GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-06-10 23:19:19 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE3O 465,76GB Running: gmer.exe; Driver: C:\Users\Stefan\AppData\Local\Temp\uxdcrpob.sys ---- Threads - GMER 2.2 ---- Thread [924:940] 0000000075dd7587 Thread [924:964] 00000000770b41f3 Thread [924:5164] 00000000770b6679 Thread C:\Windows\system32\svchost.exe [552:2752] 000007fef52984d8 Thread C:\Windows\system32\svchost.exe [552:2928] 000007fef52523a8 Thread C:\Windows\system32\svchost.exe [552:2940] 000007fef5380d00 Thread C:\Windows\system32\svchost.exe [552:2944] 000007fef4969498 Thread C:\Windows\system32\svchost.exe [552:2972] 000007fef57c17f8 Thread C:\Windows\system32\svchost.exe [552:3196] 000007fef459506c Thread C:\Windows\system32\svchost.exe [552:3204] 000007fef4491c20 Thread C:\Windows\system32\svchost.exe [552:3208] 000007fef4491c20 Thread C:\Windows\system32\svchost.exe [552:5176] 000007fef57c17f8 Thread C:\Windows\system32\svchost.exe [552:3428] 000007fef40a4164 Thread C:\Windows\system32\svchost.exe [552:5684] 000007fef5d8b68c Thread C:\Windows\Explorer.EXE [1668:3904] 000007fef8cc2f9c Thread C:\Windows\Explorer.EXE [1668:3948] 000007fef1e72118 Thread C:\Windows\Explorer.EXE [1668:604] 000007fefbc41010 Thread C:\Windows\system32\svchost.exe [1836:2636] 000007fef54983d8 Thread C:\Windows\system32\svchost.exe [1836:2640] 000007fef54983d8 Thread C:\Windows\system32\svchost.exe [1836:2644] 000007fef54983d8 Thread C:\Windows\system32\svchost.exe [1836:2648] 000007fef54983d8 Thread C:\Windows\system32\svchost.exe [1836:2668] 000007fef5a5bec4 Thread C:\Windows\system32\svchost.exe [1836:2816] 000007fef5213f1c Thread C:\Windows\system32\svchost.exe [1836:2820] 000007fef51e1a38 Thread C:\Windows\system32\svchost.exe [1836:2824] 000007fef5565170 Thread C:\Windows\system32\svchost.exe [1836:2844] 000007fef5165388 Thread C:\Windows\system32\svchost.exe [1836:2848] 000007fef50c7738 Thread C:\Windows\system32\svchost.exe [1836:2856] 000007fef50b1f90 Thread C:\Windows\system32\svchost.exe [1836:4608] 000007fef53f5124 Thread C:\Windows\system32\svchost.exe [2100:2660] 000007fef5b65fd0 Thread C:\Windows\system32\svchost.exe [2100:2688] 000007fef5b663ec Thread C:\Windows\system32\svchost.exe [2100:4600] 000007fef17e8470 Thread C:\Windows\system32\svchost.exe [2100:4604] 000007fef17f2418 Thread C:\Windows\system32\svchost.exe [2100:4740] 000007fef11a5f1c Thread C:\Windows\system32\svchost.exe [2100:4912] 000007fef0d3f130 Thread C:\Windows\system32\svchost.exe [2100:5896] 000007fef0d34734 Thread C:\Windows\system32\svchost.exe [2100:460] 000007fef0d34734 Thread C:\Windows\system32\svchost.exe [2336:2352] 000007fefd6ea808 Thread C:\Windows\system32\svchost.exe [2336:2412] 000007fef6067130 Thread C:\Windows\system32\svchost.exe [2336:2416] 000007fef605d5c0 Thread C:\Windows\System32\svchost.exe [2372:3848] 000007fefa729688 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac7289ddf2fb Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac7289ddf2fb@cc07ab35d687 0x41 0xDF 0xBD 0x21 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac7289ddf2fb (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac7289ddf2fb@cc07ab35d687 0x41 0xDF 0xBD 0x21 ... ---- EOF - GMER 2.2 ----