GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-08-06 08:30:51 Windows 6.0.6002 Service Pack 2 Running: 06nwy2ks.exe; Driver: C:\Users\Admin\AppData\Local\Temp\pwlcrpod.sys ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1700] kernel32.dll!SetUnhandledExceptionFilter 76C5A84F 4 Bytes [C2, 04, 00, 00] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74977817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [749CA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7497BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7496F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [749775E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7496E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [749A8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7497DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7496FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7496FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749671CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [749FCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7499C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7496D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74966853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7496687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74972AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018f337f16b Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bfc143842 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bfc143842@002345d4f191 0xFD 0x0F 0x6B 0x3E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bfc143842@00e091f8deaa 0xC1 0xE3 0x4F 0xF4 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0018f337f16b (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001bfc143842 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001bfc143842@002345d4f191 0xFD 0x0F 0x6B 0x3E ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001bfc143842@00e091f8deaa 0xC1 0xE3 0x4F 0xF4 ... Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0018f337f16b (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001bfc143842 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001bfc143842@002345d4f191 0xFD 0x0F 0x6B 0x3E ... Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001bfc143842@00e091f8deaa 0xC1 0xE3 0x4F 0xF4 ... ---- EOF - GMER 1.0.15 ----