GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-02-08 13:32:55 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_SSD_830_Series rev.CXM03B1Q 119,24GB Running: hvbgc6p0.exe; Driver: C:\Users\UZYTKO~1\AppData\Local\Temp\uxlcyaoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1688] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 000000007755faa8 5 bytes JMP 00000001726319e8 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1688] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077560038 5 bytes JMP 000000017263209e .text C:\Windows\SysWOW64\PnkBstrA.exe[1828] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000071de1a22 2 bytes [DE, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[1828] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000071de1ad0 2 bytes [DE, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[1828] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000071de1b08 2 bytes [DE, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[1828] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000071de1bba 2 bytes [DE, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[1828] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000071de1bda 2 bytes [DE, 71] .text D:\Steam\Steam.exe[2536] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 00000000760b549c 5 bytes JMP 0000000100080800 .text D:\Steam\Steam.exe[2536] C:\Windows\syswow64\WS2_32.dll!sendto 00000000764a34b5 5 bytes JMP 0000000110001bb0 .text D:\Steam\Steam.exe[2536] C:\Windows\syswow64\WS2_32.dll!WSASendTo 00000000764bb30c 5 bytes JMP 0000000110001bf0 .text C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe[2576] C:\Windows\syswow64\WS2_32.dll!sendto 00000000764a34b5 5 bytes JMP 0000000108f61bb0 .text C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe[2576] C:\Windows\syswow64\WS2_32.dll!WSASendTo 00000000764bb30c 5 bytes JMP 0000000108f61bf0 .text C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe[2576] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000769b1465 2 bytes [9B, 76] .text C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe[2576] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000769b14bb 2 bytes [9B, 76] .text ... * 2 .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000769b1465 2 bytes [9B, 76] .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769b14bb 2 bytes [9B, 76] .text ... * 2 .text C:\Users\uzytkownik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[5040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000769b1465 2 bytes [9B, 76] .text C:\Users\uzytkownik\AppData\Local\GG\Application\ggdrive\ggdrive.exe[5040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769b14bb 2 bytes [9B, 76] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000769b1465 2 bytes [9B, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769b14bb 2 bytes [9B, 76] .text ... * 2 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff8800207cea4] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3300:1292] 000007fefb4a2a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3300:4112] 000007fef2014830 Thread C:\Windows\System32\svchost.exe [2668:5412] 000007fef1389688 ---- Processes - GMER 2.1 ---- Library C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2944] (GG drive overlay/GG Network S.A.)(2012-09-26 11:41:17) 000000005c080000 Library C:\Users\UZYTKO~1\AppData\Local\Temp\detectlib2536.dll (*** suspicious ***) @ D:\Steam\Steam.exe [2536](2014-02-08 11:21:10) 0000000010000000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00268339390f Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00268339390f (not active ControlSet) ---- EOF - GMER 2.1 ----