GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-06-17 23:01:14 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB Running: lz7fkuil.exe; Driver: C:\Users\UZYTKO~1\AppData\Local\Temp\pxrdypoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1916] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074d7cfca 5 bytes JMP 0000000172954bb0 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d21465 2 bytes [D2, 74] .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d214bb 2 bytes [D2, 74] .text ... * 2 .text C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1252] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074d7cfca 5 bytes JMP 0000000172954bb0 .text C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d21465 2 bytes [D2, 74] .text C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d214bb 2 bytes [D2, 74] .text ... * 2 .text C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2196] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074d7cfca 5 bytes JMP 0000000172954bb0 .text C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d21465 2 bytes [D2, 74] .text C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d214bb 2 bytes [D2, 74] .text ... * 2 .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe[2328] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074d7cfca 5 bytes JMP 0000000172954bb0 .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d21465 2 bytes [D2, 74] .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d214bb 2 bytes [D2, 74] .text ... * 2 .text C:\Users\Uzytkownik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2216] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074d7cfca 5 bytes JMP 0000000172954bb0 .text C:\Users\Uzytkownik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d21465 2 bytes [D2, 74] .text C:\Users\Uzytkownik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d214bb 2 bytes [D2, 74] .text ... * 2 .text C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[1040] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074d7cfca 5 bytes JMP 0000000172954bb0 .text C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[1040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d21465 2 bytes [D2, 74] .text C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[1040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d214bb 2 bytes [D2, 74] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3096] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074d7cfca 5 bytes JMP 0000000172954bb0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d21465 2 bytes [D2, 74] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d214bb 2 bytes [D2, 74] .text ... * 2 .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3112] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074d7cfca 5 bytes JMP 0000000172954bb0 .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d21465 2 bytes [D2, 74] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d214bb 2 bytes [D2, 74] .text ... * 2 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3144] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074d7cfca 5 bytes JMP 0000000172954bb0 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d21465 2 bytes [D2, 74] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d214bb 2 bytes [D2, 74] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3152] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074d7cfca 5 bytes JMP 0000000172954bb0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d21465 2 bytes [D2, 74] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d214bb 2 bytes [D2, 74] .text ... * 2 .text C:\Program Files (x86)\McAfee Security Scan\3.0.318\McUicnt.exe[3688] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074d7cfca 5 bytes JMP 0000000172954bb0 .text C:\Program Files (x86)\McAfee Security Scan\3.0.318\McUicnt.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d21465 2 bytes [D2, 74] .text C:\Program Files (x86)\McAfee Security Scan\3.0.318\McUicnt.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d214bb 2 bytes [D2, 74] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3000] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074d7cfca 5 bytes JMP 0000000172954bb0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d21465 2 bytes [D2, 74] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d214bb 2 bytes [D2, 74] .text ... * 2 .text C:\Users\Uzytkownik\Desktop\lz7fkuil.exe[1644] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074d7cfca 5 bytes JMP 0000000172954bb0 .text C:\Users\Uzytkownik\Desktop\lz7fkuil.exe[1644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d21465 2 bytes [D2, 74] .text C:\Users\Uzytkownik\Desktop\lz7fkuil.exe[1644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d214bb 2 bytes [D2, 74] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3796:3864] 000007fefb0a2a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3796:1452] 000007feea49d618 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cedde698830 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cedde698830 (not active ControlSet) ---- EOF - GMER 2.1 ----