GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-05-07 16:40:27 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD103SJ rev.1AJ10001 931,51GB Running: bhcjkfkm.exe; Driver: C:\Users\Piotr\AppData\Local\Temp\awrdrkog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031c0000 45 bytes [00, 00, 16, 02, 4E, 74, 66, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800031c002f 10 bytes [00, 01, 00, 06, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[600] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077abef8d 1 byte [62] .text C:\Windows\system32\services.exe[664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077abef8d 1 byte [62] .text C:\Windows\system32\winlogon.exe[720] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077abef8d 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077abef8d 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[936] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000763aa2fd 1 byte [62] .text C:\Windows\System32\svchost.exe[496] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077abef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[608] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077abef8d 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1284] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077abef8d 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1292] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077abef8d 1 byte [62] .text C:\Windows\Explorer.EXE[1452] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077abef8d 1 byte [62] .text C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe[1792] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000763aa2fd 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000763aa2fd 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000075541a22 2 bytes [54, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000075541ad0 2 bytes [54, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000075541b08 2 bytes [54, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000075541bba 2 bytes [54, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000075541bda 2 bytes [54, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f51465 2 bytes [F5, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f514bb 2 bytes [F5, 75] .text ... * 2 .text C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[1144] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000763aa2fd 1 byte [62] .text C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[1144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f51465 2 bytes [F5, 75] .text C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[1144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f514bb 2 bytes [F5, 75] .text ... * 2 .text C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe[1536] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000763aa2fd 1 byte [62] .text C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe[2856] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077abef8d 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2148] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077abef8d 1 byte [62] .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[212] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000763aa2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe[1540] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000763aa2fd 1 byte [62] .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2604] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000763aa2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2832] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000763aa2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[1052] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000763aa2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2600] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076388791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2600] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000763aa2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3076] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000763aa2fd 1 byte [62] .text C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe[2136] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000763aa2fd 1 byte [62] .text C:\Users\Piotr\Desktop\bhcjkfkm.exe[4084] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000763aa2fd 1 byte [62] ---- EOF - GMER 2.1 ----