GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-10-30 22:20:27 Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 TOSHIBA_MK1237GSX rev.DL132C Running: 33rpn8tw.exe; Driver: C:\Users\AGU~1\AppData\Local\Temp\pxldipow.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1732] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [749F88B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1732] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74A398A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1732] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [749FB9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1732] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [749EFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1732] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [749F7A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1732] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [749EEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1732] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74A2B17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1732] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [749FBC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1732] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [749F074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1732] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [749F06B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1732] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749E71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1732] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74A7D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1732] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74A17379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1732] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [749EE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1732] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [749E697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1732] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [749E69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1732] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [749F2465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001a6bb304c2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001a6bbc7e19 (not active ControlSet) Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6bb304c2 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6bbc7e19 Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6bb304c2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6bbc7e19 (not active ControlSet) ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\$NtUninstallKB13607$\1152157745 0 bytes File C:\WINDOWS\$NtUninstallKB13607$\2098116566 0 bytes File C:\WINDOWS\$NtUninstallKB13607$\2098116566\@ 2048 bytes File C:\WINDOWS\$NtUninstallKB13607$\2098116566\L 0 bytes File C:\WINDOWS\$NtUninstallKB13607$\2098116566\L\qnbwvoto 71680 bytes File C:\WINDOWS\$NtUninstallKB13607$\2098116566\loader.tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB13607$\2098116566\U 0 bytes File C:\WINDOWS\$NtUninstallKB13607$\2098116566\U\@00000001 45968 bytes File C:\WINDOWS\$NtUninstallKB13607$\2098116566\U\@000000c0 3584 bytes File C:\WINDOWS\$NtUninstallKB13607$\2098116566\U\@000000cb 3072 bytes File C:\WINDOWS\$NtUninstallKB13607$\2098116566\U\@000000cf 1536 bytes File C:\WINDOWS\$NtUninstallKB13607$\2098116566\U\@80000000 23040 bytes File C:\WINDOWS\$NtUninstallKB13607$\2098116566\U\@800000c0 35840 bytes File C:\WINDOWS\$NtUninstallKB13607$\2098116566\U\@800000cb 23552 bytes File C:\WINDOWS\$NtUninstallKB13607$\2098116566\U\@800000cf 27648 bytes ---- EOF - GMER 1.0.15 ----