GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-07-08 13:29:46 Windows 6.1.7601 Service Pack 1 x64 Running: 2o5nox0m.exe ---- Services - GMER 2.1 ---- Service System32\Drivers\5940e4d7b3a1b797.sys (*** hidden *** ) [BOOT] 5940e4d7b3a1b797 <-- ROOTKIT !!! ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ????????????????????????????????????????????????? L???????????????????8???????????h???????P?????????????WFP Lightweight Filter??????????????????????????????????????????????????ServiceMain?????system32\DRIVERS\wfplwf.sys?????@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000?B-??????????????t???? 4??????c??????????????????????????????????????????????????????????????????wdfcoinstaller01007.dll,WdfCoInstaller??????? ?????????????????????0?????????? ?????????? ?????????????????????0????????????????????? ?????????????????????,??J???????????????m?????? ?????????????????????,??(???????????????????????????????.????????????e???????????????????????????????????s????? ?????????????????????0????????????????????????????????????????? ?????????????????????0????????????????????????????????{3??????????????????? ?????????????????????0????????????&????????????????????g??????????????????????? ?????????????????????0????????????????????? ?????????????????????0?????????????????????????????????????????????0??-4??????40????????????????? Reg HKLM\SYSTEM\CurrentControlSet\services\5940e4d7b3a1b797@ImagePath \SystemRoot\System32\Drivers\5940e4d7b3a1b797.sys Reg HKLM\SYSTEM\CurrentControlSet\services\5940e4d7b3a1b797@Group Boot Bus Extender Reg HKLM\SYSTEM\CurrentControlSet\services\5940e4d7b3a1b797@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\services\5940e4d7b3a1b797@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\5940e4d7b3a1b797@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\5940e4d7b3a1b797@Tag 1 Reg HKLM\SYSTEM\CurrentControlSet\services\5940e4d7b3a1b797@DisplayName syshost.exe Reg HKLM\SYSTEM\CurrentControlSet\services\5940e4d7b3a1b797 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00150079fe36 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4c8093665d4a Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4c8093665d4a@f48e099224a1 0xBE 0xB9 0x11 0x19 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4c8093665d4a@c064c662e32a 0x90 0x6D 0x18 0x85 ... Reg HKLM\SYSTEM\ControlSet002\services\5940e4d7b3a1b797@ImagePath \SystemRoot\System32\Drivers\5940e4d7b3a1b797.sys Reg HKLM\SYSTEM\ControlSet002\services\5940e4d7b3a1b797@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet002\services\5940e4d7b3a1b797@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\services\5940e4d7b3a1b797@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\5940e4d7b3a1b797@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\5940e4d7b3a1b797@Tag 1 Reg HKLM\SYSTEM\ControlSet002\services\5940e4d7b3a1b797@DisplayName syshost.exe Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00150079fe36 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4c8093665d4a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4c8093665d4a@f48e099224a1 0xBE 0xB9 0x11 0x19 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4c8093665d4a@c064c662e32a 0x90 0x6D 0x18 0x85 ... ---- EOF - GMER 2.1 ----