GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-10-19 16:34:56 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000068 ST2000DM rev.CC4B 1863,02GB Running: new7euj3.exe; Driver: C:\Users\Pawel\AppData\Local\Temp\pgloapow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Pakiet Bezpieczenstwa UPC\apps\CCF_Reputation\fsorsp.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f11465 2 bytes [F1, 74] .text C:\Program Files (x86)\Pakiet Bezpieczenstwa UPC\apps\CCF_Reputation\fsorsp.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f114bb 2 bytes [F1, 74] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[2652] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000070ba1a22 2 bytes [BA, 70] .text C:\Windows\SysWOW64\PnkBstrA.exe[2652] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000070ba1ad0 2 bytes [BA, 70] .text C:\Windows\SysWOW64\PnkBstrA.exe[2652] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000070ba1b08 2 bytes [BA, 70] .text C:\Windows\SysWOW64\PnkBstrA.exe[2652] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000070ba1bba 2 bytes [BA, 70] .text C:\Windows\SysWOW64\PnkBstrA.exe[2652] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000070ba1bda 2 bytes [BA, 70] .text C:\Windows\SysWOW64\PnkBstrA.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f11465 2 bytes [F1, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f114bb 2 bytes [F1, 74] .text ... * 2 .text D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3168] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 69 0000000074f11465 2 bytes [F1, 74] .text D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3168] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 155 0000000074f114bb 2 bytes [F1, 74] .text ... * 2 ---- Processes - GMER 2.1 ---- Process C:\Users\Pawel\AppData\Roaming\HTThread\hb.exe (*** suspicious ***) @ C:\Users\Pawel\AppData\Roaming\HTThread\hb.exe [2244](2014-10-07 15 0000000000400000 Library C:\Users\Pawel\AppData\Roaming\HTThread\sub\default.dll (*** suspicious ***) @ C:\Users\Pawel\AppData\Roaming\HTThread\hb.exe [2244](2014-10-07 15:14:45) 0000000001f00000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015831861ee Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015831861ee (not active ControlSet) ---- Files - GMER 2.1 ---- File C:\ProgramData\Microsoft\Windows Defender\Scans\FailTelemetry 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\FailTelemetry\6CDDD4C1D1F2D44E85872B211A9754D8 0 bytes File C:\Users\Pawel\AppData\Local\Temp\~DFE141D0EB373AA29F.TMP 0 bytes ---- EOF - GMER 2.1 ----