GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-09-15 16:04:05 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500325AS rev.0011LVM1 465,76GB Running: gsch7ey0.exe; Driver: C:\Users\user\AppData\Local\Temp\aftcaaob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1512] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076ad8791 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1512] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000766f1465 2 bytes [6F, 76] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1512] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000766f14bb 2 bytes [6F, 76] .text ... * 2 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[2556] @ C:\Windows\system32\sdautoplay.dll[msvcrt.dll!memset] [0] IAT C:\Windows\Explorer.EXE[2556] @ C:\Windows\system32\sdautoplay.dll[msvcrt.dll!_XcptFilter] [0] IAT C:\Windows\Explorer.EXE[2556] @ C:\Windows\system32\sdautoplay.dll[SPP.dll!SxTracerShouldTrackFailure] [0] ---- Devices - GMER 2.1 ---- Device \Driver\USBSTOR \Device\00000081 fffff88007ead578 Device \Driver\USBSTOR \Device\00000082 fffff88007ead578 ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\svchost.exe [312:3880] 000007fef2dfd3c8 Thread C:\Windows\system32\svchost.exe [312:3884] 000007fef2dfd3c8 Thread C:\Windows\system32\svchost.exe [312:3888] 000007fef2dfd3c8 Thread C:\Windows\system32\svchost.exe [312:3892] 000007fef2dfd3c8 Thread C:\Windows\system32\svchost.exe [672:1272] 000007fefb128274 Thread C:\Windows\system32\svchost.exe [672:2364] 000007fefb128274 Thread C:\Windows\system32\WLANExt.exe [1200:1248] 000000018000b6d4 Thread C:\Windows\system32\WLANExt.exe [1200:1252] 000000018000b6f0 Thread C:\Windows\system32\WLANExt.exe [1200:1256] 000000018000b6b8 Thread C:\Windows\system32\WLANExt.exe [1200:1260] 00000001800221a0 Thread C:\Windows\system32\WLANExt.exe [1200:1264] 000007fefa2e2f9c Thread C:\Windows\System32\spoolsv.exe [1308:2704] 000007fef6ee10c8 Thread C:\Windows\System32\spoolsv.exe [1308:2756] 000007fef6e96144 Thread C:\Windows\System32\spoolsv.exe [1308:2584] 000007fef6715fd0 Thread C:\Windows\System32\spoolsv.exe [1308:1796] 000007fefaaa3438 Thread C:\Windows\System32\spoolsv.exe [1308:2664] 000007fef67163ec Thread C:\Windows\System32\spoolsv.exe [1308:2700] 000007fef7225e5c Thread C:\Windows\System32\spoolsv.exe [1308:2968] 000007fef7325074 Thread C:\Windows\system32\svchost.exe [1744:3840] 000007fef6715fd0 Thread C:\Windows\system32\svchost.exe [1744:3844] 000007fef67163ec ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d819e3d858 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d819e3d858 (not active ControlSet) ---- EOF - GMER 2.1 ----