GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2014-01-15 17:59:58 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932032 rev.0003 298,09GB Running: 57sw8shl.exe; Driver: C:\Users\xxx\AppData\Local\Temp\fxddqpob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\SysWOW64\PnkBstrA.exe[1292] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073d01a22 2 bytes [D0, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1292] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073d01ad0 2 bytes [D0, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1292] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073d01b08 2 bytes [D0, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1292] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073d01bba 2 bytes [D0, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1292] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073d01bda 2 bytes [D0, 73] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075551465 2 bytes [55, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755514bb 2 bytes [55, 75] .text ... * 2 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075551465 2 bytes [55, 75] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755514bb 2 bytes [55, 75] .text ... * 2 .text C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe[4916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075551465 2 bytes [55, 75] .text C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe[4916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755514bb 2 bytes [55, 75] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [2760:2052] 000007feefd69688 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{AFDA3748-7E75-47CA-954E-A0F76E2F8D88}\Connection@Name 6TO4 Adapter Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{91D66CCE-A5BB-4365-91B9-002E523E792D}?\Device\{FA51FA25-0F8E-4762-981E-58095A1C55CB}?\Device\{1F97F3AB-045B-4435-9447-583A230D8B33}?\Device\{F44EA78C-CE17-452B-9BFC-EE38C79F3EEA}?\Device\{AFDA3748-7E75-47CA-954E-A0F76E2F8D88}?\Device\{ED0E50CB-94C5-495D-A359-0F766C6DE584}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{91D66CCE-A5BB-4365-91B9-002E523E792D}"?"{FA51FA25-0F8E-4762-981E-58095A1C55CB}"?"{1F97F3AB-045B-4435-9447-583A230D8B33}"?"{F44EA78C-CE17-452B-9BFC-EE38C79F3EEA}"?"{AFDA3748-7E75-47CA-954E-A0F76E2F8D88}"?"{ED0E50CB-94C5-495D-A359-0F766C6DE584}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{91D66CCE-A5BB-4365-91B9-002E523E792D}?\Device\TCPIP6TUNNEL_{FA51FA25-0F8E-4762-981E-58095A1C55CB}?\Device\TCPIP6TUNNEL_{1F97F3AB-045B-4435-9447-583A230D8B33}?\Device\TCPIP6TUNNEL_{F44EA78C-CE17-452B-9BFC-EE38C79F3EEA}?\Device\TCPIP6TUNNEL_{AFDA3748-7E75-47CA-954E-A0F76E2F8D88}?\Device\TCPIP6TUNNEL_{ED0E50CB-94C5-495D-A359-0F766C6DE584}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dbcec5f Reg HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application@Sources MSDMine?DfSdk Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{9ECC0DEF-CA5D-4928-BB59-9D9D3F5A63F8}@NetbiosOptions 2 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 41849 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 18532 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{9ECC0DEF-CA5D-4928-BB59-9D9D3F5A63F8}@DhcpIPAddress 31.175.87.220 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{9ECC0DEF-CA5D-4928-BB59-9D9D3F5A63F8}@NameServer 89.108.195.20 89.108.202.20 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dbcec5f (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\eventlog\Application@Sources MSDMine?DfSdk ---- Files - GMER 2.1 ---- File C:\Users\xxx\AppData\Local\Apps\2.0\CO4OCYVX.CTE\614T18GL.58T\clic...exe_f84b370c827b5c7a_0001.0003_none_f6c59574ff607543\GoogleUpdateSetup.exe (size mismatch) 606360/1724568 bytes executable ---- EOF - GMER 2.1 ----