GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-09-22 17:35:59 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHV2160BT_PL rev.00000050 149,05GB Running: t2lyfcd5.exe; Driver: C:\Users\admin\AppData\Local\Temp\pxldipow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff80003004000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 610 fffff80003004042 4 bytes [00, 00, 00, 00] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\uTorrent\uTorrent.exe[2524] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077980068 5 bytes JMP 00000001022f26fb .text C:\Program Files (x86)\uTorrent\uTorrent.exe[2524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000758c1465 2 bytes [8C, 75] .text C:\Program Files (x86)\uTorrent\uTorrent.exe[2524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758c14bb 2 bytes [8C, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[2548] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077980068 5 bytes JMP 0000000101d626fb .text C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077980068 5 bytes JMP 00000001002b26fb .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2952] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077980068 5 bytes JMP 00000001001e26fb ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\svchost.exe [940:2188] 000007fef9ca5124 Thread C:\Windows\system32\svchost.exe [940:3152] 000007fef08e506c Thread C:\Windows\system32\svchost.exe [940:3500] 000007fef77c1c20 Thread C:\Windows\system32\svchost.exe [940:3584] 000007fef77c1c20 Thread C:\Windows\system32\svchost.exe [940:688] 000007fef6daa978 Thread C:\Windows\system32\svchost.exe [940:4088] 000007fef49c1ab0 Thread C:\Windows\system32\svchost.exe [940:3996] 000007fef053cb70 Thread C:\Windows\system32\svchost.exe [940:3504] 000007fef8d55170 Thread C:\Windows\system32\svchost.exe [940:2768] 000007fef8d55170 Thread C:\Windows\system32\svchost.exe [940:3128] 000007fef80a17f8 Thread C:\Windows\system32\svchost.exe [940:3248] 000007fef70c4164 Thread C:\Windows\System32\spoolsv.exe [1104:1772] 000007fef92910c8 Thread C:\Windows\System32\spoolsv.exe [1104:1820] 000007fef9256144 Thread C:\Windows\System32\spoolsv.exe [1104:1876] 000007fef8ce5fd0 Thread C:\Windows\System32\spoolsv.exe [1104:1884] 000007fefa6c3438 Thread C:\Windows\System32\spoolsv.exe [1104:1888] 000007fef8ce63ec Thread C:\Windows\System32\spoolsv.exe [1104:1896] 000007fef9f15e5c Thread C:\Windows\System32\spoolsv.exe [1104:1908] 000007fefa515074 Thread C:\Windows\syswow64\svchost.exe [2676:3028] 000000000025253a Thread C:\Windows\syswow64\svchost.exe [2676:3068] 00000000002b11d9 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3088:3488] 000007fefb9a2a7c ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ?????z???????&??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????nd?????????T?T?T???????A?@?T?T?A?A?T?U?U?????$???????????????????????????? ?d??o?????????????e?e?e?e?f?f?i?i?f?o?m?o?o?o?o?o?o?o?o?o?o?o?o?o32???????????d???s???????&??? ???????j????????????????????????$?????????????? ????????????????? ---- EOF - GMER 2.1 ----