GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-02-07 19:00:34 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD502HJ rev.1AJ10001 465,76GB Running: kt5u0jfb.exe; Driver: C:\Users\Patryk\AppData\Local\Temp\ffdiapob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1956] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000763a8781 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1956] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075b31401 2 bytes JMP 763cb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1956] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075b31419 2 bytes JMP 763cb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1956] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075b31431 2 bytes JMP 76448fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1956] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000075b3144a 2 bytes CALL 763a489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1956] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000075b314dd 2 bytes JMP 764488c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1956] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075b314f5 2 bytes JMP 76448aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1956] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000075b3150d 2 bytes JMP 764487ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1956] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075b31525 2 bytes JMP 76448b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1956] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000075b3153d 2 bytes JMP 763bfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1956] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075b31555 2 bytes JMP 763c68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1956] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000075b3156d 2 bytes JMP 76449089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1956] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075b31585 2 bytes JMP 76448bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1956] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000075b3159d 2 bytes JMP 7644877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1956] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000075b315b5 2 bytes JMP 763bfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1956] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000075b315cd 2 bytes JMP 763cb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1956] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075b316b2 2 bytes JMP 76448f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1956] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075b316bd 2 bytes JMP 76448713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2244] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075b31401 2 bytes JMP 763cb21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2244] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075b31419 2 bytes JMP 763cb346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2244] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075b31431 2 bytes JMP 76448fd1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2244] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000075b3144a 2 bytes CALL 763a489d C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2244] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000075b314dd 2 bytes JMP 764488c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2244] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075b314f5 2 bytes JMP 76448aa0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2244] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000075b3150d 2 bytes JMP 764487ba C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2244] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075b31525 2 bytes JMP 76448b8a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2244] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000075b3153d 2 bytes JMP 763bfca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2244] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075b31555 2 bytes JMP 763c68ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2244] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000075b3156d 2 bytes JMP 76449089 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2244] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075b31585 2 bytes JMP 76448bea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2244] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000075b3159d 2 bytes JMP 7644877e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2244] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000075b315b5 2 bytes JMP 763bfd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2244] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000075b315cd 2 bytes JMP 763cb2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2244] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075b316b2 2 bytes JMP 76448f4c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2244] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075b316bd 2 bytes JMP 76448713 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2272] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077902ab1 5 bytes JMP 00000001009a36f6 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5612] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075b31401 2 bytes JMP 763cb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5612] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075b31419 2 bytes JMP 763cb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075b31431 2 bytes JMP 76448fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075b3144a 2 bytes CALL 763a489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5612] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075b314dd 2 bytes JMP 764488c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5612] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075b314f5 2 bytes JMP 76448aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5612] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075b3150d 2 bytes JMP 764487ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5612] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075b31525 2 bytes JMP 76448b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5612] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075b3153d 2 bytes JMP 763bfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5612] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075b31555 2 bytes JMP 763c68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5612] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075b3156d 2 bytes JMP 76449089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5612] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075b31585 2 bytes JMP 76448bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5612] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075b3159d 2 bytes JMP 7644877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5612] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075b315b5 2 bytes JMP 763bfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5612] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075b315cd 2 bytes JMP 763cb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5612] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075b316b2 2 bytes JMP 76448f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5612] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075b316bd 2 bytes JMP 76448713 C:\Windows\syswow64\kernel32.dll .text C:\Users\Patryk\Desktop\kt5u0jfb.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075b31401 2 bytes JMP 763cb21b C:\Windows\syswow64\kernel32.dll .text C:\Users\Patryk\Desktop\kt5u0jfb.exe[1476] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075b31419 2 bytes JMP 763cb346 C:\Windows\syswow64\kernel32.dll .text C:\Users\Patryk\Desktop\kt5u0jfb.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075b31431 2 bytes JMP 76448fd1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Patryk\Desktop\kt5u0jfb.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075b3144a 2 bytes CALL 763a489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Patryk\Desktop\kt5u0jfb.exe[1476] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075b314dd 2 bytes JMP 764488c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Patryk\Desktop\kt5u0jfb.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075b314f5 2 bytes JMP 76448aa0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Patryk\Desktop\kt5u0jfb.exe[1476] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075b3150d 2 bytes JMP 764487ba C:\Windows\syswow64\kernel32.dll .text C:\Users\Patryk\Desktop\kt5u0jfb.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075b31525 2 bytes JMP 76448b8a C:\Windows\syswow64\kernel32.dll .text C:\Users\Patryk\Desktop\kt5u0jfb.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075b3153d 2 bytes JMP 763bfca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Patryk\Desktop\kt5u0jfb.exe[1476] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075b31555 2 bytes JMP 763c68ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Patryk\Desktop\kt5u0jfb.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075b3156d 2 bytes JMP 76449089 C:\Windows\syswow64\kernel32.dll .text C:\Users\Patryk\Desktop\kt5u0jfb.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075b31585 2 bytes JMP 76448bea C:\Windows\syswow64\kernel32.dll .text C:\Users\Patryk\Desktop\kt5u0jfb.exe[1476] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075b3159d 2 bytes JMP 7644877e C:\Windows\syswow64\kernel32.dll .text C:\Users\Patryk\Desktop\kt5u0jfb.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075b315b5 2 bytes JMP 763bfd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\Patryk\Desktop\kt5u0jfb.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075b315cd 2 bytes JMP 763cb2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\Patryk\Desktop\kt5u0jfb.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075b316b2 2 bytes JMP 76448f4c C:\Windows\syswow64\kernel32.dll .text C:\Users\Patryk\Desktop\kt5u0jfb.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075b316bd 2 bytes JMP 76448713 C:\Windows\syswow64\kernel32.dll ---- EOF - GMER 2.1 ----