GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-06-04 13:24:11
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB
Running: 173vf3xu.exe; Driver: C:\Users\R7BIUR~1\AppData\Local\Temp\axldrpog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                     fffff80002fb5000 52 bytes [FF, FF, FF, FF, FF, FF, FF, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 582                                                                                     fffff80002fb5036 27 bytes [FF, FF, FF, FF, FF, FF, FF, ...]

---- User code sections - GMER 2.1 ----

?         C:\Windows\system32\mssprxy.dll [1744] entry point in ".rdata" section                                                                                 00000000720571e6
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000773d1465 2 bytes [3D, 77]
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000773d14bb 2 bytes [3D, 77]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69           00000000773d1465 2 bytes [3D, 77]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155          00000000773d14bb 2 bytes [3D, 77]
.text     ...                                                                                                                                                    * 2
.text     C:\Users\R7 biuro\Desktop\Downloads\OTL.exe[1436] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69                                              00000000773d1465 2 bytes [3D, 77]
.text     C:\Users\R7 biuro\Desktop\Downloads\OTL.exe[1436] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155                                             00000000773d14bb 2 bytes [3D, 77]
.text     ...                                                                                                                                                    * 2

---- Threads - GMER 2.1 ----

Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [460:2792]                                                                                  0000000075727587
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [460:2536]                                                                                  0000000075067712
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [460:2924]                                                                                  0000000077c72e65
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [460:912]                                                                                   0000000077c73e85
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [460:1924]                                                                                  0000000077c73e85

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch                                                                                       2731

---- EOF - GMER 2.1 ----