GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-01-01 13:33:51 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000062 WDC_WD25 rev.11.0 232,89GB Running: x246rl52.exe; Driver: C:\Users\WIESAW~1\AppData\Local\Temp\pwliafoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f81465 2 bytes [F8, 75] .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f814bb 2 bytes [F8, 75] .text ... * 2 .text C:\Users\Wiesław\Desktop\FIX\PROCESSEXPLORER\PROCEXP.EXE[1192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f81465 2 bytes [F8, 75] .text C:\Users\Wiesław\Desktop\FIX\PROCESSEXPLORER\PROCEXP.EXE[1192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f814bb 2 bytes [F8, 75] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\svchost.exe [912:1852] 000007fef6250ea8 Thread C:\Windows\system32\svchost.exe [912:1856] 000007fef6249db0 Thread C:\Windows\system32\svchost.exe [912:1928] 000007fef6251c94 Thread C:\Windows\system32\svchost.exe [912:3620] 000007fef624aa10 Thread C:\Windows\System32\svchost.exe [2004:3092] 000007fef7da9688 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002185825df4 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002185825df4 (not active ControlSet) ---- EOF - GMER 2.1 ----