GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-07 01:27:21 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003e Hitachi_HTS547575A9E384 rev.JE4OA60A 698,64GB Running: 84duvlcl.exe; Driver: C:\Users\Piotr-pc\AppData\Local\Temp\fxlorpoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fa8bcd1532 4 bytes [CD, 8B, FA, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fa8bcd153a 4 bytes [CD, 8B, FA, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fa8bcd165a 4 bytes [CD, 8B, FA, 07] .text C:\Windows\system32\nvvsvc.exe[1048] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007fa8bcd1532 4 bytes [CD, 8B, FA, 07] .text C:\Windows\system32\nvvsvc.exe[1048] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007fa8bcd153a 4 bytes [CD, 8B, FA, 07] .text C:\Windows\system32\nvvsvc.exe[1048] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007fa8bcd165a 4 bytes [CD, 8B, FA, 07] .text C:\Windows\system32\nvvsvc.exe[1048] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fa9041177a 4 bytes [41, 90, FA, 07] .text C:\Windows\system32\nvvsvc.exe[1048] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fa90411782 4 bytes [41, 90, FA, 07] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2548] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fa9041177a 4 bytes [41, 90, FA, 07] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2548] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fa90411782 4 bytes [41, 90, FA, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4340] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fa8bcd1532 4 bytes [CD, 8B, FA, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4340] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fa8bcd153a 4 bytes [CD, 8B, FA, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4340] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fa8bcd165a 4 bytes [CD, 8B, FA, 07] .text C:\Windows\system32\igfxpers.exe[4872] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fa9041177a 4 bytes [41, 90, FA, 07] .text C:\Windows\system32\igfxpers.exe[4872] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fa90411782 4 bytes [41, 90, FA, 07] .text C:\Windows\system32\wbem\WmiApSrv.exe[2824] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fa9041177a 4 bytes [41, 90, FA, 07] .text C:\Windows\system32\wbem\WmiApSrv.exe[2824] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fa90411782 4 bytes [41, 90, FA, 07] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [596:612] fffff96000a255e8 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----