GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-12-21 13:16:29 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002e HGST_HTS541075A9E680 rev.JA2OA590 698,64GB Running: gmer.exe; Driver: C:\Users\Dominik\AppData\Local\Temp\awldypod.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff96000247700 15 bytes [00, EA, 0F, 02, 00, 7F, 6F, ...] .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff96000247710 11 bytes [00, 1F, FC, FF, 80, 52, DE, ...] ---- User code sections - GMER 2.1 ---- ? C:\Windows\SYSTEM32\BsHelpCSps.dll [1472] entry point in ".data" section 0000000000cf5055 .text C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe[3064] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff1d3f169a 4 bytes [3F, 1D, FF, 7F] .text C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe[3064] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff1d3f16a2 4 bytes [3F, 1D, FF, 7F] .text C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe[3064] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff1d3f181a 4 bytes [3F, 1D, FF, 7F] .text C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe[3064] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff1d3f1832 4 bytes [3F, 1D, FF, 7F] .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\system32\WSOCK32.dll!setsockopt + 194 00007fff145f1f6a 4 bytes [5F, 14, FF, 7F] .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\system32\WSOCK32.dll!setsockopt + 218 00007fff145f1f82 4 bytes [5F, 14, FF, 7F] ? C:\Windows\SYSTEM32\BsHelpCSps.dll [5180] entry point in ".data" section 0000000003455055 ? C:\Windows\SYSTEM32\BlueSoleilCSps.dll [5180] entry point in ".rdata" section 00000000041b4085 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5000] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007fff1d3f169a 4 bytes [3F, 1D, FF, 7F] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5000] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007fff1d3f16a2 4 bytes [3F, 1D, FF, 7F] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5000] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007fff1d3f181a 4 bytes [3F, 1D, FF, 7F] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5000] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007fff1d3f1832 4 bytes [3F, 1D, FF, 7F] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[816] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007fff145f1f6a 4 bytes [5F, 14, FF, 7F] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[816] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007fff145f1f82 4 bytes [5F, 14, FF, 7F] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [536:548] fffff9600099b4d0 Thread C:\WINDOWS\Explorer.EXE [2820:6876] 00007ffefd97d6bc ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----