GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-04-11 18:03:00 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500420ASG rev.0002SDM1 465,76GB Running: gmer.exe; Driver: C:\Users\lapek\AppData\Local\Temp\kwrdqkog.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82A8E9E9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AC81C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\explorer.exe[1740] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [740E24CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\explorer.exe[1740] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [740C562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\explorer.exe[1740] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [740C56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\explorer.exe[1740] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [740E2546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\explorer.exe[1740] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [740D85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\explorer.exe[1740] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [740D4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\explorer.exe[1740] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [740D5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\explorer.exe[1740] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [740D51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\explorer.exe[1740] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [740D6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\explorer.exe[1740] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [740D8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\explorer.exe[1740] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [740D8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\explorer.exe[1740] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [740D90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\explorer.exe[1740] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [740DE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\explorer.exe[1740] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [740D4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- EOF - GMER 2.1 ----