GMER 2.0.18444 - http://www.gmer.net Rootkit scan 2013-01-19 19:30:49 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1 465,76GB Running: gmer.exe; Driver: C:\Users\Szczepan\AppData\Local\Temp\fxlcrpod.sys ---- User code sections - GMER 2.0 ---- .text C:\Users\Szczepan\Desktop\gmer.exe[5296] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076192a62 5 bytes JMP 0000000173ba4540 .text C:\Users\Szczepan\Desktop\gmer.exe[5296] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077041401 2 bytes [04, 77] .text C:\Users\Szczepan\Desktop\gmer.exe[5296] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077041419 2 bytes [04, 77] .text C:\Users\Szczepan\Desktop\gmer.exe[5296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077041431 2 bytes [04, 77] .text C:\Users\Szczepan\Desktop\gmer.exe[5296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007704144a 2 bytes [04, 77] .text ... * 9 .text C:\Users\Szczepan\Desktop\gmer.exe[5296] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000770414dd 2 bytes [04, 77] .text C:\Users\Szczepan\Desktop\gmer.exe[5296] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000770414f5 2 bytes [04, 77] .text C:\Users\Szczepan\Desktop\gmer.exe[5296] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007704150d 2 bytes [04, 77] .text C:\Users\Szczepan\Desktop\gmer.exe[5296] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077041525 2 bytes [04, 77] .text C:\Users\Szczepan\Desktop\gmer.exe[5296] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007704153d 2 bytes [04, 77] .text C:\Users\Szczepan\Desktop\gmer.exe[5296] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077041555 2 bytes [04, 77] .text C:\Users\Szczepan\Desktop\gmer.exe[5296] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007704156d 2 bytes [04, 77] .text C:\Users\Szczepan\Desktop\gmer.exe[5296] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077041585 2 bytes [04, 77] .text C:\Users\Szczepan\Desktop\gmer.exe[5296] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007704159d 2 bytes [04, 77] .text C:\Users\Szczepan\Desktop\gmer.exe[5296] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000770415b5 2 bytes [04, 77] .text C:\Users\Szczepan\Desktop\gmer.exe[5296] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000770415cd 2 bytes [04, 77] .text C:\Users\Szczepan\Desktop\gmer.exe[5296] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000770416b2 2 bytes [04, 77] .text C:\Users\Szczepan\Desktop\gmer.exe[5296] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000770416bd 2 bytes [04, 77] ---- User IAT/EAT - GMER 2.0 ---- IAT C:\Windows\system32\mfevtps.exe[1152] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryA] [13f3db9a0] C:\Windows\system32\mfevtps.exe ---- Threads - GMER 2.0 ---- Thread C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2544:3012] 00000000730717a4 Thread C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2544:4900] 0000000072d6345e Thread C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2072:1316] 0000000010013c60 Thread C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2072:3276] 00000000730717a4 Thread C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2072:5616] 00000000100065d0 Thread C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe [3808:3824] 0000000073db29e1 Thread C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe [3808:3828] 0000000073db29e1 Thread C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe [3808:3832] 0000000077cd2e3e Thread C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe [3808:3848] 0000000073db29e1 Thread C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe [3808:3852] 0000000073db29e1 Thread C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe [3808:3856] 0000000073db29e1 Thread C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe [3808:3868] 0000000073db29e1 Thread C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe [3808:3872] 0000000073db29e1 Thread C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe [3808:3888] 0000000071591c7e Thread C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe [3808:3892] 0000000071591c7e Thread C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe [3808:3896] 0000000071591c7e Thread C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe [3808:3900] 0000000071591c7e Thread C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe [3808:3904] 0000000071591c7e Thread C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe [3808:3908] 0000000077cd3e59 Thread C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe [3808:3912] 0000000077cd3e59 Thread C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe [3808:2028] 0000000073db29e1 Thread C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe [3808:5844] 0000000077cd3e59 Thread C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [3920:3936] 0000000070b4ec1f Thread C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [3920:3940] 0000000070b97e6b Thread C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [3920:4280] 0000000072ec7861 Thread C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [3920:4832] 0000000070ae24cb Thread C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [3920:2608] 0000000070b97e6b Thread C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [3920:2648] 0000000070ad60b7 Thread C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [3920:5060] 0000000070d820ec Thread C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [3920:4544] 0000000070b97e6b Thread C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [3920:3160] 0000000070b97e6b Thread C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [3920:4820] 0000000070b97e6b Thread C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [5024:4916] 00000000730717a4 Thread C:\Program Files (x86)\Opera\opera.exe [5404:5388] 0000000077cd2e3e Thread C:\Program Files (x86)\Opera\opera.exe [5404:4808] 00000000665690a1 Thread C:\Program Files (x86)\Opera\opera.exe [5404:1180] 00000000664c7edf Thread C:\Program Files (x86)\Opera\opera.exe [5404:3988] 00000000664c7edf Thread C:\Program Files (x86)\Opera\opera.exe [5404:3996] 00000000664c7edf Thread C:\Program Files (x86)\Opera\opera.exe [5404:5480] 00000000664c7edf Thread C:\Program Files (x86)\Opera\opera.exe [5404:2776] 00000000664c7edf Thread C:\Program Files (x86)\Opera\opera.exe [5404:5888] 00000000664c7edf Thread C:\Program Files (x86)\Opera\opera.exe [5404:2532] 00000000664c7edf Thread C:\Program Files (x86)\Opera\opera.exe [5404:2756] 00000000664c7edf Thread C:\Program Files (x86)\Opera\opera.exe [5404:4316] 0000000075246f14 Thread C:\Program Files (x86)\Opera\opera.exe [5404:1920] 00000000756245e9 Thread C:\Program Files (x86)\Opera\opera.exe [5404:2508] 0000000077cd3e59 Thread C:\Program Files (x86)\Opera\opera.exe [5404:4464] 0000000077cd3e59 Thread C:\Program Files (x86)\Opera\opera.exe [5404:2816] 0000000077cd3e59 Thread C:\Program Files (x86)\Opera\opera.exe [5404:2320] 0000000077cd3e59 ---- Processes - GMER 2.0 ---- Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2544] 0000000075750000 Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2072] 0000000075c40000 Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [5024] 0000000075c40000 Library ? (*** suspicious ***) @ C:\Users\Szczepan\Desktop\OTL.exe [984] 0000000073510000 ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbdfc241 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbfa1b8b Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbfa1b8b@60d0a90e48a7 0x19 0xDA 0xA7 0xA9 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbfa1b8b@d48890e01c10 0xB5 0xEF 0x7C 0x48 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbfa1b8b@8400d21b8b72 0xDB 0xAB 0x3E 0xA4 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbdfc241 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbfa1b8b (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbfa1b8b@60d0a90e48a7 0x19 0xDA 0xA7 0xA9 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbfa1b8b@d48890e01c10 0xB5 0xEF 0x7C 0x48 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbfa1b8b@8400d21b8b72 0xDB 0xAB 0x3E 0xA4 ... ---- EOF - GMER 2.0 ----