GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-06-07 19:16:25 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500325AS rev.D005DEM1 465,76GB Running: wq5pcd51.exe; Driver: C:\Users\Rostov\AppData\Local\Temp\kfrdypob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Hot Keyboard Pro\HotKeyb.exe[2488] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075c61465 2 bytes [C6, 75] .text C:\Program Files (x86)\Hot Keyboard Pro\HotKeyb.exe[2488] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075c614bb 2 bytes [C6, 75] .text ... * 2 .text C:\Program Files (x86)\PopTrayU\PopTrayU.exe[2644] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075c61465 2 bytes [C6, 75] .text C:\Program Files (x86)\PopTrayU\PopTrayU.exe[2644] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075c614bb 2 bytes [C6, 75] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread [3940:3956] 00000000713d3cbb Thread [3940:3964] 00000000773c3e45 Thread [3940:3968] 00000000715f2f3f Thread [3940:3972] 000000007347c724 Thread [3940:3976] 000000007347c724 Thread [3940:3980] 00000000737e62ee Thread [3940:3984] 000000007347c724 Thread [3940:3988] 000000007347c724 Thread [3940:3992] 000000007347c724 Thread [3940:4000] 000000007347c724 Thread [3940:4004] 000000007347c724 Thread [3940:4008] 000000007347c724 Thread [3940:4048] 000000007347c724 Thread [3940:4052] 00000000773c2e25 Thread [3940:4060] 000000007347c724 Thread [3940:4064] 000000007347c724 Thread [3940:4068] 000000007347c724 Thread [3940:4072] 00000000728427e1 Thread [3940:4076] 00000000773c7111 Thread [3940:4080] 000000007347c724 Thread [3940:4084] 000000007347c724 Thread [3940:4088] 000000007347c724 Thread [3940:3260] 000000007347c724 Thread [3940:3352] 000000007347c724 Thread [3940:3400] 000000007347c724 Thread [3940:2860] 000000007347c724 Thread [3940:3304] 000000007347c724 Thread [3940:3380] 00000000773c3e45 Thread [3940:2352] 000000007347c724 Thread [3940:2880] 000000007347c724 Thread [3940:3576] 000000007347c724 Thread [3940:3552] 00000000773c3e45 Thread [3940:3788] 000000007347c724 Thread [3940:2696] 000000007347c724 Thread [3940:1032] 0000000072aa27c1 Thread [3940:3076] 000000007347c724 Thread [3940:2080] 000000007347c724 Thread [3940:3220] 000000007347c724 Thread [3940:672] 00000000773c3e45 Thread [3940:1424] 000000007347c724 Thread [3940:1616] 000000007347c724 Thread [3940:2228] 000000007347c724 Thread [3940:2012] 000000007347c724 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{6F2468E9-71CD-4362-A2D7-4BCBB641269F}\Connection@Name isatap.{1C8CA965-180F-4FD0-8557-4C7AF53EC70D} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{698AD925-318A-4545-9B1D-B24B6B521E6E}?\Device\{3CE7C7BB-586F-42FF-A970-972E4CC9D447}?\Device\{6F2468E9-71CD-4362-A2D7-4BCBB641269F}?\Device\{9FE56F47-B175-4A3D-A07A-F70827D3D732}?\Device\{6813A5B3-8A50-445D-8645-0DB9D8CFC93D}?\Device\{9A9FE111-A0C9-43CF-B973-EDCDC64C3553}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{698AD925-318A-4545-9B1D-B24B6B521E6E}"?"{3CE7C7BB-586F-42FF-A970-972E4CC9D447}"?"{6F2468E9-71CD-4362-A2D7-4BCBB641269F}"?"{9FE56F47-B175-4A3D-A07A-F70827D3D732}"?"{6813A5B3-8A50-445D-8645-0DB9D8CFC93D}"?"{9A9FE111-A0C9-43CF-B973-EDCDC64C3553}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{698AD925-318A-4545-9B1D-B24B6B521E6E}?\Device\TCPIP6TUNNEL_{3CE7C7BB-586F-42FF-A970-972E4CC9D447}?\Device\TCPIP6TUNNEL_{6F2468E9-71CD-4362-A2D7-4BCBB641269F}?\Device\TCPIP6TUNNEL_{9FE56F47-B175-4A3D-A07A-F70827D3D732}?\Device\TCPIP6TUNNEL_{6813A5B3-8A50-445D-8645-0DB9D8CFC93D}?\Device\TCPIP6TUNNEL_{9A9FE111-A0C9-43CF-B973-EDCDC64C3553}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015007f6c3b Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\6427370fcc96 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38d054a8 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{6F2468E9-71CD-4362-A2D7-4BCBB641269F}@InterfaceName isatap.{1C8CA965-180F-4FD0-8557-4C7AF53EC70D} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{6F2468E9-71CD-4362-A2D7-4BCBB641269F}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 5538 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015007f6c3b (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\6427370fcc96 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38d054a8 (not active ControlSet) ---- EOF - GMER 2.1 ----