GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-03-15 13:40:30 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000079 ST320LM0 rev.2AR1 298,09GB Running: 4w6qvtr9.exe; Driver: C:\Users\Maciej\AppData\Local\Temp\awrdrpog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800033f9000 64 bytes [00, D0, B1, 09, 80, FA, FF, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 594 fffff800033f9042 10 bytes [00, 00, A0, F8, FF, FF, 01, ...] ---- Processes - GMER 2.1 ---- Process C:\Users\Maciej\AppData\Roaming\SubFolderName\FileName.exe (*** suspicious ***) @ C:\Users\Maciej\AppData\Roaming\SubFolderName\FileName.exe [5076] (CyberLink )(2014-01-21 21:43:03) 0000000000400000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???j????BTHENUM\{00001105-0000-1000-8000-00805f9b34fb}_VID&00010002_PID&0001?BTHENUM\{00001105-0000-1000-8000-00805f9b34fb}_LOCALMFG&0045???????BTHENUM\{00001105-0000-1000-8000-00805f9b34fb}??????? ?????????????????????0??L????????? ??????y?y????????????????????.??????m??s???????????????????????????????????10??????????????????????????????????????????????????????????????????????????????????????? ??????????ds0?????????????????????3???????????????????????tunnel???~?????????????????????????????????????????????????????????????????exe??????????????????????????????????????????????????????????????????????????????????????????????????????????????????&???&?Norton Firewall FILTER STEALTH UDP_V4??????????????????????????????????????????????????????? ??????????? ????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P?????????????P??????????? ???????????|E??@%SystemRoot%\system32\drivers\fvevol.sys,-100??????? ???????s???????????f?;????????\???&?????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9cb70dc4fa8e Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9cb70dc4fa8e@b80305aa9717 0xA5 0xBC 0x02 0xC5 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc773702cb9a Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9cb70dc4fa8e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9cb70dc4fa8e@b80305aa9717 0xA5 0xBC 0x02 0xC5 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc773702cb9a (not active ControlSet) ---- EOF - GMER 2.1 ----