GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-07-28 21:30:10
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST960813AS rev.3.BHD 55,90GB
Running: xo0ug4t9.exe; Driver: C:\Users\PATRYK\AppData\Local\Temp\kwrdipog.sys


---- Kernel code sections - GMER 2.1 ----

.text   ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                                                       8287CA15 1 Byte  [06]
.text   ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                         828B6212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text   C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                       section is writeable [0x8C609000, 0x2678C8, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text   C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1696] kernel32.dll!SetUnhandledExceptionFilter                             763EF5AB 4 Bytes  [C2, 04, 00, 00]
.text   C:\Program Files\Internet Explorer\iexplore.exe[3560] shell32.DLL!RealDriveType + 173D                                         765CFD70 4 Bytes  [FB, D3, AD, 6D]
.text   C:\Program Files\Internet Explorer\iexplore.exe[3560] shell32.DLL!RealDriveType + 1745                                         765CFD78 8 Bytes  [13, 64, AC, 6D, 5E, D3, AD, ...]
.text   C:\Program Files\Internet Explorer\iexplore.exe[3600] shell32.DLL!RealDriveType + 173D                                         765CFD70 4 Bytes  [FB, D3, AD, 6D]
.text   C:\Program Files\Internet Explorer\iexplore.exe[3600] shell32.DLL!RealDriveType + 1745                                         765CFD78 8 Bytes  [13, 64, AC, 6D, 5E, D3, AD, ...]

---- Devices - GMER 2.1 ----

Device  \Driver\BTHUSB \Device\0000007c                                                                                                bthport.sys
Device  \Driver\BTHUSB \Device\0000007e                                                                                                bthport.sys

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6b1817ac                                                    
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6b1817ac (not active ControlSet)                                
Reg     HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C287D8E-B554-49FB-9597-648692945529}              
Reg     HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C287D8E-B554-49FB-9597-648692945529}              
Reg     HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C287D8E-B554-49FB-9597-648692945529}@Path         \Microsoft\Windows Defender\MP Scheduled Scan
Reg     HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C287D8E-B554-49FB-9597-648692945529}@Hash         0xD5 0xF0 0x90 0x80 ...
Reg     HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C287D8E-B554-49FB-9597-648692945529}@Triggers     0x15 0x00 0x00 0x00 ...
Reg     HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C287D8E-B554-49FB-9597-648692945529}@DynamicInfo  0x03 0x00 0x00 0x00 ...
Reg     HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan@Id      {3C287D8E-B554-49FB-9597-648692945529}

---- EOF - GMER 2.1 ----