GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-04-23 22:00:02 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD502HJ rev.1AJ100E4 465,76GB Running: nnvisup2.exe; Driver: C:\Users\Mateusz\AppData\Local\Temp\pwndykoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[536] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007725ef8d 1 byte [62] .text C:\Windows\system32\services.exe[596] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007725ef8d 1 byte [62] .text C:\Windows\system32\winlogon.exe[756] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007725ef8d 1 byte [62] .text C:\Windows\system32\atiesrxx.exe[944] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007725ef8d 1 byte [62] .text C:\Windows\System32\svchost.exe[276] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007725ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[408] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007725ef8d 1 byte [62] .text C:\Windows\Explorer.EXE[1456] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007725ef8d 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1796] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000756da2fd 1 byte [62] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1644] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000756da2fd 1 byte [62] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1644] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076cc1465 2 bytes [CC, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1644] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076cc14bb 2 bytes [CC, 76] .text ... * 2 .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[2380] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000756da2fd 1 byte [62] .text C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe[2436] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000756da2fd 1 byte [62] .text C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe[2436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cc1465 2 bytes [CC, 76] .text C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe[2436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cc14bb 2 bytes [CC, 76] .text ... * 2 .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[2468] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000756da2fd 1 byte [62] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2516] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000756da2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2596] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000756da2fd 1 byte [62] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[2684] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000756da2fd 1 byte [62] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2056] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000756da2fd 1 byte [62] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4404] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725ef8d 1 byte [62] .text C:\Windows\System32\svchost.exe[4768] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007725ef8d 1 byte [62] .text C:\Users\Mateusz\Downloads\nnvisup2.exe[3932] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000756da2fd 1 byte [62] ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDB 0x47 0x3F 0x27 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9C 0x40 0x48 0x87 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDB 0x47 0x3F 0x27 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9C 0x40 0x48 0x87 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... ---- EOF - GMER 2.1 ----