GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-07-26 09:13:24 Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS542520K9SA00 rev.BBDOC33P 186,31GB Running: e8ex0jqh.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapob.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[976] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000762e1a9e 4 bytes [C2, 04, 00, 00] ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification ---- Threads - GMER 2.1 ---- Thread System [4:436] fffffa8004feeb70 Thread C:\Windows\System32\svchost.exe [332:1412] 000007fefb9f2d14 Thread C:\Windows\System32\svchost.exe [332:2512] 000007fefb9f9ab4 Thread C:\Windows\system32\svchost.exe [1168:1464] 000007fefbd1c534 Thread C:\Windows\system32\svchost.exe [1168:1784] 000007fefbd1c534 Thread C:\Windows\System32\spoolsv.exe [1740:2332] 000007fef9b113dc Thread C:\Windows\System32\spoolsv.exe [1740:2336] 000007fef9b112ac Thread C:\Windows\System32\spoolsv.exe [1740:2368] 000007fef8901c00 Thread C:\Windows\System32\spoolsv.exe [1740:2384] 000007fef88238a0 Thread C:\Windows\System32\spoolsv.exe [1740:2392] 000007fef88bbd78 Thread C:\Windows\System32\spoolsv.exe [1740:2396] 000007fef88bc4f8 Thread C:\Windows\System32\spoolsv.exe [1740:2400] 000007fef88c6844 Thread C:\Windows\System32\spoolsv.exe [1740:2432] 000007fef97ca704 Thread C:\Windows\Explorer.EXE [1840:3008] 000007fefced2148 Thread C:\Windows\Explorer.EXE [1840:3024] 000007fef7cc1604 Thread C:\Windows\Explorer.EXE [1840:3052] 000007fef7277478 Thread C:\Windows\Explorer.EXE [1840:2240] 000007fefc7e3ee0 Thread C:\Windows\Explorer.EXE [1840:2268] 000007fef7735ce8 Thread C:\Windows\Explorer.EXE [1840:2740] 000007fef7734460 Thread C:\Windows\Explorer.EXE [1840:1800] 000007fef88bbd78 Thread C:\Windows\Explorer.EXE [1840:2876] 000007fefaa16124 Thread C:\Windows\system32\WLANExt.exe [1848:1892] 000000018000ccf8 Thread C:\Windows\system32\WLANExt.exe [1848:1896] 000000018000cd14 Thread C:\Windows\system32\WLANExt.exe [1848:1900] 000000018000ccdc Thread C:\Windows\system32\WLANExt.exe [1848:1904] 0000000180023bf0 Thread C:\Windows\system32\WLANExt.exe [1848:1908] 000007fefaa16124 Thread C:\Windows\system32\svchost.exe [1256:1348] 000007fef9b44b64 Thread C:\Windows\system32\svchost.exe [2128:2288] 000007fef88bbd78 Thread C:\Windows\system32\svchost.exe [2128:2364] 000007fef88bc4f8 Thread C:\Windows\system32\svchost.exe [2128:2372] 000007fef88c6844 Thread C:\Windows\System32\svchost.exe [2196:2244] 000007fef90e6cbc Thread C:\Windows\system32\SearchIndexer.exe [2220:732] 000007fef7e239f0 Thread C:\Windows\system32\taskeng.exe [2528:1612] 000007fef75da26c Thread C:\Windows\system32\taskeng.exe [2528:2536] 000007fef75d36d0 Thread C:\Program Files\Windows Sidebar\sidebar.exe [2832:2896] 000007fefc57b8ec Thread C:\Program Files\Windows Sidebar\sidebar.exe [2832:2136] 000007fefaa16124 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015830f8a62 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{43e9b7d5-84f0-4114-8264-1eb0595d133b}@Dhcpv6State 0 Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0015830f8a62 (not active ControlSet) ---- EOF - GMER 2.1 ----