GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2014-01-05 18:30:57 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM320JI rev.2SS00_01 298,09GB Running: 8jz3hkou.exe; Driver: C:\Users\Git\AppData\Local\Temp\pwlorkob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[496] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4eecd 1 byte [62] .text C:\Windows\system32\services.exe[552] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[692] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4eecd 1 byte [62] .text C:\Windows\system32\winlogon.exe[736] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4eecd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[796] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[956] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[984] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1008] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1096] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4eecd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1292] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4eecd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1300] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4eecd 1 byte [62] .text C:\ProgramData\WPM\wprotectmanager.exe[1572] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007662a2ba 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1676] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1736] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4eecd 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007662a2ba 1 byte [62] .text C:\Windows\system32\svchost.exe[1884] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4eecd 1 byte [62] .text C:\Windows\system32\taskhost.exe[2900] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4eecd 1 byte [62] .text C:\Windows\Explorer.EXE[3008] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4eecd 1 byte [62] .text C:\Users\Git\AppData\Local\FluxSoftware\Flux\flux.exe[3088] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007662a2ba 1 byte [62] .text C:\Users\Git\AppData\Local\FluxSoftware\Flux\flux.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076711465 2 bytes [71, 76] .text C:\Users\Git\AppData\Local\FluxSoftware\Flux\flux.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767114bb 2 bytes [71, 76] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[3112] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4eecd 1 byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3200] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4eecd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4eecd 1 byte [62] .text D:\Programy_64\Avast\AvastUI.exe[3680] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007662a2ba 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3288] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007662a2ba 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076711465 2 bytes [71, 76] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767114bb 2 bytes [71, 76] .text ... * 2 .text C:\Windows\notepad.exe[1132] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4eecd 1 byte [62] .text C:\Windows\notepad.exe[4812] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4eecd 1 byte [62] .text C:\Windows\system32\AUDIODG.EXE[4612] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4eecd 1 byte [62] .text C:\Windows\system32\notepad.exe[2428] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4eecd 1 byte [62] .text C:\Windows\system32\notepad.exe[2660] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4eecd 1 byte [62] .text C:\Users\Git\Downloads\8jz3hkou.exe[4760] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007662a2ba 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3200:4620] 000007fefae32a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3200:4632] 000007feeef9d618 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3200:4748] 000007fef81d5124 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cd05b5e Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{1D78F0A6-93A6-4099-B4EC-16C587D2021D}@InterfaceName isatap.{262D52E0-2817-4492-88D9-7BD038592655} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{1D78F0A6-93A6-4099-B4EC-16C587D2021D}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 3925 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cd05b5e (not active ControlSet) ---- EOF - GMER 2.1 ----