GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-07-20 18:23:14 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK2565GSXN rev.GH101M 232,89GB Running: 05. gmer - NIE DOTYKAC.exe; Driver: C:\Users\szary\AppData\Local\Temp\fgddqkob.sys ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\lsass.exe [688:716] 000007fefc90ed90 Thread C:\Windows\System32\svchost.exe [956:1060] 000007fefb58f2f4 Thread C:\Windows\System32\svchost.exe [956:1080] 000007fefb506204 Thread C:\Windows\System32\svchost.exe [956:1188] 000007fefa522070 Thread C:\Windows\System32\svchost.exe [956:1196] 000007fefa425428 Thread C:\Windows\System32\svchost.exe [956:5172] 000007fef63f5fd0 Thread C:\Windows\System32\svchost.exe [956:5232] 000007fefe3ac608 Thread C:\Windows\System32\svchost.exe [956:5560] 000007feeca16b8c Thread C:\Windows\System32\svchost.exe [956:760] 000007feeca11d88 Thread C:\Windows\System32\svchost.exe [956:5168] 000007fefa46a828 Thread C:\Windows\System32\svchost.exe [108:1280] 000007fef9e559a0 Thread C:\Windows\System32\svchost.exe [108:1504] 000007fefc621a70 Thread C:\Windows\System32\svchost.exe [108:5448] 000007feeec244e0 Thread C:\Windows\System32\svchost.exe [108:5840] 000007fef1243efc Thread C:\Windows\System32\svchost.exe [108:5888] 000007fef1288a4c Thread C:\Windows\System32\svchost.exe [108:1420] 000007fefab288f8 Thread C:\Windows\system32\svchost.exe [464:4020] 000007feed2b0ea8 Thread C:\Windows\system32\svchost.exe [464:4032] 000007feed2a9db0 Thread C:\Windows\system32\svchost.exe [464:4052] 000007feed2aaa10 Thread C:\Windows\system32\svchost.exe [464:2188] 000007feed2b1c94 Thread C:\Windows\system32\svchost.exe [464:5176] 000007fef14cd3c8 Thread C:\Windows\system32\svchost.exe [464:5180] 000007fef14cd3c8 Thread C:\Windows\system32\svchost.exe [464:5184] 000007fef14cd3c8 Thread C:\Windows\system32\svchost.exe [464:5188] 000007fef14cd3c8 Thread C:\Windows\system32\svchost.exe [748:1424] 000007fef9a41e00 Thread C:\Windows\system32\svchost.exe [748:1436] 000007fef98e1a50 Thread C:\Windows\system32\svchost.exe [748:3352] 000007fefc621a70 Thread C:\Windows\system32\svchost.exe [748:3876] 000007fefc621a70 Thread C:\Windows\system32\svchost.exe [748:4284] 000007fef7d3506c Thread C:\Windows\system32\svchost.exe [748:4288] 000007fef86e1c20 Thread C:\Windows\system32\svchost.exe [748:4948] 000007fef86e1c20 Thread C:\Windows\system32\svchost.exe [748:5196] 000007fef4411ab0 Thread C:\Windows\system32\svchost.exe [1096:1208] 000007fefa648274 Thread C:\Windows\system32\svchost.exe [1096:1668] 000007fefa648274 Thread C:\Windows\system32\svchost.exe [1180:1236] 000007fefa3e341c Thread C:\Windows\system32\svchost.exe [1180:1244] 000007fefa2bbd88 Thread C:\Windows\system32\svchost.exe [1180:1256] 000007fefa3e3a2c Thread C:\Windows\system32\svchost.exe [1180:1260] 000007fefa3e5c20 Thread C:\Windows\system32\svchost.exe [1180:1264] 000007fefa3e3768 Thread C:\Windows\system32\svchost.exe [1180:2476] 000007fef8a05170 Thread C:\Windows\system32\svchost.exe [1180:5532] 000007fefa135124 Thread C:\Windows\system32\svchost.exe [1180:5540] 000007fefa3e3900 Thread C:\Windows\system32\svchost.exe [1316:1524] 000007fefc621a70 Thread C:\Windows\system32\svchost.exe [1316:1532] 000007fefc621a70 Thread C:\Windows\system32\svchost.exe [1316:1544] 000007fefc621a70 Thread C:\Windows\system32\svchost.exe [1316:1552] 000007fef96d2c70 Thread C:\Windows\system32\svchost.exe [1316:1564] 000007fef96dfb40 Thread C:\Windows\system32\svchost.exe [1316:1576] 000007fef96f1d20 Thread C:\Windows\system32\svchost.exe [1316:1580] 000007fef96df6f0 Thread C:\Windows\system32\svchost.exe [1316:2416] 000007fef84e35c0 Thread C:\Windows\system32\svchost.exe [1316:844] 000007fef84e5600 Thread C:\Windows\system32\svchost.exe [1316:4244] 000007feec7b2888 Thread C:\Windows\system32\svchost.exe [1316:4260] 000007feec6c2940 Thread C:\Windows\system32\svchost.exe [1316:3732] 000007feec7b2a40 Thread