GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-12-02 00:36:37 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 SAMSUNG_HD502HI rev.1AG01118 465,76GB Running: ejhf2v31.exe; Driver: C:\Users\Adrian\AppData\Local\Temp\uxldrpod.sys ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [880:908] 000007fefbd8dc50 Thread C:\Windows\System32\svchost.exe [880:912] 000007fefbda28b0 Thread C:\Windows\System32\svchost.exe [880:140] 000007fefbaaf2f4 Thread C:\Windows\System32\svchost.exe [880:324] 000007fefb8f6204 Thread C:\Windows\System32\svchost.exe [880:1120] 000007fefa725428 Thread C:\Windows\System32\svchost.exe [880:1528] 000007fefbd8d604 Thread C:\Windows\System32\svchost.exe [880:1544] 000007fefbd8d604 Thread C:\Windows\System32\svchost.exe [880:1548] 000007fefbd8d604 Thread C:\Windows\System32\svchost.exe [880:2920] 000007fef57f6b8c Thread C:\Windows\System32\svchost.exe [880:624] 000007fef57f1d88 Thread C:\Windows\System32\svchost.exe [880:2380] 000007fefa922070 Thread C:\Windows\System32\svchost.exe [880:4028] 000007fef5945fd0 Thread C:\Windows\System32\svchost.exe [924:232] 000007fefbaaf2f4 Thread C:\Windows\System32\svchost.exe [924:236] 000007fefb8f6204 Thread C:\Windows\System32\svchost.exe [924:304] 000007fefaad331c Thread C:\Windows\System32\svchost.exe [924:1048] 000007fefa932d7c Thread C:\Windows\System32\svchost.exe [924:2332] 000007fef6cc20c0 Thread C:\Windows\System32\svchost.exe [924:2340] 000007fef6cc26a8 Thread C:\Windows\System32\svchost.exe [924:2344] 000007fef6cc29dc Thread C:\Windows\System32\svchost.exe [924:2980] 000007fef8cc88f8 Thread C:\Windows\system32\svchost.exe [952:2160] 000007fef79c0ea8 Thread C:\Windows\system32\svchost.exe [952:2348] 000007fef79b9db0 Thread C:\Windows\system32\svchost.exe [952:2516] 000007fef79c1c94 Thread C:\Windows\system32\svchost.exe [952:2284] 000007fef79baa10 Thread C:\Windows\system32\svchost.exe [952:3832] 000007fef2f3d3c8 Thread C:\Windows\system32\svchost.exe [952:2572] 000007fef2f3d3c8 Thread C:\Windows\system32\svchost.exe [952:4060] 000007fef2f3d3c8 Thread C:\Windows\system32\svchost.exe [952:3768] 000007fef2f3d3c8 Thread C:\Windows\system32\svchost.exe [952:3748] 000007fef8166ed4 Thread C:\Windows\system32\svchost.exe [952:2292] 000007fef8166b8c Thread C:\Windows\system32\svchost.exe [976:1152] 000007fefa481a50 Thread C:\Windows\system32\svchost.exe [976:4068] 000007fef27c506c Thread C:\Windows\system32\svchost.exe [976:4076] 000007fefabc1c20 Thread C:\Windows\system32\svchost.exe [976:4080] 000007fefabc1c20 Thread C:\Windows\system32\svchost.exe [976:3896] 000007fef9365124 Thread C:\Windows\system32\svchost.exe [976:3824] 000007fef8184164 Thread C:\Windows\system32\svchost.exe [976:1992] 000007fef7e41ab0 Thread C:\Windows\system32\svchost.exe [520:1136] 000007fefaee8274 Thread C:\Windows\system32\svchost.exe [520:1052] 000007fefaee8274 Thread C:\Windows\system32\svchost.exe [1060:1092] 000007fefa8a341c Thread C:\Windows\system32\svchost.exe [1060:1096] 000007fefa8a3a2c Thread C:\Windows\system32\svchost.exe [1060:1100] 000007fefa8a3768 Thread C:\Windows\system32\svchost.exe [1060:1104] 000007fefa8a5c20 Thread C:\Windows\system32\svchost.exe [1060:1540] 000007fef938bd88 Thread C:\Windows\system32\svchost.exe [1060:1912] 000007fef81e5170 Thread C:\Windows\system32\svchost.exe [1060:308] 000007fef9365124 Thread C:\Windows\system32\svchost.exe [1060:760] 000007fefa8a3900 Thread C:\Windows\System32\spoolsv.exe [1168:2064] 000007fef5b910c8 Thread C:\Windows\System32\spoolsv.exe [1168:2092] 000007fef5b56144 Thread C:\Windows\System32\spoolsv.exe [1168:2096] 000007fef5945fd0 Thread C:\Windows\System32\spoolsv.exe [1168:2100] 000007fef5933438 Thread C:\Windows\System32\spoolsv.exe [1168:2104] 000007fef59463ec Thread C:\Windows\System32\spoolsv.exe [1168:2112] 000007fef7295e5c Thread C:\Windows\System32\spoolsv.exe [1168:2116] 000007fef7745074 Thread C:\Windows\System32\spoolsv.exe [1168:2500] 000007fef77b2288 Thread C:\Windows\system32\svchost.exe [1204:1228] 000007fefc821a70 Thread C:\Windows\system32\svchost.exe [1204:1236] 000007fefc821a70 Thread C:\Windows\system32\svchost.exe [1204:1252] 000007fefc821a70 Thread