GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-03-07 22:26:13 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000075 TOSHIBA_ rev.GT00 298,09GB Running: sw3y20nh.exe; Driver: C:\Users\Jozek\AppData\Local\Temp\ugddqkow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800033ef000 45 bytes [00, 00, 29, 00, 54, 78, 66, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800033ef02f 17 bytes [00, 30, 60, 86, 0A, 80, FA, ...] ---- Threads - GMER 2.1 ---- Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5716:1472] 00000000750a7587 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5716:5584] 00000000627f7712 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5716:1960] 0000000077112e65 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5716:4540] 0000000077113e85 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5716:6200] 0000000077113e85 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5716:6024] 0000000077113e85 ---- Processes - GMER 2.1 ---- Process C:\Users\Jozek\AppData\Local\Softonic\Softonic.exe (*** suspicious ***) @ C:\Users\Jozek\AppData\Local\Softonic\Softonic.exe [3068] (Softonic/Softonic)(2014-02-18 09:56:04) 0000000001130000 Library C:\Users\Jozek\AppData\Local\Softonic\QtCore4.dll (*** suspicious ***) @ C:\Users\Jozek\AppData\Local\Softonic\Softonic.exe [3068] 0000000067000000 Library C:\Users\Jozek\AppData\Local\Softonic\QtGui4.dll (*** suspicious ***) @ C:\Users\Jozek\AppData\Local\Softonic\Softonic.exe [3068](2 0000000065000000 Library C:\Users\Jozek\AppData\Local\Softonic\CrashRpt1300.dll (*** suspicious ***) @ C:\Users\Jozek\AppData\Local\Softonic\Softonic.exe [3068](2012-06-28 10:09:06) 00000000736a0000 Library C:\Users\Jozek\AppData\Local\Softonic\libcef.dll (*** suspicious ***) @ C:\Users\Jozek\AppData\Local\Softonic\Softonic.exe [3068](2 000000006ef10000 Library C:\Users\Jozek\AppData\Local\Softonic\pl-pl.dll (*** suspicious ***) @ C:\Users\Jozek\AppData\Local\Softonic\Softonic.exe [3068] (Softonic/Softonic)(2013-03-26 15:33:06) 000000006e840000 Library C:\Users\Jozek\AppData\Local\Softonic\imageformats\qgif4.dll (*** suspicious ***) @ C:\Users\Jozek\AppData\Local\Softonic\Softonic.exe [3068](2011-03-18 11:01:08) 0000000010000000 Library C:\Users\Jozek\AppData\Local\Softonic\icudt.dll (*** suspicious ***) @ C:\Users\Jozek\AppData\Local\Softonic\Softonic.exe [3068] (ICU Data DLL/The ICU Project)(2013-10-22 09:28:52) 0000000004900000 Library C:\Users\Jozek\AppData\Local\Softonic\libglesv2.dll (*** suspicious ***) @ C:\Users\Jozek\AppData\Local\Softonic\Softonic.exe [3068](2013-10-22 09:28:52) 0000000065b60000 Library C:\Users\Jozek\AppData\Local\Softonic\libegl.dll (*** suspicious ***) @ C:\Users\Jozek\AppData\Local\Softonic\Softonic.exe [3068](2 0000000065b30000 ---- EOF - GMER 2.1 ----