GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2017-03-17 15:58:47
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKX-75U6AA0 rev.19.01H19 465,76GB
Running: c77kems8.exe; Driver: C:\Users\BIBLIO~1\AppData\Local\Temp\pxldqpow.sys


---- User code sections - GMER 2.2 ----

.text   C:\Program Files\ESET\ESET Smart Security\ekrn.exe[916] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter   00000000777f9020 4 bytes [C3, 00, 00, 00]
.text   C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3376] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000075f11401 2 bytes JMP 7551b233 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3376] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000075f11419 2 bytes JMP 7551b35e C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000075f11431 2 bytes JMP 75599149 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      0000000075f1144a 2 bytes CALL 754f4885 C:\Windows\syswow64\kernel32.dll
.text   ...                                                                                                                    * 9
.text   C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3376] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         0000000075f114dd 2 bytes JMP 75598a42 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3376] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  0000000075f114f5 2 bytes JMP 75598c18 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3376] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         0000000075f1150d 2 bytes JMP 75598938 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3376] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000075f11525 2 bytes JMP 75598d02 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3376] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        0000000075f1153d 2 bytes JMP 7550fcc0 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3376] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             0000000075f11555 2 bytes JMP 75516907 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3376] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      0000000075f1156d 2 bytes JMP 75599201 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3376] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000075f11585 2 bytes JMP 75598d62 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3376] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           0000000075f1159d 2 bytes JMP 755988fc C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3376] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        0000000075f115b5 2 bytes JMP 7550fd59 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3376] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      0000000075f115cd 2 bytes JMP 7551b2f4 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3376] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  0000000075f116b2 2 bytes JMP 755990c4 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3376] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  0000000075f116bd 2 bytes JMP 75598891 C:\Windows\syswow64\kernel32.dll

---- Threads - GMER 2.2 ----

Thread  C:\Windows\system32\svchost.exe [872:3824]                                                                             000007fee4e5d3c8
Thread  C:\Windows\system32\svchost.exe [872:3828]                                                                             000007fee4e5d3c8
Thread  C:\Windows\system32\svchost.exe [872:3832]                                                                             000007fee4e5d3c8
Thread  C:\Windows\system32\svchost.exe [872:3836]                                                                             000007fee4e5d3c8
Thread  C:\Windows\System32\svchost.exe [2128:2368]                                                                            000007feec299688
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [3452:4064]                                                         000007fef0762ad8
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [3452:3344]                                                         000007feed2f5124

---- Registry - GMER 2.2 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch                                                        6275
Reg     HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch                                                       7795

---- EOF - GMER 2.2 ----