GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-03-30 17:45:53 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS542525K9SA00 rev.BBFOC31P Running: gmer.exe; Driver: C:\Users\Radzio\AppData\Local\Temp\pxdiqpow.sys ---- Kernel code sections - GMER 1.0.15 ---- .INIT C:\Windows\System32\DRIVERS\netbt.sys entry point in ".INIT" section [0x8E7CE322] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3252] USER32.dll!InSendMessageEx + 4C9 762BE7C8 7 Bytes JMP 00A03460 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3252] USER32.dll!CreateIconFromResourceEx + 340 762C0E45 7 Bytes JMP 00A03310 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3252] USER32.dll!DdeQueryStringW + 5CE 762DFA2D 7 Bytes JMP 00A03440 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3252] USER32.dll!MessageBoxIndirectA + F5 7630D5CE 7 Bytes JMP 00A034B0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3252] USER32.dll!MessageBoxIndirectW + 61 7630D634 7 Bytes JMP 00A03580 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3252] USER32.dll!MessageBoxExA + 1F 7630D658 7 Bytes JMP 00A03530 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [746D7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7472A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [746DBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [746CF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [746D75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [746CE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74708395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [746DDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [746CFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [746CFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [746C71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7475CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [746FC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [746CD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [746C6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [746C687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [746D2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \Driver\BTHUSB \Device\0000006c bthport.sys (Sterownik magistrali Bluetooth/Microsoft Corporation) Device \Driver\BTHUSB \Device\0000006e bthport.sys (Sterownik magistrali Bluetooth/Microsoft Corporation) Device \Driver\00000717 \GLOBAL??\ACPI#PNP0303#2&da1a3ff&0 869C9B80 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0030914011e4 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0030914011e4@58170cf4cebe 0x8E 0x5A 0x28 0xD9 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0030914011e4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0030914011e4@58170cf4cebe 0x8E 0x5A 0x28 0xD9 ... ---- EOF - GMER 1.0.15 ----