GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-05-19 19:13:56 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEKT-75A25T0 rev.01.01A01 232,89GB Running: g2jkkscl.exe; Driver: C:\Users\ThinkPad\AppData\Local\Temp\uxlyrkog.sys ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\svchost.exe [596:7140] 00000000011e14cc Thread C:\Windows\system32\svchost.exe [596:7448] 00000000011e14cc Thread C:\Windows\system32\svchost.exe [596:2132] 00000000011e14cc Thread C:\Windows\system32\svchost.exe [596:7080] 00000000011d7378 Thread C:\Windows\system32\svchost.exe [596:3008] 00000000011d7378 Thread C:\Windows\system32\svchost.exe [596:1812] 00000000013614cc Thread C:\Windows\system32\svchost.exe [596:3268] 00000000013614cc Thread C:\Windows\system32\svchost.exe [596:6692] 00000000013614cc Thread C:\Windows\system32\svchost.exe [596:3264] 0000000001357378 Thread C:\Windows\system32\svchost.exe [596:9192] 0000000001357378 Thread C:\Windows\system32\svchost.exe [596:7628] 00000000012f14cc Thread C:\Windows\system32\svchost.exe [596:7616] 00000000012f14cc Thread C:\Windows\system32\svchost.exe [596:8300] 00000000012f14cc Thread C:\Windows\system32\svchost.exe [596:8532] 00000000012f14cc Thread C:\Windows\system32\svchost.exe [596:8368] 00000000012e7378 Thread C:\Windows\system32\svchost.exe [596:6656] 00000000012e7378 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\5cac4cc4975a Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\5cac4cc4975a@c43abe0f16ba 0x86 0x51 0xB8 0x9C ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e02a82f3e2d9 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\5cac4cc4975a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\5cac4cc4975a@c43abe0f16ba 0x86 0x51 0xB8 0x9C ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e02a82f3e2d9 (not active ControlSet) ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.2 ---- File C:\Users\ThinkPad\AppData\Local\Firefox\Firefox\Profiles\ydtyqbv7.default-1432145026461\cache2\entries\BDD87FDFBE9F43BD757141E3EEBF633B053FC0FC 4470 bytes File C:\Users\ThinkPad\AppData\Local\Firefox\Firefox\Profiles\ydtyqbv7.default-1432145026461\cache2\entries\C2B2B182F5980C7C51262B67E487537D3EADBEC4 4295 bytes File C:\Users\ThinkPad\AppData\Local\Firefox\Firefox\Profiles\ydtyqbv7.default-1432145026461\cache2\entries\C973C432ACD2BDC66AA1B1EDCC651D4F666F2EC3 4301 bytes File C:\Users\ThinkPad\AppData\Local\Firefox\Firefox\Profiles\ydtyqbv7.default-1432145026461\cache2\entries\F32DA27C6224EADCF4837872E7A81DC12BC91487 4488 bytes ---- EOF - GMER 2.2 ----