GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-03-08 09:21:38 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD155UI rev.1AQ10001 1397,26GB Running: ge94i7x0.exe; Driver: C:\Users\Tadek\AppData\Local\Temp\kwddykog.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2720] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074b32aa4 3 bytes JMP 00000000733e7d1d .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2720] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 4 0000000074b32aa8 1 byte [FE] .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2720] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074b32d0a 3 bytes JMP 00000000733e7d87 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2720] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary + 4 0000000074b32d0e 1 byte [FE] .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075591465 2 bytes [59, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755914bb 2 bytes [59, 75] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[2748] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000074241a22 2 bytes [24, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2748] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000074241ad0 2 bytes [24, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2748] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000074241b08 2 bytes [24, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2748] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000074241bba 2 bytes [24, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2748] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000074241bda 2 bytes [24, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075591465 2 bytes [59, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755914bb 2 bytes [59, 75] .text ... * 2 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015830a2b14 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015830a2b14@002403be6de4 0x8C 0x6D 0x8C 0xCB ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015830a2b14 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015830a2b14@002403be6de4 0x8C 0x6D 0x8C 0xCB ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{71739B86-81B5-CD8B-4EB9-4BA8AD00420F} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{71739B86-81B5-CD8B-4EB9-4BA8AD00420F}@oajkkecgjikpggbmeigdkkpbkmpigj 0x69 0x61 0x65 0x6E ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{71739B86-81B5-CD8B-4EB9-4BA8AD00420F}@padkehajkeeehihlcijknbopnlgijhao 0x69 0x61 0x65 0x6E ... ---- EOF - GMER 2.2 ----