GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-04-26 14:21:24 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EADS-00M2B0 rev.01.00A01 931,51GB Running: 8dfk4m15.exe; Driver: C:\Users\Ann\AppData\Local\Temp\pwldrpow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002fed000 45 bytes [00, 00, D9, 02, 56, 69, 4D, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff80002fed02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[696] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b4ef8d 1 byte [62] .text C:\Windows\system32\services.exe[752] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b4ef8d 1 byte [62] .text C:\Windows\system32\winlogon.exe[796] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b4ef8d 1 byte [62] .text C:\Windows\system32\atiesrxx.exe[360] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b4ef8d 1 byte [62] .text C:\Windows\System32\svchost.exe[644] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b4ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1036] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b4ef8d 1 byte [62] .text C:\Windows\Explorer.EXE[1820] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b4ef8d 1 byte [62] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1960] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b4ef8d 1 byte [62] .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[1988] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000075daa2fd 1 byte [62] .text C:\Program Files (x86)\Mega Browse\updateMegaBrowse.exe[2488] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000075daa2fd 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2544] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b4ef8d 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2664] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075daa2fd 1 byte [62] .text C:\Program Files (x86)\Mega Browse\bin\utilMegaBrowse.exe[2968] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000075daa2fd 1 byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3192] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b4ef8d 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4752] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075daa2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4820] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075daa2fd 1 byte [62] .text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b4ef8d 1 byte [62] .text C:\Users\Ann\Desktop\OTL.exe[3456] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075daa2fd 1 byte [62] .text C:\Users\Ann\Desktop\OTL.exe[3456] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000075c11465 2 bytes [C1, 75] .text C:\Users\Ann\Desktop\OTL.exe[3456] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 0000000075c114bb 2 bytes [C1, 75] .text ... * 2 .text c:\program files\windows defender\MpCmdRun.exe[3272] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b4ef8d 1 byte [62] .text C:\Users\Ann\Desktop\8dfk4m15.exe[5024] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075daa2fd 1 byte [62] ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???&?????????????????????i??0\???????????W??to??a1???????????.??????????? J??????.???????6????N??&??????????5???{4d36e972-e325-11ce-bfc1-08002be10318}???????????+???????h???.?.?.??m????????????e???????&???-?-?&???????????\??as??????p????&??Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje os?ony dzia?aj?ce w czasie rzeczywistym, kwarantann? oraz harmonogram zada?.????\SystemRoot\system32\drivers\aswRdr2.sys?ys??????????&?????????e?????????&??????????PNP_TDI??????????????&???&???????&???????????????????????????????&?&?&?&?&?&?&?&?&????6??&???C?????n????avast! WFP Redirect driver??????? ?????????????&?????&?,????????\?)???????????????????????????????????V??&?????????+????\SystemRoot\system32\drivers\aswMonFlt.sys?ys???FltMgr???&???????&?????????e????aswMonFlt?????(??&??????????FSFilter Anti-Virus??????????????&???&???????&??????????????????????????t????&?&?&?&?&?&?&?&?&????L????????????n????%SystemRoot%\System32\iologmsg.dll;%SystemRoot%\System32\drivers\evbda.sys????? ---- EOF - GMER 2.1 ----