GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-02-06 14:07:58 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB Running: dw2m9n8s.exe; Driver: C:\Users\EWA\AppData\Local\Temp\pxlirkog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000757c1465 2 bytes [7C, 75] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757c14bb 2 bytes [7C, 75] .text ... * 2 ---- Processes - GMER 2.1 ---- Process C:\ProgramData\DatacardService\HWDeviceService64.exe (*** suspicious ***) @ C:\ProgramData\DatacardService\HWDeviceService64.exe [1952](2010-11-16 13:38:16) 000000013f9f0000 Process C:\ProgramData\DatacardService\DCSHelper.exe (*** suspicious ***) @ C:\ProgramData\DatacardService\DCSHelper.exe [2172] (DataCardMonitor MFC Application/Huawei Technologies Co., Ltd.)(2010-11-16 13:37:30) 0000000000400000 Process C:\ProgramData\Multimedia mobilNET\OnlineUpdate\ouc.exe (*** suspicious ***) @ C:\ProgramData\Multimedia mobilNET\OnlineUpdate\ouc.exe [2272](2012-06-23 12:32:51) 0000000000400000 Library C:\ProgramData\Multimedia mobilNET\OnlineUpdate\mingwm10.dll (*** suspicious ***) @ C:\ProgramData\Multimedia mobilNET\OnlineUpdate\ouc.exe [2272](2012-06-23 12:32:51) 000000006fbc0000 Library C:\ProgramData\Multimedia mobilNET\OnlineUpdate\libgcc_s_dw2-1.dll (*** suspicious ***) @ C:\ProgramData\Multimedia mobilNET\OnlineUpdate\ouc.exe [2272](2012-06-23 12:32:51) 000000006e940000 Library C:\ProgramData\Multimedia mobilNET\OnlineUpdate\QtCore4.dll (*** suspicious ***) @ C:\ProgramData\Multimedia mobilNET\OnlineUpdate\ouc.exe [2272](2012-06-23 12:32:51) 000000006a1c0000 Library C:\ProgramData\Multimedia mobilNET\OnlineUpdate\QtNetwork4.dll (*** suspicious ***) @ C:\ProgramData\Multimedia mobilNET\OnlineUpdate\ouc.exe [2272](2012-06-23 12:32:51) 000000006ff00000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\9439e5c3ab58 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\9439e5c3ab58@20d6075f690c 0x33 0x2C 0x93 0xF5 ... Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\ccaf78d4af20 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x3C 0x7C 0x70 ... Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE5 0x35 0xF5 0x8B ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e5c3ab58 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e5c3ab58@20d6075f690c 0x33 0x2C 0x93 0xF5 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78d4af20 Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\9439e5c3ab58 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\9439e5c3ab58@20d6075f690c 0x33 0x2C 0x93 0xF5 ... Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\ccaf78d4af20 (not active ControlSet) ---- EOF - GMER 2.1 ----