GMER 2.1.19155 - http://www.gmer.net Rootkit scan 2013-03-26 12:43:43 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0003 465,76GB Running: ly1sk99c.exe; Driver: C:\Users\DOMOWY\AppData\Local\Temp\axdiikoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3416] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000734a11a8 2 bytes [4A, 73] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3416] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000734a13a8 2 bytes [4A, 73] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3416] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 00000000734a1422 2 bytes [4A, 73] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3416] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 00000000734a1498 2 bytes [4A, 73] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3416] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075ef1465 2 bytes [EF, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3416] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075ef14bb 2 bytes [EF, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ef1465 2 bytes [EF, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ef14bb 2 bytes [EF, 75] .text ... * 2 .text D:\POCZTA\KomaMail\Koma_Mail.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ef1465 2 bytes [EF, 75] .text D:\POCZTA\KomaMail\Koma_Mail.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ef14bb 2 bytes [EF, 75] .text ... * 2 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68a0f7fe Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68a0f7fe@9420534e4634 0x3B 0x7D 0x53 0xFC ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68a0f7fe@3017c83c5e20 0x01 0xBC 0xBE 0xEA ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68a0f7fe@002266deef1a 0xC9 0xD2 0x27 0x9F ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68a0f7fe (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68a0f7fe@9420534e4634 0x3B 0x7D 0x53 0xFC ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68a0f7fe@3017c83c5e20 0x01 0xBC 0xBE 0xEA ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68a0f7fe@002266deef1a 0xC9 0xD2 0x27 0x9F ... ---- EOF - GMER 2.1 ----