GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-02-21 19:50:34 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 298,09GB Running: 69237xn5.exe; Driver: C:\Users\media\AppData\Local\Temp\fwddikob.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 532 fffff800037f2004 23 bytes [48, 89, 5C, 24, 08, 57, 48, ...] INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 556 fffff800037f201c 33 bytes {CMP EDX, ECX; JNZ 0xb; XOR EAX, EAX; JMP 0x90} ---- User code sections - GMER 2.1 ---- .text C:\Users\media\Desktop\Nowy folder\OTL.exe[1124] C:\windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000076391465 2 bytes [39, 76] .text C:\Users\media\Desktop\Nowy folder\OTL.exe[1124] C:\windows\syswow64\PSAPI.dll!GetModuleInformation + 155 00000000763914bb 2 bytes [39, 76] .text ... * 2 ---- Processes - GMER 2.1 ---- Library C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DA1CA065-83AE-4EFD-82A1-5B99DDD56A0A}\offreg.dll (*** suspicious ***) @ C:\windows\System32\svchost.exe [1364](2014-02-21 18:14:09) 000007fefbf70000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654edff Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f652 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6864 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6982 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654edff (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f652 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6864 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6982 (not active ControlSet) ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----