GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-12-10 19:19:42 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 298,09GB Running: GMER.exe; Driver: C:\Users\Paulinka\AppData\Local\Temp\ffldypog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003807000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff8000380702f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[2924] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075831465 2 bytes [83, 75] .text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[2924] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000758314bb 2 bytes [83, 75] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [3444:1448] 000007feee4e9688 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076a107a4 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076a107a4@78595ec0473d 0x48 0xF6 0x2E 0xAC ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076a107a4@7c61935009a6 0xAB 0x80 0x43 0xC5 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076a107a4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076a107a4@78595ec0473d 0x48 0xF6 0x2E 0xAC ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076a107a4@7c61935009a6 0xAB 0x80 0x43 0xC5 ... ---- EOF - GMER 2.1 ----