GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-09-14 22:22:04 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GT00 465,76GB Running: r7w15d57.exe; Driver: C:\Users\Monika\AppData\Local\Temp\uwlorfod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1728] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075fb8791 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1728] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076211465 2 bytes [21, 76] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1728] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000762114bb 2 bytes [21, 76] .text ... * 2 .text C:\Program Files (x86)\Gmail Notifier Pro\GmailNotifierPro.exe[3244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076211465 2 bytes [21, 76] .text C:\Program Files (x86)\Gmail Notifier Pro\GmailNotifierPro.exe[3244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762114bb 2 bytes [21, 76] .text ... * 2 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076211465 2 bytes [21, 76] .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762114bb 2 bytes [21, 76] .text ... * 2 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076211465 2 bytes [21, 76] .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762114bb 2 bytes [21, 76] .text ... * 2 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[3256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076211465 2 bytes [21, 76] .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[3256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762114bb 2 bytes [21, 76] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread [4312:4828] 0000000077d52e65 Thread [4312:2968] 0000000077d53e85 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3692:5848] 000007fefba32a7c Thread C:\Windows\System32\svchost.exe [5436:5920] 000007feddc59688 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{65D51462-2588-4E2E-92EC-8C85F0584BB2}\Connection@Name isatap.{6130FA61-BE68-4C27-B93A-41C9A974CB0E} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{33FF9532-11C7-488C-BFE4-18627370B771}?\Device\{65D51462-2588-4E2E-92EC-8C85F0584BB2}?\Device\{0087F1C7-98C7-461E-AA42-ADD2E30E5792}?\Device\{D36E4AEF-E1A5-4D73-A2B7-CE5CFC9A72C2}?\Device\{EC31DEEC-EACC-41A4-8499-483ABBB3DC9C}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{33FF9532-11C7-488C-BFE4-18627370B771}"?"{65D51462-2588-4E2E-92EC-8C85F0584BB2}"?"{0087F1C7-98C7-461E-AA42-ADD2E30E5792}"?"{D36E4AEF-E1A5-4D73-A2B7-CE5CFC9A72C2}"?"{EC31DEEC-EACC-41A4-8499-483ABBB3DC9C}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{33FF9532-11C7-488C-BFE4-18627370B771}?\Device\TCPIP6TUNNEL_{65D51462-2588-4E2E-92EC-8C85F0584BB2}?\Device\TCPIP6TUNNEL_{0087F1C7-98C7-461E-AA42-ADD2E30E5792}?\Device\TCPIP6TUNNEL_{D36E4AEF-E1A5-4D73-A2B7-CE5CFC9A72C2}?\Device\TCPIP6TUNNEL_{EC31DEEC-EACC-41A4-8499-483ABBB3DC9C}? Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{65D51462-2588-4E2E-92EC-8C85F0584BB2}@InterfaceName isatap.{6130FA61-BE68-4C27-B93A-41C9A974CB0E} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{65D51462-2588-4E2E-92EC-8C85F0584BB2}@ReusableType 0 ---- EOF - GMER 2.1 ----