GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-03-08 23:32:27 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3250410AS rev.3.AAC 232,89GB Running: gmer.exe; Driver: C:\Users\Admin\AppData\Local\Temp\uwddakob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1688] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000077138769 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1688] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076d21465 2 bytes [D2, 76] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1688] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076d214bb 2 bytes [D2, 76] .text ... * 2 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2808] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007764000c 1 byte [C3] .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2808] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000776cf8ea 5 bytes JMP 000000017767d5c1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d21465 2 bytes [D2, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d214bb 2 bytes [D2, 76] .text ... * 2 .text E:\Gadu-Gadu\gg.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d21465 2 bytes [D2, 76] .text E:\Gadu-Gadu\gg.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d214bb 2 bytes [D2, 76] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2960:3764] 000007fefba72a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2960:3776] 000007feeef84830 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2960:3988] 000007fef8a45124 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4892:4384] 00000000754b7587 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4892:4780] 0000000068337712 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4892:5108] 0000000077682e65 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4892:2776] 0000000077683e85 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4892:3148] 0000000077683e85 Thread C:\Windows\System32\svchost.exe [4356:4344] 000007feeb029688 ---- Processes - GMER 2.1 ---- Library c:\users\admin\appdata\local\temp\7zs2604\hpslpsvc64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [4916] (HP Network Devices Support/Hewlett-Packard Co.)(2013-06-12 14:37:31) 0000000180000000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f81000830 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f81000830@0007a4f11875 0x7B 0x51 0xBE 0xFF ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f81000830 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f81000830@0007a4f11875 0x7B 0x51 0xBE 0xFF ... ---- EOF - GMER 2.1 ----