GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-02 07:42:06 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EACS-22D6B0 rev.01.01A01 931,51GB Running: 8uu45f88.exe; Driver: C:\Users\Mateusz\AppData\Local\Temp\kwxiikog.sys ---- System - GMER 2.1 ---- Subsystem C:\Windows\system32\consrv.dll suspicious ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa80066e22c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa80066e22c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa80066e22c0 Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-5 fffffa80066e22c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa80066e22c0 Device \Driver\atapi \Device\Ide\IdePort3 fffffa80066e22c0 Device \Driver\ad1rsavn \Device\Scsi\ad1rsavn1Port4Path0Target0Lun0 fffffa80086e52c0 Device \Driver\ad1rsavn \Device\Scsi\ad1rsavn1 fffffa80086e52c0 Device \FileSystem\Ntfs \Ntfs fffffa80066e62c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\ad1rsavn.SYS fffff88013251000-fffff880132a2000 (331776 bytes) ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [488:540] 00000000001f133c Thread C:\Windows\system32\svchost.exe [604:3508] 0000000000e01208 ---- Processes - GMER 2.1 ---- Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\csrss.exe [488] 000007fefd140000 Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\wininit.exe [552] 000007fefd140000 Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [612] 000007fefd140000 Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [632] 000007fefd140000 Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [932] 000007fefd140000 Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [264] 000007fefd140000 Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [604] 000007fefd140000 Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Przyspiesz Komputer\PCSUService.exe [1176] 0000000074040000 Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1380] 000007fefd140000 Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1680] 000007fefd140000 Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1772] 000007fefd140000 Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2532] 000007fefd140000 Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2616] 0000000074040000 Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files\VDownloader\VDownloader.exe [2796] 000007fefd140000 Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Origin\Origin.exe [3004] 0000000074040000 Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [2176] 000007fefd140000 Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\LOLReplay\LOLRecorder.exe [1016] 0000000074040000 Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Windows\SysWOW64\PnkBstrA.exe [3304] 0000000074040000 Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [4592] 000007fefd140000 Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [3212] 000007fefd140000 Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Skype\Phone\Skype.exe [6796] 0000000074040000 Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [3412] 0000000074040000 Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [4580] 0000000074040000 Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Java\jre7\bin\javaw.exe [6720] 0000000074040000 ---- EOF - GMER 2.1 ----