GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-03-26 21:58:37 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 298,09GB Running: 9000gf9m.exe; Driver: C:\Users\Monika\AppData\Local\Temp\uwdyiuod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\D-Link\D-Link USB Modem\D-LinkMonitor.exe[568] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760c1401 2 bytes JMP 7658b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link\D-Link USB Modem\D-LinkMonitor.exe[568] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760c1419 2 bytes JMP 7658b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link\D-Link USB Modem\D-LinkMonitor.exe[568] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760c1431 2 bytes JMP 76608ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link\D-Link USB Modem\D-LinkMonitor.exe[568] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760c144a 2 bytes CALL 765648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\D-Link\D-Link USB Modem\D-LinkMonitor.exe[568] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760c14dd 2 bytes JMP 766087a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link\D-Link USB Modem\D-LinkMonitor.exe[568] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760c14f5 2 bytes JMP 76608978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link\D-Link USB Modem\D-LinkMonitor.exe[568] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760c150d 2 bytes JMP 76608698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link\D-Link USB Modem\D-LinkMonitor.exe[568] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760c1525 2 bytes JMP 76608a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link\D-Link USB Modem\D-LinkMonitor.exe[568] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760c153d 2 bytes JMP 7657fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link\D-Link USB Modem\D-LinkMonitor.exe[568] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760c1555 2 bytes JMP 765868ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link\D-Link USB Modem\D-LinkMonitor.exe[568] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760c156d 2 bytes JMP 76608f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link\D-Link USB Modem\D-LinkMonitor.exe[568] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760c1585 2 bytes JMP 76608ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link\D-Link USB Modem\D-LinkMonitor.exe[568] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760c159d 2 bytes JMP 7660865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link\D-Link USB Modem\D-LinkMonitor.exe[568] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760c15b5 2 bytes JMP 7657fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link\D-Link USB Modem\D-LinkMonitor.exe[568] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760c15cd 2 bytes JMP 7658b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link\D-Link USB Modem\D-LinkMonitor.exe[568] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760c16b2 2 bytes JMP 76608e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link\D-Link USB Modem\D-LinkMonitor.exe[568] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760c16bd 2 bytes JMP 766085f1 C:\Windows\syswow64\kernel32.dll ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\013505231de4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\013505231de4@001fcd31478c 0x69 0x1B 0x10 0x48 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\013505231de4 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\013505231de4@001fcd31478c 0x69 0x1B 0x10 0x48 ... Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\013505231de4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\013505231de4@001fcd31478c 0x69 0x1B 0x10 0x48 ... ---- EOF - GMER 2.1 ----