GMER 2.1.19155 - http://www.gmer.net Rootkit scan 2013-03-12 00:02:29 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932032 rev.0003 298,09GB Running: 2iqzul2v.exe; Driver: C:\Users\Tusek\AppData\Local\Temp\fwddykog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1248] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000755787b1 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1248] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075061465 2 bytes [06, 75] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1248] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000750614bb 2 bytes [06, 75] .text ... * 2 .text C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075061465 2 bytes [06, 75] .text C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750614bb 2 bytes [06, 75] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[2360] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000071451a22 2 bytes [45, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[2360] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000071451ad0 2 bytes [45, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[2360] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000071451b08 2 bytes [45, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[2360] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000071451bba 2 bytes [45, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[2360] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000071451bda 2 bytes [45, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075061465 2 bytes [06, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750614bb 2 bytes [06, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075061465 2 bytes [06, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750614bb 2 bytes [06, 75] .text ... * 2 .text C:\Windows\AsScrPro.exe[3900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075061465 2 bytes [06, 75] .text C:\Windows\AsScrPro.exe[3900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750614bb 2 bytes [06, 75] .text ... * 2 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075061465 2 bytes [06, 75] .text C:\Program Files (x86)\uTorrent\uTorrent.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750614bb 2 bytes [06, 75] .text ... * 2 .text C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[4724] C:\Windows\syswow64\USER32.dll!GetMenu + 412 0000000074b551dd 7 bytes JMP 00000001003abe30 .text C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[4724] C:\Windows\syswow64\USER32.dll!PeekMessageA + 407 0000000074b5610b 7 bytes JMP 00000001003abf70 .text C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[4724] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW + 131 0000000074b5c6c1 7 bytes JMP 00000001003abf50 .text C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[4724] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA + 199 0000000074b9fc98 7 bytes JMP 00000001003abfc0 .text C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[4724] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW + 52 0000000074b9fcd1 7 bytes JMP 00000001003ac090 .text C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[4724] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 31 0000000074b9fcf5 7 bytes JMP 00000001003ac040 .text C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[4724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075061465 2 bytes [06, 75] .text C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[4724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750614bb 2 bytes [06, 75] .text ... * 2 .text C:\Users\Tusek\AppData\Roaming\Yontoo\YontooDesktop.exe[5140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075061465 2 bytes [06, 75] .text C:\Users\Tusek\AppData\Roaming\Yontoo\YontooDesktop.exe[5140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750614bb 2 bytes [06, 75] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075061465 2 bytes [06, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750614bb 2 bytes [06, 75] .text ... * 2 ---- Devices - GMER 2.1 ---- Device \Driver\WudfPf \Device\HostProcess-593a2d55-b962-4cca-aa42-196784801397 fffff88009be8910 Device \Driver\WudfPf \Device\WUDFLpcDevice fffff88009be8910 Device \Driver\WudfPf \Device\HostProcess-d0bc705c-ce5a-4bfd-a12c-1290560f75bc fffff88009be8910 Device \Driver\WUDFRd \Device\UMDFCtrlDev-2478eb7c-8a99-11e2-8c4f-742f68c69fa4 fffff880088053f4 Device \Driver\WudfPf \Device\HostProcess-41a2d57b-4d0a-4483-9389-a89349e51a83 fffff88009be8910 Device \Driver\WudfPf \Device\HostProcess-9f4dcde2-fdd2-4f1e-807d-ff795b92cfd2 fffff88009be8910 Device \Driver\WudfPf \Device\ProcessManagement fffff88009be8910 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{74BAD063-680B-4425-AC99-C0C80F6BCB53}\Connection@Name Reusable ISATAP Interface {74BAD063-680B-4425-AC99-C0C80F6BCB53} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{FB781144-B8B4-4D15-A995-0B6BED7A7FF4}\Connection@Name Reusable Microsoft 6To4 Adapter Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{86FEB63E-2E1E-4FDC-B6DD-F10680C9831E}?\Device\{3D4CC2BF-4AA4-440F-B723-F1968B9C23DF}?\Device\{00A627A1-6858-4325-ADFB-B2297620BD32}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{86FEB63E-2E1E-4FDC-B6DD-F10680C9831E}"?"{3D4CC2BF-4AA4-440F-B723-F1968B9C23DF}"?"{00A627A1-6858-4325-ADFB-B2297620BD32}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{86FEB63E-2E1E-4FDC-B6DD-F10680C9831E}?\Device\TCPIP6TUNNEL_{3D4CC2BF-4AA4-440F-B723-F1968B9C23DF}?\Device\TCPIP6TUNNEL_{00A627A1-6858-4325-ADFB-B2297620BD32}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68c69fa4 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\6To4\{FB781144-B8B4-4D15-A995-0B6BED7A7FF4}@InterfaceName Reusable Microsoft 6To4 Adapter Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\6To4\{FB781144-B8B4-4D15-A995-0B6BED7A7FF4}@ReusableType 1 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{74BAD063-680B-4425-AC99-C0C80F6BCB53}@InterfaceName Reusable ISATAP Interface {74BAD063-680B-4425-AC99-C0C80F6BCB53} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{74BAD063-680B-4425-AC99-C0C80F6BCB53}@ReusableType 1 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\00-00-00-00-00-00@ClientLocalPort 61424 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\00-00-00-00-00-00@TeredoAddress 2001:0:5ef5:79fb:4a1:100f:e050:2bc9 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 5621 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 2479 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{543C270E-403F-489B-A4AF-A8E125A67F78}@DhcpIPAddress 31.175.212.54 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{543C270E-403F-489B-A4AF-A8E125A67F78}@NameServer 89.108.195.20 89.108.202.20 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68c69fa4 (not active ControlSet) ---- Files - GMER 2.1 ---- File C:\Windows\Temp\httD5C5.tmp 0 bytes ---- EOF - GMER 2.1 ----