GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-04-21 21:18:26 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003c WDC_WD10JPVX-22JC3T0 rev.01.01A01 931,51GB Running: v3c0yun4.exe; Driver: C:\Users\Grzegorz\AppData\Local\Temp\kwdiqpod.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffdd4673e10 7 bytes JMP 00007ffed38e0260 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffdd4673e20 7 bytes JMP 00007ffed38e0298 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffdd47239b0 7 bytes JMP 00007ffed38e0340 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffdd4723ef0 7 bytes JMP 00007ffed38e02d0 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffdd4723fe0 7 bytes JMP 00007ffed38e0308 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffdd47506c0 7 bytes JMP 00007ffed38e01f0 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffdd4750730 7 bytes JMP 00007ffed38e0228 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffdd39421d0 5 bytes JMP 00007ffed38e0180 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffdd39429d0 7 bytes JMP 00007ffed38e00d8 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffdd3944310 5 bytes JMP 00007ffed38e0110 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffdd3948d80 5 bytes JMP 00007ffed38e0148 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffdd39bf0b0 5 bytes JMP 00007ffed38e01b8 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffdd4306d90 1 byte JMP 00007ffed38e0420 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ffdd4306d92 8 bytes {JMP 0xffffffffff5d9690} .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffdd43174a0 5 bytes JMP 00007ffed38e03e8 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffdd4317560 9 bytes JMP 00007ffed38e0378 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffdd4317730 5 bytes JMP 00007ffed38e0458 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffdd4326b10 5 bytes JMP 00007ffed38e03b0 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffdd41a1500 1 byte JMP 00007ffed38e0490 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffdd41a1502 6 bytes {JMP 0xffffffffff73ef90} .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffdd41a1750 8 bytes JMP 00007ffed38e04c8 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 00007ffdd1277750 5 bytes JMP 00007ffed10f00d8 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 00007ffdd1278ee0 5 bytes JMP 00007ffed10f0110 .text C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe[3260] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 00007ffdd4673e10 7 bytes JMP 00007ffed38e0260 .text C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe[3260] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 00007ffdd4673e20 7 bytes JMP 00007ffed38e0298 .text C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe[3260] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 00007ffdd47239b0 7 bytes JMP 00007ffed38e0340 .text C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe[3260] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 00007ffdd4723ef0 7 bytes JMP 00007ffed38e02d0 .text C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe[3260] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 00007ffdd4723fe0 7 bytes JMP 00007ffed38e0308 .text C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe[3260] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 00007ffdd47506c0 7 bytes JMP 00007ffed38e01f0 .text C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe[3260] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 00007ffdd4750730 7 bytes JMP 00007ffed38e0228 .text C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe[3260] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffdd39421d0 5 bytes JMP 00007ffed38e0180 .text C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe[3260] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffdd39429d0 7 bytes JMP 00007ffed38e00d8 .text C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe[3260] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffdd3944310 5 bytes JMP 00007ffed38e0110 .text C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe[3260] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffdd3948d80 5 bytes JMP 00007ffed38e0148 .text C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe[3260] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffdd39bf0b0 5 bytes JMP 00007ffed38e01b8 .text C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe[3260] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffdd4306d90 1 byte JMP 00007ffed38e0420 .text C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe[3260] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ffdd4306d92 8 bytes {JMP 0xffffffffff5d9690} .text C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe[3260] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffdd43174a0 5 bytes JMP 00007ffed38e03e8 .text C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe[3260] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffdd4317560 9 bytes JMP 00007ffed38e0378 .text C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe[3260] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffdd4317730 5 bytes JMP 00007ffed38e0458 .text C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe[3260] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffdd4326b10 5 bytes JMP 00007ffed38e03b0 .text C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe[3260] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffdd41a1500 1 byte JMP 00007ffed38e0490 .text C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe[3260] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffdd41a1502 6 bytes {JMP 0xffffffffff73ef90} .text C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe[3260] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffdd41a1750 8 bytes JMP 00007ffed38e04c8 ---- Devices - GMER 2.1 ---- Device \Driver\WINIO \Device\WinIo fffff800ef159100 ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [612:2668] fffff960009002d0 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----