GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-09-17 13:02:54 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006a OCZ-VECT rev.2.0_ 119,24GB Running: iqi3svcm.exe; Driver: D:\TEMP\pxdoqpow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\PnkBstrA.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771c1465 2 bytes [1C, 77] .text C:\Windows\system32\PnkBstrA.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771c14bb 2 bytes [1C, 77] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [3432] entry point in ".rdata" section 00000000736571e6 ---- Processes - GMER 2.1 ---- Library C:\PROGRA~3\PERFOR~1\PERFOR~2.DLL (*** suspicious ***) @ C:\Windows\system32\rundll32.exe [1940](2014-09-12 00:43:19) 000007fef6ed0000 Library c:\progra~3\perfor~1\perfor~1.dll (*** suspicious ***) @ C:\Windows\SysWOW64\rundll32.exe [2016](2014-09-12 00:43:17) 0000000071900000 Library c:\progra~3\perfor~1\PerformanceOptimizerSvc.dll (*** suspicious ***) @ C:\Windows\SysWOW64\rundll32.exe [2016](2014-09-12 00:43:19) 0000000071880000 Library C:\PROGRA~3\PERFOR~1\PERFOR~2.DLL (*** suspicious ***) @ C:\Windows\system32\RunDll32.exe [3092](2014-09-12 00:43:19) 000007fef6ed0000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{9A1C83A3-A5B4-43FD-B6F3-8C7372B96630}\Connection@Name isatap.{8B8FD79B-9069-4655-BF87-6837E396F285} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{4B74FD1E-BA72-4B85-9B31-EE1094DC5A34}?\Device\{CABEDAF0-1509-4DE4-BEDC-B4F99DB633E5}?\Device\{9A1C83A3-A5B4-43FD-B6F3-8C7372B96630}?\Device\{EE1352F3-7F07-44E4-8ACA-2C79E5032D0A}?\Device\{1E7A1550-E7EC-43A5-9788-2BA58C78DA4C}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{4B74FD1E-BA72-4B85-9B31-EE1094DC5A34}"?"{CABEDAF0-1509-4DE4-BEDC-B4F99DB633E5}"?"{9A1C83A3-A5B4-43FD-B6F3-8C7372B96630}"?"{EE1352F3-7F07-44E4-8ACA-2C79E5032D0A}"?"{1E7A1550-E7EC-43A5-9788-2BA58C78DA4C}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{4B74FD1E-BA72-4B85-9B31-EE1094DC5A34}?\Device\TCPIP6TUNNEL_{CABEDAF0-1509-4DE4-BEDC-B4F99DB633E5}?\Device\TCPIP6TUNNEL_{9A1C83A3-A5B4-43FD-B6F3-8C7372B96630}?\Device\TCPIP6TUNNEL_{EE1352F3-7F07-44E4-8ACA-2C79E5032D0A}?\Device\TCPIP6TUNNEL_{1E7A1550-E7EC-43A5-9788-2BA58C78DA4C}? Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{9A1C83A3-A5B4-43FD-B6F3-8C7372B96630}@InterfaceName isatap.{8B8FD79B-9069-4655-BF87-6837E396F285} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{9A1C83A3-A5B4-43FD-B6F3-8C7372B96630}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 4666 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters@DhcpNameServer 192.168.1.1 ---- Files - GMER 2.1 ---- File C:\Users\DOKUMENTY\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00017d 30544 bytes File C:\Users\DOKUMENTY\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.pl_0.indexeddb.leveldb\000816.log 0 bytes File C:\Users\DOKUMENTY\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.pl_0.indexeddb.leveldb\MANIFEST-000815 78 bytes ---- EOF - GMER 2.1 ----