GMER 2.0.18444 - http://www.gmer.net Rootkit scan 2013-01-27 12:36:20 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD7500AARX-00N0YB0 rev.51.0AB51 698,64GB Running: hnx2kcmu.exe; Driver: C:\Users\Jasiek\AppData\Local\Temp\ufldypod.sys ---- User code sections - GMER 2.0 ---- .text C:\Windows\SysWOW64\PnkBstrA.exe[1960] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000731017fa 2 bytes [10, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1960] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000073101860 2 bytes [10, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1960] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000073101942 2 bytes [10, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1960] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007310194d 2 bytes [10, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1960] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076291401 2 bytes [29, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1960] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076291419 2 bytes [29, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076291431 2 bytes [29, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007629144a 2 bytes [29, 76] .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[1960] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000762914dd 2 bytes [29, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1960] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000762914f5 2 bytes [29, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1960] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007629150d 2 bytes [29, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1960] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076291525 2 bytes [29, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1960] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007629153d 2 bytes [29, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1960] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076291555 2 bytes [29, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1960] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007629156d 2 bytes [29, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1960] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076291585 2 bytes [29, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1960] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007629159d 2 bytes [29, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1960] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000762915b5 2 bytes [29, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1960] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000762915cd 2 bytes [29, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1960] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000762916b2 2 bytes [29, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1960] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000762916bd 2 bytes [29, 76] .text C:\Kernels\driver\explorer.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076291401 2 bytes [29, 76] .text C:\Kernels\driver\explorer.exe[2676] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076291419 2 bytes [29, 76] .text C:\Kernels\driver\explorer.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076291431 2 bytes [29, 76] .text C:\Kernels\driver\explorer.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007629144a 2 bytes [29, 76] .text ... * 9 .text C:\Kernels\driver\explorer.exe[2676] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000762914dd 2 bytes [29, 76] .text C:\Kernels\driver\explorer.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000762914f5 2 bytes [29, 76] .text C:\Kernels\driver\explorer.exe[2676] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007629150d 2 bytes [29, 76] .text C:\Kernels\driver\explorer.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076291525 2 bytes [29, 76] .text C:\Kernels\driver\explorer.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007629153d 2 bytes [29, 76] .text C:\Kernels\driver\explorer.exe[2676] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076291555 2 bytes [29, 76] .text C:\Kernels\driver\explorer.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007629156d 2 bytes [29, 76] .text C:\Kernels\driver\explorer.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076291585 2 bytes [29, 76] .text C:\Kernels\driver\explorer.exe[2676] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007629159d 2 bytes [29, 76] .text C:\Kernels\driver\explorer.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000762915b5 2 bytes [29, 76] .text C:\Kernels\driver\explorer.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000762915cd 2 bytes [29, 76] .text C:\Kernels\driver\explorer.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000762916b2 2 bytes [29, 76] .text C:\Kernels\driver\explorer.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000762916bd 2 bytes [29, 76] ---- Threads - GMER 2.0 ---- Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1800:3544] 000000007346e2db Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1800:3632] 000000006b258de0 Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1800:3636] 000000006b258de0 Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1800:3640] 000000006b258de0 Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1800:3644] 000000006b254e00 Thread C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe [2052:2856] 0000000073c2786a Thread C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe [2052:4920] 0000000066bad9b3 Thread C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe [2052:4932] 0000000066bad9b3 Thread C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe [2052:5004] 0000000066bad9b3 Thread C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe [2052:5040] 0000000072f062ee Thread C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe [2052:1752] 00000000736132fb Thread C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe [2052:2164] 000000006336e7f5 Thread C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe [2052:2188] 000000006336e7f5 Thread C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe [2052:4344] 000000006336e7f5 Thread C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe [2052:4376] 000000006336e7f5 Thread C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe [2052:2428] 000000006336e7f5 Thread C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe [2052:2524] 000000006336e7f5 Thread C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2168:2656] 0000000072f062ee Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2588:2804] 000007fef4da0d9c Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2588:2840] 000007fef4e69ae0 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2588:2664] 000007fef4e69ae0 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2588:2040] 000007fef4e69ae0 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2588:2144] 000007fef4e69ae0 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2588:2832] 000007fef4e69ae0 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2588:2096] 000007fef4d07470 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2588:2548] 000007fef4e69ae0 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2588:1272] 000007fef4e69ae0 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2588:1280] 000007fef4cf4a18 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2588:3096] 000007fef52a27a0 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2588:4584] 000007fef4e69ae0 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2588:2860] 000007fef4e69ae0 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2660:2360] 000007fef4da0d9c Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2660:1264] 000007fef4e69ae0 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2660:1308] 000007fef4e69ae0 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2660:1128] 000007fef4d07470 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2660:3060] 000007fef4e69ae0 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2660:1076] 000007fef52a27a0 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2660:3116] 000007fef4e69ae0 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2660:3120] 000007fef4e69ae0 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2660:3124] 000007fefbd32a7c Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2660:3128] 000007fef4e69ae0 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2660:3132] 000007fef4e69ae0 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2660:3136] 000007fefc616204 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2660:3276] 000007fef4cf4a18 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2660:3300] 000007fef4e69ae0 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2660:3424] 000007fef4e69ae0 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2660:3448] 000007fef4e69ae0 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2660:3476] 000007fef4e69ae0 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2660:3384] 000000006b9dd068 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2660:3484] 000007feebe5cec4 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2660:1116] 000007feebe5cec4 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2660:1112] 000007feebe5cec4 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2660:1376] 000007feebe5cec4 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2660:1580] 0000000069bfbccc Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2660:2572] 0000000068a32340 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2660:3848] 000007fef4e69ae0 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2660:3308] 000007fef4e69ae0 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2660:3788] 000007fef4e69ae0 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2660:4356] 000007fef4e69ae0 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2660:5088] 000007fef4e69ae0 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:4936] 0000000065466314 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:4940] 0000000077573e45 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:4948] 000000006546539b Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:4952] 000000006793c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:4956] 000000006793c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:4960] 0000000072f062ee Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:4964] 000000006793c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:4968] 000000006793c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:4972] 000000006793c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:4980] 000000006793c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:4984] 000000006793c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:4988] 000000006793c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:4992] 000000006793c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:4996] 000000006793c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:5000] 000000006793c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:5016] 0000000077572e25 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:5024] 000000006793c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:5028] 00000000686a27e1 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:5032] 0000000077577111 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:5096] 000000006793c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:4136] 000000006793c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:4148] 00000000736132fb Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:4204] 0000000077573e45 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:4208] 000000006793c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:1908] 000000006793c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:2692] 000000006793c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:4084] 000000006793c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:4128] 000000006793c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:2092] 000000006793c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:4040] 000000006793c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:4544] 000000006793c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:4540] 000000006793c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:1652] 0000000077573e45 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:1160] 000000006793c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:4092] 000000006793c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:3876] 000000006793c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:4048] 000000006793c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:4248] 000000006793c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:3472] 000000006793c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4668:4264] 000000006793c724 ---- Processes - GMER 2.0 ---- Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1800] 0000000073280000 Library ? (*** suspicious ***) @ C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe [2052] 0000000075000000 Library ? (*** suspicious ***) @ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2168] 0000000076290000 Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2588] 000007fef5700000 Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2660] 000007feff230000 ---- Files - GMER 2.0 ---- File C:\Users\Jasiek\AppData\Roaming\Microsoft\Windows\Cookies\SAC8B3HA.txt 353 bytes ---- EOF - GMER 2.0 ----