GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-03-16 12:17:58 Windows 6.0.6002 Service Pack 2 Running: duxjybz2.exe ---- Services - GMER 2.1 ---- Service System32\Drivers\2e7c80c788dd5602.sys (*** hidden *** ) [BOOT] 2e7c80c788dd5602 <-- ROOTKIT !!! ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\2e7c80c788dd5602@ImagePath \SystemRoot\System32\Drivers\2e7c80c788dd5602.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\2e7c80c788dd5602@Group Boot Bus Extender Reg HKLM\SYSTEM\CurrentControlSet\Services\2e7c80c788dd5602@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\2e7c80c788dd5602@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\2e7c80c788dd5602@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\2e7c80c788dd5602@Tag 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\2e7c80c788dd5602@DisplayName syshost.exe Reg HKLM\SYSTEM\CurrentControlSet\Services\2e7c80c788dd5602 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310@001fe43c0440 0x97 0x7D 0xF7 0xE9 ... Reg HKLM\SYSTEM\ControlSet002\Services\2e7c80c788dd5602@ImagePath \SystemRoot\System32\Drivers\2e7c80c788dd5602.sys Reg HKLM\SYSTEM\ControlSet002\Services\2e7c80c788dd5602@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet002\Services\2e7c80c788dd5602@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\Services\2e7c80c788dd5602@Type 1 Reg HKLM\SYSTEM\ControlSet002\Services\2e7c80c788dd5602@Start 0 Reg HKLM\SYSTEM\ControlSet002\Services\2e7c80c788dd5602@Tag 1 Reg HKLM\SYSTEM\ControlSet002\Services\2e7c80c788dd5602@DisplayName syshost.exe Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00158315a310 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00158315a310@001fe43c0440 0x97 0x7D 0xF7 0xE9 ... ---- EOF - GMER 2.1 ----