GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-10-24 19:55:40 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 Maxtor_7V250F0 rev.VA111630 233,76GB Running: je5zcbfd.exe; Driver: C:\Users\Mama\AppData\Local\Temp\kwldqpoc.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960000f1f00 7 bytes [40, A7, F3, FF, 01, B5, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff960000f1f08 3 bytes [C0, 06, 02] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[780] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter 0000000077229b70 4 bytes [C3, 00, 00, 00] ---- Threads - GMER 2.1 ---- Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3120:3532] 0000000075f07587 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3120:1364] 000000006bea0cb3 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3120:4028] 00000000775541f3 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3120:4708] 0000000077556679 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3120:4328] 0000000077556679 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3120:3036] 0000000077556679 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f81000830 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f81000830@4850735a06e7 0x60 0xCA 0x5A 0xAD ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f81000830@2c54cf592370 0xA0 0xA7 0xBB 0x52 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f81000830 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f81000830@4850735a06e7 0x60 0xCA 0x5A 0xAD ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f81000830@2c54cf592370 0xA0 0xA7 0xBB 0x52 ... ---- EOF - GMER 2.1 ----