GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-07-21 20:11:37
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0002 465,76GB
Running: uwtwo5db.exe; Driver: C:\Users\iwa\AppData\Local\Temp\uxriipow.sys

---- Processes - GMER 2.1 ----

Library  C:\Users\iwa\AppData\Roaming\Copy\overlay\CopyShExt.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1096] (Copy Shell Extensions/Barracuda Networks, Inc.)(2013-05-18 19:37:47)  000007fef9dc0000
Library  C:\Users\iwa\AppData\Roaming\Copy\overlay\Brt.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1096](2013-05-18 19:37:47)                                                         000007fef93e0000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00116774d494                                                                                                          
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00116774d494@0cddef46d49b                                                                                             0x7B 0xD8 0x44 0xF0 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00116774d494@8c3ae3c7d8a2                                                                                             0x1B 0x59 0x62 0x41 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Configurations@SymbolicLinkValue                                                                                                0x5C 0x00 0x52 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Data@SymbolicLinkValue                                                                                                          0x5C 0x00 0x52 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Options@SymbolicLinkValue                                                                                                       0x5C 0x00 0x52 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00116774d494 (not active ControlSet)                                                                                      
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00116774d494@0cddef46d49b                                                                                                 0x7B 0xD8 0x44 0xF0 ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00116774d494@8c3ae3c7d8a2                                                                                                 0x1B 0x59 0x62 0x41 ...
Reg      HKLM\SYSTEM\ControlSet002\services\cmdAgent\Mode\Configurations@SymbolicLinkValue                                                                                                    0x5C 0x00 0x52 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\services\cmdAgent\Mode\Data@SymbolicLinkValue                                                                                                              0x5C 0x00 0x52 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\services\cmdAgent\Mode\Options@SymbolicLinkValue                                                                                                           0x5C 0x00 0x52 0x00 ...
Reg      HKLM\SYSTEM\Software\COMODO\Cam@SymbolicLinkValue                                                                                                                                    0x5C 0x00 0x52 0x00 ...
Reg      HKLM\SYSTEM\Software\COMODO\Firewall Pro@SymbolicLinkValue                                                                                                                           0x5C 0x00 0x52 0x00 ...

---- EOF - GMER 2.1 ----