GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-04-20 19:52:35
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000030 ST1000LM024_HN-M101MBB rev.2AR20002 931.51GB
Running: 4edd5veo.exe; Driver: C:\Users\Basia\AppData\Local\Temp\kwddrpow.sys


---- Kernel code sections - GMER 2.1 ----

.text   C:\WINDOWS\System32\win32k.sys!W32pServiceTable                                                               fffff9600022fa00 15 bytes [00, 2E, F4, 01, 80, A0, 6E, ...]
.text   C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 17                                                          fffff9600022fa11 10 bytes [5E, FC, FF, 00, BB, C7, 00, ...]

---- User code sections - GMER 2.1 ----

.text   C:\WINDOWS\system32\dwm.exe[1004] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation                    00007fff7c293e10 7 bytes JMP 0000800079c70260
.text   C:\WINDOWS\system32\dwm.exe[1004] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW                           00007fff7c293e20 7 bytes JMP 0000800079c70298
.text   C:\WINDOWS\system32\dwm.exe[1004] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW                             00007fff7c3439b0 7 bytes JMP 0000800079c70340
.text   C:\WINDOWS\system32\dwm.exe[1004] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW                            00007fff7c343ef0 7 bytes JMP 0000800079c702d0
.text   C:\WINDOWS\system32\dwm.exe[1004] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA                             00007fff7c343fe0 7 bytes JMP 0000800079c70308
.text   C:\WINDOWS\system32\dwm.exe[1004] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx                    00007fff7c3706c0 7 bytes JMP 0000800079c701f0
.text   C:\WINDOWS\system32\dwm.exe[1004] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW                      00007fff7c370730 7 bytes JMP 0000800079c70228
.text   C:\WINDOWS\system32\dwm.exe[1004] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary                              00007fff79cd21d0 5 bytes JMP 0000800079c70180
.text   C:\WINDOWS\system32\dwm.exe[1004] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW                         00007fff79cd29d0 7 bytes JMP 0000800079c700d8
.text   C:\WINDOWS\system32\dwm.exe[1004] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW                       00007fff79cd4310 5 bytes JMP 0000800079c70110
.text   C:\WINDOWS\system32\dwm.exe[1004] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW                           00007fff79cd8d80 5 bytes JMP 0000800079c70148
.text   C:\WINDOWS\system32\dwm.exe[1004] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW                     00007fff79d4f0b0 5 bytes JMP 0000800079c701b8
.text   C:\WINDOWS\system32\dwm.exe[1004] C:\WINDOWS\system32\USER32.dll!CreateWindowExW                              00007fff7c7a6d90 1 byte JMP 0000800079c70420
.text   C:\WINDOWS\system32\dwm.exe[1004] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2                          00007fff7c7a6d92 8 bytes {JMP 0xfffffffffd4c9690}
.text   C:\WINDOWS\system32\dwm.exe[1004] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW                          00007fff7c7b74a0 5 bytes JMP 0000800079c703e8
.text   C:\WINDOWS\system32\dwm.exe[1004] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo                   00007fff7c7b7560 9 bytes JMP 0000800079c70378
.text   C:\WINDOWS\system32\dwm.exe[1004] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW                     00007fff7c7b7730 5 bytes JMP 0000800079c70458
.text   C:\WINDOWS\system32\dwm.exe[1004] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA                          00007fff7c7c6b10 5 bytes JMP 0000800079c703b0
.text   C:\WINDOWS\system32\dwm.exe[1004] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList                      00007fff7a0e1500 1 byte JMP 0000800079c70490
.text   C:\WINDOWS\system32\dwm.exe[1004] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2                  00007fff7a0e1502 1 byte [EF]
.text   ...                                                                                                           * 2
.text   C:\WINDOWS\system32\dwm.exe[1004] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo                        00007fff7a0e1750 3 bytes JMP 0000800079c704c8
.text   C:\WINDOWS\system32\dwm.exe[1004] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4                    00007fff7a0e1754 4 bytes [FF, CC, CC, CC]
.text   C:\WINDOWS\system32\dwm.exe[1004] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory                              00007fff77a77750 5 bytes JMP 0000800077a600d8
.text   C:\WINDOWS\system32\dwm.exe[1004] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory1                             00007fff77a78ee0 5 bytes JMP 0000800077a60110
.text   C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[5456] C:\WINDOWS\system32\SHELL32.dll!SHParseDisplayName  00007fff7a44c6e0 5 bytes JMP 000080003c7a04d8

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [680:704]                                                                       fffff960009572d0

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                         unknown MBR code

---- EOF - GMER 2.1 ----