GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-10-02 18:56:33 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006b WDC_WD50 rev.01.0 465,76GB Running: oq81uekh.exe; Driver: C:\Users\Zombol\AppData\Local\Temp\pxldapod.sys ---- User code sections - GMER 2.1 ---- .text D:\Programy\ESET\ESET Smart Security\x86\ekrn.exe[1524] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000778d8769 4 bytes [C2, 04, 00, 00] .text D:\Programy\ESET\ESET Smart Security\x86\ekrn.exe[1524] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075951465 2 bytes [95, 75] .text D:\Programy\ESET\ESET Smart Security\x86\ekrn.exe[1524] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000759514bb 2 bytes [95, 75] .text ... * 2 .text D:\Programy\uTorrent\uTorrent.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075951465 2 bytes [95, 75] .text D:\Programy\uTorrent\uTorrent.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759514bb 2 bytes [95, 75] .text ... * 2 .text C:\Users\Zombol\Desktop\OTL.exe[2148] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000075951465 2 bytes [95, 75] .text C:\Users\Zombol\Desktop\OTL.exe[2148] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 00000000759514bb 2 bytes [95, 75] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2628:1972] 00000000762f7587 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2628:1428] 00000000687d0cb3 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2628:3296] 0000000077e22e65 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2628:4060] 000000007678d864 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2628:3728] 0000000077e23e85 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2628:3824] 0000000077e23e85 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2628:4472] 0000000077e23e85 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2036:2244] 0000000077e22e65 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2036:388] 0000000077e23e85 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2036:2472] 0000000077e23e85 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2036:2420] 000000007678d864 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2036:4908] 0000000063486a5f Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2036:784] 0000000063500601 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06deac44e Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 322 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 615 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06deac44e (not active ControlSet) ---- EOF - GMER 2.1 ----