GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-09-23 00:14:31 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006a ST1000LM rev.DEMA 931,51GB Running: bx1bczun.exe; Driver: C:\Users\Stefan\AppData\Local\Temp\uxlcypow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6044] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076be1401 2 bytes JMP 7630b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6044] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076be1419 2 bytes JMP 7630b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076be1431 2 bytes JMP 76388f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076be144a 2 bytes CALL 762e4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6044] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076be14dd 2 bytes JMP 76388832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6044] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076be14f5 2 bytes JMP 76388a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6044] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076be150d 2 bytes JMP 76388728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6044] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076be1525 2 bytes JMP 76388af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6044] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076be153d 2 bytes JMP 762ffc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6044] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076be1555 2 bytes JMP 763068df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6044] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076be156d 2 bytes JMP 76388ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6044] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076be1585 2 bytes JMP 76388b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6044] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076be159d 2 bytes JMP 763886ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6044] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076be15b5 2 bytes JMP 762ffd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6044] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076be15cd 2 bytes JMP 7630b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6044] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076be16b2 2 bytes JMP 76388eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6044] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076be16bd 2 bytes JMP 76388681 C:\Windows\syswow64\kernel32.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\mfevtps.exe[2472] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryA] [13f05bbe0] C:\Windows\system32\mfevtps.exe ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\80000b638ca5 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\80000b638ca5 (not active ControlSet) ---- EOF - GMER 2.1 ----