GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-09-07 22:40:09 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GJ00 298,09GB Running: uqnt9jj7.exe; Driver: C:\Users\Alicja\AppData\Local\Temp\kwrdypoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[532] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718f1fd 1 byte [62] .text C:\Windows\system32\services.exe[592] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718f1fd 1 byte [62] .text C:\Windows\system32\lsass.exe[616] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718f1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[720] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718f1fd 1 byte [62] .text C:\Windows\system32\winlogon.exe[788] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718f1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[860] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718f1fd 1 byte [62] .text C:\Windows\System32\svchost.exe[924] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718f1fd 1 byte [62] .text C:\Windows\System32\svchost.exe[960] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718f1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[1020] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718f1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[508] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718f1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[1008] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718f1fd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718f1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718f1fd 1 byte [62] .text C:\Windows\Explorer.EXE[1528] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718f1fd 1 byte [62] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1660] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007570b0c5 1 byte [62] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[1408] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007570b0c5 1 byte [62] .text C:\Windows\system32\svchost.exe[1828] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718f1fd 1 byte [62] .text C:\Windows\System32\svchost.exe[2072] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718f1fd 1 byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2132] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718f1fd 1 byte [62] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2184] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007570b0c5 1 byte [62] .text C:\Windows\System32\hkcmd.exe[2596] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718f1fd 1 byte [62] .text C:\Windows\system32\taskeng.exe[2704] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718f1fd 1 byte [62] .text C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe[2792] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007570b0c5 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2824] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718f1fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3012] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007570b0c5 1 byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[3020] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718f1fd 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718f1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[3364] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718f1fd 1 byte [62] .text C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe[3536] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007570b0c5 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3800] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007570b0c5 1 byte [62] .text C:\Program Files\AVAST Software\Avast\avastui.exe[3848] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000756ed03c 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[3848] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007570b0c5 1 byte [62] .text C:\Windows\system32\svchost.exe[2772] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718f1fd 1 byte [62] .text C:\Users\Alicja\Desktop\uqnt9jj7.exe[4192] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007570b0c5 1 byte [62] ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{014E9F4C-B024-4CB0-BE50-E4080A57C880}@LeaseObtainedTime 1410119433 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{014E9F4C-B024-4CB0-BE50-E4080A57C880}@T1 1410123033 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{014E9F4C-B024-4CB0-BE50-E4080A57C880}@T2 1410125733 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{014E9F4C-B024-4CB0-BE50-E4080A57C880}@LeaseTerminatesTime 1410126633 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----