GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-07-27 21:57:39 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST925031 rev.0008 232,89GB Running: f1vyue44.exe; Driver: C:\Users\ThinkPad\AppData\Local\Temp\axdyrpod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075911465 2 bytes [91, 75] .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759114bb 2 bytes [91, 75] .text ... * 2 .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075911465 2 bytes [91, 75] .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759114bb 2 bytes [91, 75] .text ... * 2 .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075911465 2 bytes [91, 75] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759114bb 2 bytes [91, 75] .text ... * 2 .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2864] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075b487b1 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2864] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075911465 2 bytes [91, 75] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2864] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000759114bb 2 bytes [91, 75] .text ... * 2 .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075911465 2 bytes [91, 75] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759114bb 2 bytes [91, 75] .text ... * 2 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075911465 2 bytes [91, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759114bb 2 bytes [91, 75] .text ... * 2 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3948] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 0000000070ee11a8 2 bytes [EE, 70] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3948] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 0000000070ee13a8 2 bytes [EE, 70] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3948] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000070ee1422 2 bytes [EE, 70] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3948] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000070ee1498 2 bytes [EE, 70] .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3956] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075911465 2 bytes [91, 75] .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3956] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000759114bb 2 bytes [91, 75] .text ... * 2 .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075911465 2 bytes [91, 75] .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759114bb 2 bytes [91, 75] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [3784:976] 000007fee97f9688 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4532:3252] 000007fefc492a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4532:5500] 000007fee9fdd618 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4532:6020] 000007fefa065124 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f74a Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\cc52af4d0eb6 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\cc52af4d0eb6@000761db8026 0xD3 0x2F 0xF9 0x13 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\cc52af4d0eb6@143605284179 0x1D 0xF3 0xCE 0xCA ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f74a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\cc52af4d0eb6 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\cc52af4d0eb6@000761db8026 0xD3 0x2F 0xF9 0x13 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\cc52af4d0eb6@143605284179 0x1D 0xF3 0xCE 0xCA ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----