GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-12-01 21:22:53 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JEDO 596,17GB Running: f813b99e.exe; Driver: C:\Users\DOM\AppData\Local\Temp\uxriqpow.sys ---- User code sections - GMER 2.1 ---- .text C:\windows\system32\services.exe[708] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770bef8d 1 byte [62] .text C:\windows\System32\svchost.exe[564] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770bef8d 1 byte [62] .text C:\windows\system32\svchost.exe[1028] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770bef8d 1 byte [62] .text C:\windows\system32\svchost.exe[1188] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770bef8d 1 byte [62] .text C:\windows\Explorer.EXE[1680] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770bef8d 1 byte [62] .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1872] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ba2fd 1 byte [62] .text C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe[2916] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ba2fd 1 byte [62] .text C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[2972] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ba2fd 1 byte [62] .text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[3020] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ba2fd 1 byte [62] .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[3028] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ba2fd 1 byte [62] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1260] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ba2fd 1 byte [62] .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[2704] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ba2fd 1 byte [62] .text C:\Program Files (x86)\Hold Page\bin\utilHoldPage.exe[3184] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000765ba2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3824] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ba2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3596] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ba2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4664] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ba2fd 1 byte [62] .text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[2276] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ba2fd 1 byte [62] .text C:\Program Files\Windows Sidebar\sidebar.exe[4304] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770bef8d 1 byte [62] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3296] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ba2fd 1 byte [62] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4812] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ba2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1400] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ba2fd 1 byte [62] .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[5296] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ba2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5648] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ba2fd 1 byte [62] .text C:\PROGRAMY\ AVAST\AvastUI.exe[5964] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076598791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\PROGRAMY\ AVAST\AvastUI.exe[5964] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ba2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3156] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ba2fd 1 byte [62] .text C:\Program Files (x86)\Hold Page\bin\HoldPage.BrowserAdapter.exe[1620] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ba2fd 1 byte [62] .text C:\Program Files (x86)\Hold Page\updateHoldPage.exe[3324] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000765ba2fd 1 byte [62] .text C:\Users\DOM\Downloads\f813b99e.exe[4460] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ba2fd 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\windows\System32\svchost.exe [468:1080] 000007fefab0f2c0 Thread C:\windows\System32\svchost.exe [468:1108] 000007fefad86204 Thread C:\windows\System32\svchost.exe [468:1200] 000007fefa605428 Thread C:\windows\System32\svchost.exe [468:5556] 000007fef0eb6b8c Thread C:\windows\System32\svchost.exe [468:5564] 000007fef0eb1d88 Thread C:\windows\System32\svchost.exe [468:5000] 000007fefef9c608 Thread C:\windows\System32\svchost.exe [468:3252] 