GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-02-24 11:15:23 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002b Hitachi_HTS547575A9E384 rev.JE4OA50A 698,64GB Running: 2ld3brjz.exe; Driver: C:\Users\Micha³\AppData\Local\Temp\uxtoifod.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\windows\system32\ntoskrnl.exe!KiCpuId + 988 fffff8016c46741c 1 byte [31] ---- User code sections - GMER 2.1 ---- .text C:\windows\system32\atiesrxx.exe[964] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff77a8177a 4 bytes [A8, 77, FF, 07] .text C:\windows\system32\atiesrxx.exe[964] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff77a81782 4 bytes [A8, 77, FF, 07] .text C:\windows\system32\atieclxx.exe[1036] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff77a8177a 4 bytes [A8, 77, FF, 07] .text C:\windows\system32\atieclxx.exe[1036] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff77a81782 4 bytes [A8, 77, FF, 07] .text C:\windows\system32\atieclxx.exe[1036] C:\windows\system32\WSOCK32.dll!recvfrom + 742 000007ff72d71b32 4 bytes [D7, 72, FF, 07] .text C:\windows\system32\atieclxx.exe[1036] C:\windows\system32\WSOCK32.dll!recvfrom + 750 000007ff72d71b3a 4 bytes [D7, 72, FF, 07] .text C:\windows\System32\spoolsv.exe[1456] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff77a8177a 4 bytes [A8, 77, FF, 07] .text C:\windows\System32\spoolsv.exe[1456] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff77a81782 4 bytes [A8, 77, FF, 07] .text C:\windows\Explorer.EXE[2980] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff77a8177a 4 bytes [A8, 77, FF, 07] .text C:\windows\Explorer.EXE[2980] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff77a81782 4 bytes [A8, 77, FF, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2548] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff68531532 4 bytes [53, 68, FF, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2548] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff6853153a 4 bytes [53, 68, FF, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2548] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff6853165a 4 bytes [53, 68, FF, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2548] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007ff72d71b32 4 bytes [D7, 72, FF, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2548] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007ff72d71b3a 4 bytes [D7, 72, FF, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3620] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff68531532 4 bytes [53, 68, FF, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3620] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff6853153a 4 bytes [53, 68, FF, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3620] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff6853165a 4 bytes [53, 68, FF, 07] .text C:\Windows\System32\igfxpers.exe[4216] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff77a8177a 4 bytes [A8, 77, FF, 07] .text C:\Windows\System32\igfxpers.exe[4216] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff77a81782 4 bytes [A8, 77, FF, 07] .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[3356] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007ff72d71b32 4 bytes [D7, 72, FF, 07] .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[3356] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007ff72d71b3a 4 bytes [D7, 72, FF, 07] ---- Threads - GMER 2.1 ---- Thread C:\windows\system32\csrss.exe [652:676] fffff960009945e8 Thread [2800:2900] 00000000100202b4 Thread [2800:2920] 000007ff7a19da50 Thread [2800:1876] 0000000010020088 Thread C:\windows\SYSTEM32\ntdll.dll [3956:2424] 00000000001c1c24 Thread C:\windows\SYSTEM32\ntdll.dll [3956:4728] 000000006172e54e Thread C:\windows\SYSTEM32\ntdll.dll [3956:1756] 000000005f6e0eb8 Thread C:\windows\SYSTEM32\ntdll.dll [3956:3744] 000000005f6e0eb8 Thread C:\windows\SYSTEM32\ntdll.dll [3956:2444] 000000005f6e0eb8 Thread C:\windows\SYSTEM32\ntdll.dll [3956:2992] 000000005fc9319b Thread C:\windows\SYSTEM32\ntdll.dll [3956:920] 0000000060508d99 Thread C:\windows\SYSTEM32\ntdll.dll [3956:3728] 0000000060484b0d Thread C:\windows\SYSTEM32\ntdll.dll [3956:4776] 0000000061ae16dc Thread C:\windows\SYSTEM32\ntdll.dll [2144:5032] 00000000001c1c24 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----