GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-05-02 21:25:27 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EZRX-00A8LB0 rev.01.01A01 931,51GB Running: irh5lhwz.exe; Driver: C:\Users\PAFE~1\AppData\Local\Temp\kwddrkog.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[688] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007776eecd 1 byte [62] .text C:\Windows\system32\services.exe[744] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007776eecd 1 byte [62] .text C:\Windows\system32\winlogon.exe[836] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007776eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[916] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007776eecd 1 byte [62] .text C:\Windows\system32\atiesrxx.exe[368] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007776eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[628] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007776eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[712] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007776eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[156] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007776eecd 1 byte [62] .text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 000000007776eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1160] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007776eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1312] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007776eecd 1 byte [62] .text C:\Windows\Explorer.EXE[1712] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007776eecd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1856] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007776eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1884] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007776eecd 1 byte [62] .text C:\Windows\system32\taskhost.exe[1912] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007776eecd 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1476] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007776eecd 1 byte [62] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[1540] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007776eecd 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2068] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007707a30a 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2212] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007707a30a 1 byte [62] .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2320] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007776eecd 1 byte [62] .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2344] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007707a30a 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[2396] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007707a30a 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[2396] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000075321a22 2 bytes [32, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2396] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000075321ad0 2 bytes [32, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2396] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000075321b08 2 bytes [32, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2396] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000075321bba 2 bytes [32, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2396] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000075321bda 2 bytes [32, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f61465 2 bytes [F6, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f614bb 2 bytes [F6, 76] .text ... * 2 .text C:\Windows\system32\svchost.exe[2476] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007776eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[2512] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007776eecd 1 byte [62] .text C:\Program Files\Windows Sidebar\sidebar.exe[2796] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007776eecd 1 byte [62] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2940] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007707a30a 1 byte [62] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f61465 2 bytes [F6, 76] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f614bb 2 bytes [F6, 76] .text ... * 2 .text C:\Program Files (x86)\Clownfish\Clownfish.exe[3260] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007707a30a 1 byte [62] .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3568] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007776eecd 1 byte [62] .text C:\Windows\SysWOW64\DllHost.exe[3696] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007707a30a 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3832] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007707a30a 1 byte [62] .text C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe[3208] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007707a30a 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3476] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007707a30a 1 byte [62] .text C:\Windows\system32\svchost.exe[5060] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007776eecd 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[4276] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007776eecd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5696] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007707a30a 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5688] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007707a30a 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2984] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007707a30a 1 byte [62] .text C:\Users\Pafeł\Downloads\irh5lhwz.exe[3100] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007707a30a 1 byte [62] ---- Files - GMER 2.1 ---- File C:\Users\Pafeł\AppData\Local\Temp\tmp7E5.tmp 0 bytes ---- EOF - GMER 2.1 ----