GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-03-25 14:05:26 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9320325AS rev.0001SDM1 298,09GB Running: 5iudx3lz.exe; Driver: C:\Users\Pistan\AppData\Local\Temp\uxdiykob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\SysWOW64\PnkBstrA.exe[2560] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073c91a22 2 bytes [C9, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2560] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073c91ad0 2 bytes [C9, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2560] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073c91b08 2 bytes [C9, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2560] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073c91bba 2 bytes [C9, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2560] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073c91bda 2 bytes [C9, 73] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2724] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000759e1465 2 bytes [9E, 75] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2724] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000759e14bb 2 bytes [9E, 75] .text ... * 2 ---- Processes - GMER 2.1 ---- Process C:\Users\Pistan\AppData\Local\Temp\RtkBtMnt.exe (*** suspicious ***) @ C:\Users\Pistan\AppData\Local\Temp\RtkBtMnt.exe [2620] (Realtek HD Audio Data Rerouter/Realtek Semiconductor Corp.)(2013-06-17 06:38:22) 0000000140000000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00265eb11fec Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00265eb11fec@28987bec1b07 0x65 0x41 0xCC 0x8A ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00265eb11fec@2222b4c6ebfc 0x2D 0x3A 0x69 0x86 ... Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\74-ea-3a-c9-7c-9c@ClientLocalPort 63308 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\74-ea-3a-c9-7c-9c@TeredoAddress 2001:0:5ef5:79fd:3c4d:707d:a723:76b1 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 94610 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 49074 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5C 0xDB 0x96 0xA3 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00265eb11fec (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00265eb11fec@28987bec1b07 0x65 0x41 0xCC 0x8A ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00265eb11fec@2222b4c6ebfc 0x2D 0x3A 0x69 0x86 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5C 0xDB 0x96 0xA3 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ ---- Files - GMER 2.1 ---- File C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\NCW\performance.db-journal 1161832 bytes ---- EOF - GMER 2.1 ----