GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-07-29 20:03:33 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000064 ST320LT0 rev.0003 298,09GB Running: k2b8npbx.exe; Driver: C:\Users\Jola\AppData\Local\Temp\kftcraog.sys ---- Threads - GMER 2.1 ---- Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2708:2848] 0000000075b37587 Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2708:2724] 0000000077901415 Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2708:3004] 0000000073b6345e Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2708:2988] 00000000749c785a Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2708:3584] 0000000073b6345e Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2708:3588] 000000007466ff83 Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2708:3652] 000000007466ff83 Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2708:3656] 0000000074666447 Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2708:3660] 0000000073b6345e Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2708:4020] 000000007497247a Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2708:296] 0000000073b6345e Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2708:4128] 0000000073b6345e Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2708:4492] 0000000077912855 Thread C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [3596:4116] 0000000075b37587 Thread C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [3596:4120] 0000000077901415 Thread C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [3596:4124] 0000000077912855 Thread C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [3596:5112] 00000000651a4cab Thread C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [3596:2244] 00000000651b6471 Thread C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [3596:700] 0000000077912855 ---- Processes - GMER 2.1 ---- Library C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{418EA28C-30AF-4206-BA91-1E78F91B0F2C}\mpengine.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [2768] 000007fedfd80000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f4b7e2391d84 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f4b7e2391d84 (not active ControlSet) Reg HKLM\SYSTEM\Setup\MoSetup@CorrelationVector 9YYNJC1+jEyb08KH.5 Reg HKLM\SYSTEM\Setup\MoSetup\Volatile@BoxHash 86D8E50A8EC8974B0E10ED40DC873380B5A0327F Reg HKLM\SYSTEM\Setup\MoSetup\Volatile@InstallTicks 269 Reg HKLM\SYSTEM\Setup\MoSetup\Volatile@BoxResult 0 ---- Files - GMER 2.1 ---- File C:\ProgramData\Microsoft\RAC\Temp\sqlEE75.tmp 20480 bytes File C:\ProgramData\Microsoft\RAC\Temp\sqlF172.tmp 20480 bytes ---- EOF - GMER 2.1 ----