C:\Windows\system32\svchost.exe [1204:1276] 000007fefa302c70 Thread C:\Windows\system32\svchost.exe [1204:1288] 000007fefa30fb40 Thread C:\Windows\system32\svchost.exe [1204:1296] 000007fefa321d20 Thread C:\Windows\system32\svchost.exe [1204:1300] 000007fefa30f6f0 Thread C:\Windows\system32\svchost.exe [1204:1440] 000007fef9ef35c0 Thread C:\Windows\system32\svchost.exe [1204:2168] 000007fef9ef5600 Thread C:\Windows\system32\svchost.exe [1204:2308] 000007fef6cf2940 Thread C:\Windows\system32\svchost.exe [1204:2312] 000007fef6cd2888 Thread C:\Windows\system32\svchost.exe [1204:920] 000007fef6cd2a40 Thread C:\Windows\System32\svchost.exe [1820:2420] 000007fefabf9688 Thread C:\Windows\system32\taskhost.exe [1108:1520] 000007fef78d2740 Thread C:\Windows\system32\taskhost.exe [1108:1848] 000007fef7871f38 Thread C:\Windows\system32\taskhost.exe [1108:2016] 000007fef9541010 Thread C:\Windows\Explorer.EXE [1476:2568] 000007fef6852154 Thread C:\Windows\Explorer.EXE [1476:2892] 000007fefb8f6204 Thread C:\Windows\Explorer.EXE [1476:2620] 000007fef2db2118 Thread C:\Windows\Explorer.EXE [1476:2172] 000007fefeb76448 Thread C:\Windows\system32\svchost.exe [2748:1036] 000007fef34d8470 Thread C:\Windows\system32\svchost.exe [2748:2872] 000007fef34e2418 Thread C:\Windows\system32\svchost.exe [2748:2552] 000007fef5945fd0 Thread C:\Windows\system32\svchost.exe [2748:2544] 000007fef59463ec Thread C:\Windows\system32\DllHost.exe [376:2760] 000007fef81e5170 Thread C:\Users\Adrian\Desktop\30,11,2014\LeagueSharp.Loader.exe [1816:2280] 000000007300aec5 Thread C:\Users\Adrian\Desktop\30,11,2014\LeagueSharp.Loader.exe [1816:3104] 00000000750de771 Thread C:\Users\Adrian\Desktop\30,11,2014\LeagueSharp.Loader.exe [1816:4084] 0000000061cd55e7 Thread C:\Users\Adrian\Desktop\30,11,2014\LeagueSharp.Loader.exe [1816:3292] 000000006171e99b Thread C:\Users\Adrian\Desktop\30,11,2014\LeagueSharp.Loader.exe [1816:1356] 00000000720d32fb Thread C:\Users\Adrian\Desktop\30,11,2014\LeagueSharp.Loader.exe [1816:3940] 000000006171e99b Thread C:\Users\Adrian\Desktop\30,11,2014\LeagueSharp.Loader.exe [1816:612] 000000006171e99b Thread C:\Users\Adrian\Desktop\30,11,2014\LeagueSharp.Loader.exe [1816:1184] 0000000066e9784b Thread [1752:3584] 000000005e434abd Thread [1752:1880] 000000005b2bd1c0 Thread [1752:3452] 000000005b2bd1c0 Thread [1752:2936] 0000000077232e65 Thread [1752:3920] 0000000077233e85 Thread [1752:3076] 000000005b2bd1c0 Thread [1752:3196] 000000005b2bd1c0 Thread [1752:3612] 00000000624e27e1 Thread [1752:3696] 0000000077233e85 ---- Registry - GMER 2.1 ---- Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3531A543-B57D-3BC6-DCA3-B9E41B275812} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3531A543-B57D-3BC6-DCA3-B9E41B275812}@maildnacpdpeldolcojpcadfnp 0x6F 0x61 0x62 0x65 ... ---- Files - GMER 2.1 ---- File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\h2fdfb30.default-1417299248548\cache2\entries\BB80147F07E736DF5F5ED72BE83E5AFFB07BA48B 3469 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\h2fdfb30.default-1417299248548\cache2\entries\F2F23A042C677405CDF00DB68CC1E0117B15E4EF 0 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\h2fdfb30.default-1417299248548\cache2\entries\A96829F6E9C188467FFB454DF118AA96EB239BFE 4235 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\h2fdfb30.default-1417299248548\cache2\entries\A1185054918A217461B2A48CAE92EA598A084133 0 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\h2fdfb30.default-1417299248548\cache2\entries\12DBADD24644762FD4E1ED01E61B5DB7A2EB7BBE 225352 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\h2fdfb30.default-1417299248548\cache2\entries\B8E5BBDFCCE7C7D04D08EC838F1D199BED4FD890 3374 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\h2fdfb30.default-1417299248548\cache2\entries\B29A4F9C0576577C394D4CE72AF992C78B4BFD59 3553 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\h2fdfb30.default-1417299248548\cache2\entries\4CD7DDA20579BA37DD819C9040493025457B3E72 34198 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\h2fdfb30.default-1417299248548\cache2\entries\ADBEDC7DCF5603EAD4D399A80E099F2018B20766 3441 bytes ---- EOF - GMER 2.1 ----