GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-14 10:22:47 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Intel___ rev.1.0. 465,76GB Running: cqhnng22.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\uxlyykob.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80001fbe000 45 bytes [84, F9, 02, 00, 00, 00, 00, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff80001fbe02f 16 bytes [00, 4B, BA, 02, 00, 00, 00, ...] ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\silsvc@ service Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\silsvc@ service Reg HKLM\SYSTEM\CurrentControlSet\services\silsvc@DisplayName @%SystemRoot%\system32\silsvc.exe,-103 Reg HKLM\SYSTEM\CurrentControlSet\services\silsvc@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\silsvc@ImagePath %SystemRoot%\system32\silsvc.exe Reg HKLM\SYSTEM\CurrentControlSet\services\silsvc@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\silsvc@Type 16 Reg HKLM\SYSTEM\CurrentControlSet\services\silsvc@Description @%SystemRoot%\system32\silsvc.exe,-102 Reg HKLM\SYSTEM\CurrentControlSet\services\silsvc@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\services\silsvc@DelayedAutostart 0 Reg HKLM\SYSTEM\CurrentControlSet\services\silsvc\Security Reg HKLM\SYSTEM\CurrentControlSet\services\silsvc\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\services\silsvc Reg HKLM\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\silsvc@ service Reg HKLM\SYSTEM\ControlSet002\Control\SafeBoot\Network\silsvc@ service Reg HKLM\SYSTEM\ControlSet002\services\silsvc@DisplayName @%SystemRoot%\system32\silsvc.exe,-103 Reg HKLM\SYSTEM\ControlSet002\services\silsvc@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\silsvc@ImagePath %SystemRoot%\system32\silsvc.exe Reg HKLM\SYSTEM\ControlSet002\services\silsvc@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\silsvc@Type 16 Reg HKLM\SYSTEM\ControlSet002\services\silsvc@Description @%SystemRoot%\system32\silsvc.exe,-102 Reg HKLM\SYSTEM\ControlSet002\services\silsvc@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\services\silsvc@DelayedAutostart 0 Reg HKLM\SYSTEM\ControlSet002\services\silsvc\Security (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\silsvc\Security@Security 0x01 0x00 0x14 0x80 ... ---- EOF - GMER 2.1 ----