GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-10-17 13:52:53 Windows 6.1.7601 Service Pack 1 x64 Running: xgqjmcd9.exe ---- Services - GMER 2.1 ---- Service System32\Drivers\1301f4866d62cbe2.sys (*** hidden *** ) [BOOT] 1301f4866d62cbe2 <-- ROOTKIT !!! ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\1301f4866d62cbe2@ImagePath \SystemRoot\System32\Drivers\1301f4866d62cbe2.sys Reg HKLM\SYSTEM\CurrentControlSet\services\1301f4866d62cbe2@Group Boot Bus Extender Reg HKLM\SYSTEM\CurrentControlSet\services\1301f4866d62cbe2@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\services\1301f4866d62cbe2@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\1301f4866d62cbe2@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\1301f4866d62cbe2@Tag 1 Reg HKLM\SYSTEM\CurrentControlSet\services\1301f4866d62cbe2@DisplayName syshost.exe Reg HKLM\SYSTEM\CurrentControlSet\services\1301f4866d62cbe2 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\24fd529e0b87 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 37554 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 22667 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{947A6CF5-722B-4099-8E8F-40997616B348}@DhcpIPAddress 0.0.0.0 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{947A6CF5-722B-4099-8E8F-40997616B348}@DhcpSubnetMask 255.0.0.0 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{947A6CF5-722B-4099-8E8F-40997616B348}@DhcpServer 255.255.255.255 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{947A6CF5-722B-4099-8E8F-40997616B348}@LeaseObtainedTime 1445081755 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{947A6CF5-722B-4099-8E8F-40997616B348}@T1 1445082655 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{947A6CF5-722B-4099-8E8F-40997616B348}@T2 1445083330 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{947A6CF5-722B-4099-8E8F-40997616B348}@LeaseTerminatesTime 1445083555 Reg HKLM\SYSTEM\ControlSet002\services\1301f4866d62cbe2@ImagePath \SystemRoot\System32\Drivers\1301f4866d62cbe2.sys Reg HKLM\SYSTEM\ControlSet002\services\1301f4866d62cbe2@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet002\services\1301f4866d62cbe2@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\services\1301f4866d62cbe2@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\1301f4866d62cbe2@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\1301f4866d62cbe2@Tag 1 Reg HKLM\SYSTEM\ControlSet002\services\1301f4866d62cbe2@DisplayName syshost.exe Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\24fd529e0b87 (not active ControlSet) ---- EOF - GMER 2.1 ----