\AVRT.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [77730000] IAT C:\Windows\system32\AUDIODG.EXE[3932] @ C:\Windows\system32\SETUPAPI.dll[ntdll.dll!NtClose] [77730010] IAT C:\Windows\system32\AUDIODG.EXE[3932] @ C:\Windows\system32\CRYPT32.dll[ntdll.dll!NtClose] [77730010] IAT C:\Windows\system32\AUDIODG.EXE[3932] @ C:\Windows\system32\WS2_32.dll[ntdll.dll!NtClose] [77730010] ---- EOF - GMER 2.2 ----