GMER 2.1.19155 - http://www.gmer.net Rootkit scan 2013-03-13 17:46:09 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GT00 596,17GB Running: lishtsjv.exe; Driver: C:\Users\HOME\AppData\Local\Temp\kxliypow.sys ---- User code sections - GMER 2.1 ---- .text C:\ProgramData\Browser Manager\2.6.1125.80\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f61465 2 bytes [F6, 76] .text C:\ProgramData\Browser Manager\2.6.1125.80\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f614bb 2 bytes [F6, 76] .text ... * 2 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[3880] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007513cfca 5 bytes JMP 0000000172e14620 .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f61465 2 bytes [F6, 76] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f614bb 2 bytes [F6, 76] .text ... * 2 .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5480] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007513cfca 5 bytes JMP 0000000172e14620 .text C:\Users\HOME\AppData\Roaming\Dropbox\bin\Dropbox.exe[5676] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007513cfca 5 bytes JMP 0000000172e14620 .text C:\Users\HOME\Desktop\lishtsjv.exe[716] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007513cfca 5 bytes JMP 0000000172e14620 .text C:\Users\HOME\Desktop\lishtsjv.exe[716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f61465 2 bytes [F6, 76] .text C:\Users\HOME\Desktop\lishtsjv.exe[716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f614bb 2 bytes [F6, 76] .text ... * 2 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\mfevtps.exe[2892] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryA] [13fe1c0c0] C:\Windows\system32\mfevtps.exe ---- Threads - GMER 2.1 ---- Thread C:\Windows\SysWOW64\DllHost.exe [3472:3536] 000000006f0028f0 Thread C:\Windows\sysWOW64\wbem\wmiprvse.exe [6084:2316] 000000006c3f1070 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e59f0890 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78d4bf34 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e59f0890 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78d4bf34 (not active ControlSet) ---- EOF - GMER 2.1 ----