GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-11 20:21:16
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0
Running: lq9krbri.exe; Driver: C:\Users\Olga\AppData\Local\Temp\aftcyaog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKey + 13D1                                                                    82E7A369 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           82EB3D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE            spsys.sys!?SPRevision@@3PADA + 4F90                                                              B204A000 154 Bytes  [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 502B                                                              B204A09B 135 Bytes  [8B, FF, 55, 8B, EC, E8, 31, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 50B3                                                              B204A123 629 Bytes  [55, 04, B2, FE, 05, 34, 55, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 5329                                                              B204A399 101 Bytes  [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 538F                                                              B204A3FF 148 Bytes  [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE            ...                                                                                              

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\Explorer.EXE[1820] SHELL32.dll!SHFormatDrive + 7D3                                    76894878 8 Bytes  [E0, 10, 60, 19, 00, 11, 60, ...] {LOOPNZ 0x12; PUSHA ; SBB [EAX], EAX; ADC [EAX+0x19], ESP}

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\BTHUSB \Device\00000084                                                                  bthport.sys (Sterownik magistrali Bluetooth/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\00000086                                                                  bthport.sys (Sterownik magistrali Bluetooth/Microsoft Corporation)
Device          \Driver\ACPI_HAL \Device\0000004e                                                                halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac7289ad6154                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch                                 788
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac7289ad6154 (not active ControlSet)  

---- EOF - GMER 1.0.15 ----