GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-01-13 21:49:53 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.01.0 698,64GB Running: ee9ce9gs.exe; Driver: C:\Users\MICHA~1\AppData\Local\Temp\uwloypow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002ff1000 63 bytes [43, 4D, 33, 31, 05, 00, 00, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592 fffff80002ff1040 13 bytes [01, 80, AC, 16, A0, F8, FF, ...] ---- User code sections - GMER 2.1 ---- .text D:\Programy\Avast\avastui.exe[3300] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000762a8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\AUDIODG.EXE [1060:5368] 00000000745e5e90 Thread C:\Windows\system32\AUDIODG.EXE [1060:3780] 00000000745e6010 Thread C:\Windows\system32\AUDIODG.EXE [1060:4516] 00000000745f8e8c Thread C:\Windows\system32\AUDIODG.EXE [1060:3848] 00000000745f8ff0 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Winlogon\Notifications\Components\TrustedInstaller@Events CreateSession Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca9716be46d Reg HKLM\SYSTEM\CurrentControlSet\services\TrustedInstaller@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\TrustedInstaller Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca9716be46d (not active ControlSet) ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.1 ---- File C:\ProgramData\Microsoft\RAC\Temp\sqlD0EA.tmp 20480 bytes File C:\ProgramData\Microsoft\RAC\Temp\sqlD0FB.tmp 20480 bytes ---- EOF - GMER 2.1 ----