GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-10-28 21:51:32 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545032B9A300 rev.PB3OC60F 298,09GB Running: 0lxrt8mr.exe; Driver: C:\Users\Acer\AppData\Local\Temp\aftcqaob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076dd8781 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000077361401 2 bytes JMP 76dfb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000077361419 2 bytes JMP 76dfb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000077361431 2 bytes JMP 76e78fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007736144a 2 bytes CALL 76dd489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000773614dd 2 bytes JMP 76e788c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000773614f5 2 bytes JMP 76e78aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007736150d 2 bytes JMP 76e787ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077361525 2 bytes JMP 76e78b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007736153d 2 bytes JMP 76defca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000077361555 2 bytes JMP 76df68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007736156d 2 bytes JMP 76e79089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000077361585 2 bytes JMP 76e78bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007736159d 2 bytes JMP 76e7877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000773615b5 2 bytes JMP 76defd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000773615cd 2 bytes JMP 76dfb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000773616b2 2 bytes JMP 76e78f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000773616bd 2 bytes JMP 76e78713 C:\Windows\syswow64\kernel32.dll ---- Devices - GMER 2.1 ---- Device \Driver\WUDFRd \Device\UMDFCtrlDev-8d946042-7da4-11e5-bc33-001b10003388 fffff880072ba3f4 Device \Driver\USBSTOR -> DriverStartIo \Device\00000086 fffff8800729c9c4 Device \Driver\USBSTOR \Device\00000086 fffff880072ae578 Device \Driver\USBSTOR -> DriverStartIo \Device\00000087 fffff8800729c9c4 Device \Driver\USBSTOR \Device\00000087 fffff880072ae578 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001b10003388 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001b10003388@fc19102dff63 0x25 0x04 0x37 0x37 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001b10003388 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001b10003388@fc19102dff63 0x25 0x04 0x37 0x37 ... ---- EOF - GMER 2.1 ----