000007fefa64a828 Thread C:\windows\System32\svchost.exe [468:3884] 000007fefa603118 Thread C:\windows\System32\svchost.exe [468:6236] 000007fefa702070 Thread C:\windows\System32\svchost.exe [468:6852] 000007fef6a15fd0 Thread C:\windows\System32\svchost.exe [564:2664] 000007fef6ba44e0 Thread C:\windows\System32\svchost.exe [564:2880] 000007fef54614a0 Thread C:\windows\System32\svchost.exe [564:4144] 000007fef4a9a2b0 Thread C:\windows\System32\svchost.exe [564:2384] 000007fefba888f8 Thread C:\windows\System32\svchost.exe [564:5788] 000007feeb0f8a4c Thread C:\windows\system32\svchost.exe [1028:3616] 000007fef5bd506c Thread C:\windows\system32\svchost.exe [1028:3620] 000007fef5c21c20 Thread C:\windows\system32\svchost.exe [1028:3624] 000007fef5c21c20 Thread C:\windows\system32\svchost.exe [1028:3872] 000007fef57b84d8 Thread C:\windows\system32\svchost.exe [1028:4012] 000007fef57723a8 Thread C:\windows\system32\svchost.exe [1028:4040] 000007fef57f0d00 Thread C:\windows\system32\svchost.exe [1028:4044] 000007fef5599498 Thread C:\windows\system32\svchost.exe [1028:4504] 000007fefbc35124 Thread C:\windows\system32\svchost.exe [1028:3684] 000007fef24926e0 Thread C:\windows\system32\svchost.exe [1028:6124] 000007fef60317f8 Thread C:\windows\system32\svchost.exe [1028:5800] 000007fef60317f8 Thread C:\windows\system32\svchost.exe [1028:6392] 000007feec56e1c4 Thread C:\windows\system32\svchost.exe [1028:7108] 000007fef4b04164 Thread C:\windows\system32\svchost.exe [1028:6212] 000007fef8ef1ab0 Thread C:\windows\system32\svchost.exe [1028:2044] 000007fef60317f8 Thread C:\windows\system32\svchost.exe [1028:812] 000007fef60317f8 Thread C:\windows\system32\svchost.exe [1028:1436] 000007fef60317f8 Thread C:\windows\system32\svchost.exe [1028:2636] 000007fef6d3b68c Thread C:\windows\System32\spoolsv.exe [1572:440] 000007fef67d10c8 Thread C:\windows\System32\spoolsv.exe [1572:1372] 000007fef6796144 Thread C:\windows\System32\spoolsv.exe [1572:3052] 000007fef6a15fd0 Thread C:\windows\System32\spoolsv.exe [1572:2056] 000007fefa963438 Thread C:\windows\System32\spoolsv.exe [1572:1652] 000007fef6a163ec Thread C:\windows\System32\spoolsv.exe [1572:3016] 000007fef6865e5c Thread C:\windows\System32\spoolsv.exe [1572:1504] 000007fef6895074 Thread C:\windows\System32\spoolsv.exe [1572:2524] 000007fef6828760 Thread C:\windows\system32\Dwm.exe [1672:1852] 000007fef9a9f0d8 Thread C:\windows\system32\Dwm.exe [1672:1856] 000007fef90aabf0 Thread C:\windows\system32\svchost.exe [1748:1416] 000007fef4fa2940 Thread C:\windows\system32\taskhost.exe [1788:1868] 000007fef9082740 Thread C:\windows\system32\taskhost.exe [1788:2032] 000007fef9061f38 Thread C:\windows\system32\taskhost.exe [1788:1180] 000007fef9931010 Thread C:\windows\system32\taskhost.exe [1788:1704] 000007fef8ab5170 Thread C:\windows\system32\svchost.exe [1320:2064] 000007fefdd7a808 Thread C:\windows\system32\svchost.exe [1320:2068] 000007fef7eb6e5c Thread C:\windows\system32\svchost.exe [1320:2072] 000007fef7eb5708 Thread C:\windows\system32\svchost.exe [2364:464] 000007fefa963438 Thread C:\windows\system32\svchost.exe [2364:436] 000000000052a82c Thread C:\windows\system32\svchost.exe [2364:444] 000000000052a82c Thread C:\windows\system32\svchost.exe [2364:2556] 000000000052a82c Thread C:\windows\system32\svchost.exe [2364:2452] 000007fef993a850 Thread C:\windows\System32\svchost.exe [3240:3820] 000007fef5d39688 Thread C:\windows\System32\WUDFHost.exe [4176:4252] 000007fef47324a0 Thread C:\Windows\System32\rundll32.exe [4984:5088] 0000000180095c90 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5380:5476] 000007fefafe2bf8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\88532e003e75 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4749f59338f Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca97107b376 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca971544231 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca971544231@18002daf6d41 0x5B 0xDC 0x5D 0x8E ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\88532e003e75 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4749f59338f (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca97107b376 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca971544231 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca971544231@18002daf6d41 0x5B 0xDC 0x5D 0x8E ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----