GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-11-18 19:57:12 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1 465,76GB Running: 4sw04ohg.exe; Driver: C:\Users\STRONA~1\AppData\Local\Temp\pxrdypoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077591465 2 bytes [59, 77] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775914bb 2 bytes [59, 77] .text ... * 2 .text C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe[2900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077591465 2 bytes [59, 77] .text C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe[2900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775914bb 2 bytes [59, 77] .text ... * 2 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2388] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075ba8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077591465 2 bytes [59, 77] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775914bb 2 bytes [59, 77] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077591465 2 bytes [59, 77] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775914bb 2 bytes [59, 77] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[3232] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072551a22 2 bytes [55, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[3232] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072551ad0 2 bytes [55, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[3232] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072551b08 2 bytes [55, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[3232] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072551bba 2 bytes [55, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[3232] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072551bda 2 bytes [55, 72] .text C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe[3312] C:\Windows\syswow64\kernel32.dll!CreateThread + 28 0000000075ba34b1 4 bytes {CALL 0xffffffff8a8acc50} .text C:\Windows\SysWOW64\RunDll32.exe[5824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077591465 2 bytes [59, 77] .text C:\Windows\SysWOW64\RunDll32.exe[5824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775914bb 2 bytes [59, 77] .text ... * 2 .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077591465 2 bytes [59, 77] .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775914bb 2 bytes [59, 77] .text ... * 2 .text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[3376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077591465 2 bytes [59, 77] .text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[3376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775914bb 2 bytes [59, 77] .text ... * 2 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3168] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077b4c4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3168] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077b51287 5 bytes JMP 00000001000303fc ---- Threads - GMER 2.1 ---- Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [4944:6832] 00000000059ba979 ---- Processes - GMER 2.1 ---- Library C:\Users\strona ogolna\AppData\Roaming\moters\supna.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1652](2014-10-07 20:27:50) 000007fef7310000 Library C:\Users\strona ogolna\AppData\Roaming\moters\supna.dll (*** suspicious ***) @ C:\Program Files\Internet Explorer\IEXPLORE.EXE [7788](2014-10-07 20:27:50) 000007fef7310000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cedde68bc62 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cedde68bc62@ac932f346651 0x78 0x5A 0x54 0xC2 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cedde68bc62@8c3ae3c84ac9 0x17 0x17 0x7D 0xEC ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cedde68bc62@2054760ffdf3 0x9B 0xEF 0x90 0x84 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cedde68bc62@08fd0e576ddb 0x6D 0xAE 0x34 0x1F ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cedde68bc62 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cedde68bc62@ac932f346651 0x78 0x5A 0x54 0xC2 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cedde68bc62@8c3ae3c84ac9 0x17 0x17 0x7D 0xEC ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cedde68bc62@2054760ffdf3 0x9B 0xEF 0x90 0x84 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cedde68bc62@08fd0e576ddb 0x6D 0xAE 0x34 0x1F ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore@Count 1067 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.1 ---- File C:\Users\strona ogolna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q65ZN34F\access[1].dat 2293760 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\B83F2B9807B0B326CBB70B97CF2AFB4FA295A2E9 0 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\F72744D7B549FEAD9AC6E38DCC19EA7B03FC11CA 0 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\9BFD72FA890EDCBE4AAD44BB1A8155858879337F 0 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\AB15DC67A5B929EB2A4EC7FF83A264527B6107EF 0 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\90A1FF8A7E2D5CE663FA04048D48FB436A7ED585 0 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\F88FDAEB775A9A9F39495C97899A36D67AC23D1C 33715 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\A4A5569F367CE64065DC6A2B0D66FD72A1602CD4 19793 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\A8FC65F21EC6D8AF18B048407506C738516EA938 16229 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\FF127D1BB2D8A5C72AF7C81B8B549CB4330533E7 37470 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\15812E72CB7582AD036CA55B81FEC4B6818538AC 1251 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\05B5FC1F892CE0A429124DFDD4DB941CBF3BC8DA 15988 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\1A2C9547A1AE817AE88D1DEA30765B03B26AB681 12217 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\C5DC35EEFF9E4F55F033B42654B4DF3D2A7641D3 10455 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\DBAF96002D97328A5AE4DC62B33F4CD10166BE72 4073 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\7D1E4581F1ED48FD0BFAA06EEAD148251E9C24AB 5057 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\48AA43C57C06756DB35ACC0C291CD230F688FD1C 4548 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\2F4AC2C5E4E6CA6858A893C96F6D5F4A8228E936 5500 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\7C7F5ED369FE8CAD9A5BF7AFCC20AE0DD8A5A982 0 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\D55D190FD30F1F1A219C53BEB6DF00551923B557 0 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\888574FF34F266A495D717EEE393C5A045830016 0 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\0F52DE02D116CB96F8EFBC9BD3BBD112F8E2C4DB 0 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\0E20D4E458068920B0FD3C40A5752B531578A93B 10702 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\313DC063861F0B65098C3BAD2A65A0DE62BCAE3D 1998 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\E952B8B50988E78DAAA347130E4FFA1371604BA3 0 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\E07E0A0DF929412BE06DF32B0A4C76A3DE48BA17 6568 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\C7FC4B334F35BC8886A45A61195F8EB83544C15C 32896 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\FED4005BB1DD58066829411BD74A177C1410B643 460 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\CA7827CE1FAA0E5D6B1E0C4E66389740AC0724B0 12601 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\02CCC0BCFB7AD9241EF0C3518112205505DA1F95 2303 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\EF080FF12A215561AB143866D9707E9B253CC018 2387 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\DD2B5A8B406986A0478BE3C329DB6FD1AB8C212A 3335 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\90902695065B933F42C2DDA8939B14EA0E713629 6775 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\57F7211D56332830D0E181EF86A0B12EF6E442D2 5416 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\D91A09CD157BAFD660C17F8CC7FAC3E46200B03E 12125 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\EC0EDA747367FA1B7EAF407E0C9CB70C95A37D00 3837 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\1C238BBABC2CEE8A97FA8D222865EB25AFA19C96 5262 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\3B5924A88684CFA1A144AE497BB4A18A1A7A34DD 12427 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\03DD10100C7CF2E06E5795632F4624158C949A48 735 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\D509566C7836F46D421929099A5E7B0B36124235 3895 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\0CE559188402D756F50E54977A9BE63EE918DDC8 5578 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\8CD61F9D86C93DB408FCCB9A2C0E78084DAAD1B1 4092 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\D34B4516E609DD3C84C86C2D13BF2EC65EBD6C95 0 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\2C7E8B528A25C62616B3E6AE90FC3D0D89DAE48C 686 bytes File C:\Users\strona ogolna\AppData\Local\Mozilla\Firefox\Profiles\u0ejhi95.default\cache2\entries\6A3D652399ECD27ADB8480232A8CB1ACC0B861A4 4706 bytes ---- EOF - GMER 2.1 ----