GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-11-22 18:57:47 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST500LM0 rev.2AR1 465,76GB Running: i9p3ziei.exe; Driver: C:\Users\Maciej\AppData\Local\Temp\kgdiakoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\SysWOW64\lkads.exe[1948] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073201a22 2 bytes [20, 73] .text C:\Windows\SysWOW64\lkads.exe[1948] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073201ad0 2 bytes [20, 73] .text C:\Windows\SysWOW64\lkads.exe[1948] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073201b08 2 bytes [20, 73] .text C:\Windows\SysWOW64\lkads.exe[1948] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073201bba 2 bytes [20, 73] .text C:\Windows\SysWOW64\lkads.exe[1948] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073201bda 2 bytes [20, 73] .text C:\Windows\SysWOW64\lkcitdl.exe[2624] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073201a22 2 bytes [20, 73] .text C:\Windows\SysWOW64\lkcitdl.exe[2624] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073201ad0 2 bytes [20, 73] .text C:\Windows\SysWOW64\lkcitdl.exe[2624] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073201b08 2 bytes [20, 73] .text C:\Windows\SysWOW64\lkcitdl.exe[2624] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073201bba 2 bytes [20, 73] .text C:\Windows\SysWOW64\lkcitdl.exe[2624] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073201bda 2 bytes [20, 73] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2904] C:\Windows\syswow64\USER32.dll!GetMenu + 412 00000000764551dd 7 bytes JMP 000000011003ac50 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2904] C:\Windows\syswow64\USER32.dll!PeekMessageA + 407 000000007645610b 7 bytes JMP 000000011003b000 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2904] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW + 131 000000007645c6c1 7 bytes JMP 000000011003abc0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2904] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA + 199 000000007649fc98 7 bytes JMP 000000011003af50 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2904] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW + 52 000000007649fcd1 7 bytes JMP 000000011003adf0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2904] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 31 000000007649fcf5 7 bytes JMP 000000011003af00 .text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[1752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f01465 2 bytes [F0, 74] .text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[1752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f014bb 2 bytes [F0, 74] .text ... * 2 .text C:\Windows\SysWOW64\lktsrv.exe[2272] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073201a22 2 bytes [20, 73] .text C:\Windows\SysWOW64\lktsrv.exe[2272] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073201ad0 2 bytes [20, 73] .text C:\Windows\SysWOW64\lktsrv.exe[2272] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073201b08 2 bytes [20, 73] .text C:\Windows\SysWOW64\lktsrv.exe[2272] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073201bba 2 bytes [20, 73] .text C:\Windows\SysWOW64\lktsrv.exe[2272] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073201bda 2 bytes [20, 73] ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [2400:2508] 000007fef2db9688 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4796:4992] 000007fefb3c2bf8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4796:5000] 000007feebd24830 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4796:4408] 000007feebca9d90 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4796:3760] 000007feebd24830 Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [4220:1004] 000007fee89cc48c Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [4220:4224] 000007fee89cb064 Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [4220:3420] 000007fee8b77d2c Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [4220:3124] 000007fee89cc48c Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [4220:3016] 000007fee6f5ba5c Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [4220:1188] 000007fee6f5ba5c Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [4220:4888] 000007fee6f5ba5c Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [4220:5596] 000007fee89cc48c Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [4220:2808] 000007fee89cc48c Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [4220:2900] 000007fee89cc48c Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [4220:2936] 000007fee89cc48c Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [4220:4736] 000007fee89cc48c Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [4220:4112] 000007fee89cc48c Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [4220:4944] 000007fee89cc48c Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [4220:2892] 000007fee89cc48c Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [4220:4252] 000007fee89cc48c ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb9cf64c6 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 1268 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb9cf64c6 (not active ControlSet) Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Sterowniki Vaio Win7\AMD Radeon\x2122 HD 7550M7650M Driver.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Sterowniki Vaio Win7\Atheros\xae AR3012 Bluetooth\xae Adapter Update.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Sterowniki Vaio Win7\Atheros\xae AR9485WB-EG Wireless Network Adapter.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Sterowniki Vaio Win7\Intel\xae 7 Series Chipset Family SATA AHCI Controller.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Sterowniki Vaio Win7\Intel\xae Chipset Driver.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Sterowniki Vaio Win7\Intel\xae HD Graphics Family Driver.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Sterowniki Vaio Win7\Intel\xae Management Engine Interface.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Sterowniki Vaio Win7\Intel\xae USB 3.0 eXtensible Host Controller.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Sterowniki Vaio Win7\Realtek\xae High Definition Audio Driver.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Sterowniki Vaio Win7\Realtek\xae PCIE Card Reader Driver.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Sterowniki Vaio Win7\Realtek\xae PCIe GBE Family Controller.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Sterowniki Vaio Win7\Sony\xae Shared Library.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Sterowniki Vaio Win7\Synaptics\xae PS2 Port TouchPad Update.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Sterowniki Vaio Win7\VAIO\xae Smart Network Software.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Sterowniki Vaio Win7\WebCam Companion\xae 4 Software.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Sterowniki Vaio Win7\Wi-Fi Direct\x2122 Support Software.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\ProgramData\National Instruments\Update Service\Installers\NI_20141006_0708\Updates\LabWindows\x2122CVI\x2122 2013 Run-Time Engine f1 Patch 13.0.647\setup.exe 1 ---- EOF - GMER 2.1 ----