C:\Windows\system32\WLANExt.exe [1344:1400] 000000018000b674 Thread C:\Windows\system32\WLANExt.exe [1344:1404] 000000018000b690 Thread C:\Windows\system32\WLANExt.exe [1344:1408] 000000018000b658 Thread C:\Windows\system32\WLANExt.exe [1344:1412] 0000000180022170 Thread C:\Windows\system32\WLANExt.exe [1344:1416] 000007fef99f2f9c Thread C:\Windows\System32\spoolsv.exe [1456:2372] 000007fef68910c8 Thread C:\Windows\System32\spoolsv.exe [1456:2376] 000007fef6856144 Thread C:\Windows\System32\spoolsv.exe [1456:2380] 000007fef63f5fd0 Thread C:\Windows\System32\spoolsv.exe [1456:2384] 000007fef6833438 Thread C:\Windows\System32\spoolsv.exe [1456:2388] 000007fef63f63ec Thread C:\Windows\System32\spoolsv.exe [1456:2396] 000007fef8cd5e5c Thread C:\Windows\System32\spoolsv.exe [1456:2400] 000007fef8d85074 Thread C:\Windows\system32\taskhost.exe [1660:1712] 000007fef95b1f38 Thread C:\Windows\system32\taskhost.exe [1660:1792] 000007fef8eb2740 Thread C:\Windows\system32\taskhost.exe [1660:1172] 000007fefaa71010 Thread C:\Windows\system32\taskhost.exe [1660:5828] 000007fef8a05170 Thread C:\Windows\Explorer.EXE [1748:3712] 000007fefa792154 Thread C:\Windows\Explorer.EXE [1748:3716] 000007fef7e32118 Thread C:\Windows\Explorer.EXE [1748:4568] 000007fef99f2f9c Thread C:\Windows\Explorer.EXE [1748:4596] 000007fef8653824 Thread C:\Windows\Explorer.EXE [1748:5972] 000007fefaa71010 Thread C:\Windows\Explorer.EXE [1748:5656] 000007fef764a3f8 Thread C:\Windows\Explorer.EXE [1748:168] 000007fef99f2f9c Thread C:\Windows\Explorer.EXE [1748:1840] 000007fef99f2f9c Thread C:\Windows\Explorer.EXE [1748:4348] 000007fee91bf5bc Thread C:\Windows\system32\svchost.exe [2104:5524] 000007fef1058470 Thread C:\Windows\system32\svchost.exe [2104:5528] 000007fef1062418 Thread C:\Windows\system32\svchost.exe [2104:5772] 000007feefd1f130 Thread C:\Windows\system32\svchost.exe [2104:5808] 000007feefd14734 Thread C:\Windows\system32\svchost.exe [2104:3160] 000007feefd14734 Thread C:\Windows\System32\svchost.exe [5244:5460] 000007fef8a05170 Thread C:\Windows\System32\svchost.exe [5244:868] 000007fefa139874 Thread [1480:2884] 0000000077053e85 Thread [1480:648] 0000000077052e65 Thread C:\Windows\System32\svchost.exe [1824:5052] 000007fee9429688 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{C64527B3-0742-4BB5-A215-C7F0F8FF2CBA}\Connection@Name isatap.{20FCC2EC-EEA4-4719-9D82-6F04A4B34D5F} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{5501F78A-6B08-4637-A9BC-D7B07BBAE187}?\Device\{45A807D2-EA0D-4F4A-81E5-64FF62EFE18C}?\Device\{C64527B3-0742-4BB5-A215-C7F0F8FF2CBA}?\Device\{9C6D0519-8E0C-47F4-8141-1567B4C82ABA}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{5501F78A-6B08-4637-A9BC-D7B07BBAE187}"?"{45A807D2-EA0D-4F4A-81E5-64FF62EFE18C}"?"{C64527B3-0742-4BB5-A215-C7F0F8FF2CBA}"?"{9C6D0519-8E0C-47F4-8141-1567B4C82ABA}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{5501F78A-6B08-4637-A9BC-D7B07BBAE187}?\Device\TCPIP6TUNNEL_{45A807D2-EA0D-4F4A-81E5-64FF62EFE18C}?\Device\TCPIP6TUNNEL_{C64527B3-0742-4BB5-A215-C7F0F8FF2CBA}?\Device\TCPIP6TUNNEL_{9C6D0519-8E0C-47F4-8141-1567B4C82ABA}? Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{C64527B3-0742-4BB5-A215-C7F0F8FF2CBA}@InterfaceName isatap.{20FCC2EC-EEA4-4719-9D82-6F04A4B34D5F} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{C64527B3-0742-4BB5-A215-C7F0F8FF2CBA}@ReusableType 0 ---- Files - GMER 2.1 ---- File C:\Users\szary\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00013f 0 bytes File C:\Users\szary\AppData\Local\Google\Chrome\User Data\Default\File System\001\p\Paths\000032.log 0 bytes File C:\Users\szary\AppData\Local\Google\Chrome\User Data\Default\File System\001\p\Paths\MANIFEST-000031 0 bytes File C:\Users\szary\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\000346.log 0 bytes File C:\Users\szary\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\MANIFEST-000345 0 bytes ---- EOF - GMER 2.1 ----