GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2014-10-16 23:35:02 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.MH00 465,76GB Running: m57g1hli.exe; Driver: C:\Users\Wojtek\AppData\Local\Temp\fgrcrfoc.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000164200 7 bytes [40, A3, F3, FF, 01, B5, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000164208 3 bytes [C0, 06, 02] ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac728918ccfb Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac728918ccfb@f0e77e4dd9d0 0xBC 0xE3 0xDE 0x0D ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac728918ccfb@28987bee85a0 0x9F 0x25 0xA8 0xC3 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac728918ccfb@c4731e04b128 0xA1 0xFF 0x31 0xE9 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac728918ccfb (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac728918ccfb@f0e77e4dd9d0 0xBC 0xE3 0xDE 0x0D ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac728918ccfb@28987bee85a0 0x9F 0x25 0xA8 0xC3 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac728918ccfb@c4731e04b128 0xA1 0xFF 0x31 0xE9 ... Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Wojtek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWJTQHYL\aulauncher.exe 1 ---- EOF - GMER 2.1 ----