GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-10-29 19:55:47 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GN00 465,76GB Running: gamber.exe; Driver: C:\Users\Gulek\AppData\Local\Temp\kwddqkog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800035bc000 45 bytes [00, 00, 10, 02, 4E, 74, 66, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800035bc02f 10 bytes [00, 01, 00, 06, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Users\Gulek\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075721465 2 bytes [72, 75] .text C:\Users\Gulek\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757214bb 2 bytes [72, 75] .text ... * 2 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075721465 2 bytes [72, 75] .text C:\Program Files (x86)\Launch Manager\LManager.exe[3044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757214bb 2 bytes [72, 75] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [3316:4164] 000007fef0e39688 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [968:2748] 000007fefb7c2a7c ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{1101832D-608C-44FD-A9C3-58A04030454A}\Connection@Name isatap.{47E8143D-CBD6-4496-B34F-178E4D312D68} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{D48191B9-BCC2-4219-A81B-514F3E086489}?\Device\{1101832D-608C-44FD-A9C3-58A04030454A}?\Device\{080F89C2-31F9-41FF-95DE-A43F759A83CA}?\Device\{D94B76AC-6E85-4353-A527-3A786C05FE02}?\Device\{B1321287-288E-46DA-9856-0BB4F63EDC7F}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{D48191B9-BCC2-4219-A81B-514F3E086489}"?"{1101832D-608C-44FD-A9C3-58A04030454A}"?"{080F89C2-31F9-41FF-95DE-A43F759A83CA}"?"{D94B76AC-6E85-4353-A527-3A786C05FE02}"?"{B1321287-288E-46DA-9856-0BB4F63EDC7F}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{D48191B9-BCC2-4219-A81B-514F3E086489}?\Device\TCPIP6TUNNEL_{1101832D-608C-44FD-A9C3-58A04030454A}?\Device\TCPIP6TUNNEL_{080F89C2-31F9-41FF-95DE-A43F759A83CA}?\Device\TCPIP6TUNNEL_{D94B76AC-6E85-4353-A527-3A786C05FE02}?\Device\TCPIP6TUNNEL_{B1321287-288E-46DA-9856-0BB4F63EDC7F}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9cb70dfd047f Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9cb70dfd047f@3017c8165833 0x9D 0x80 0xCD 0x7F ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9cb70dfd047f@943af04a9c7f 0xD8 0x1C 0x06 0xB2 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9cb70dfd047f@001a75b505a4 0x17 0xC6 0xD4 0x97 ... Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{1101832D-608C-44FD-A9C3-58A04030454A}@InterfaceName isatap.{47E8143D-CBD6-4496-B34F-178E4D312D68} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{1101832D-608C-44FD-A9C3-58A04030454A}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 16860 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 4467 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC7 0x9D 0x62 0xA4 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD5 0xC1 0xEE 0xCE ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB4 0xE6 0x11 0xBD ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9cb70dfd047f (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9cb70dfd047f@3017c8165833 0x9D 0x80 0xCD 0x7F ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9cb70dfd047f@943af04a9c7f 0xD8 0x1C 0x06 0xB2 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9cb70dfd047f@001a75b505a4 0x17 0xC6 0xD4 0x97 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC7 0x9D 0x62 0xA4 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD5 0xC1 0xEE 0xCE ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB4 0xE6 0x11 0xBD ... ---- Files - GMER 2.1 ---- File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSE8093.log 1048576 bytes File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSE8094.log 1048576 bytes ---- EOF - GMER 2.1 ----