GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-12-17 22:47:24 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932032 rev.0004 298,09GB Running: d8jc4rnm.exe; Driver: C:\Users\Madzia\AppData\Local\Temp\pwdiapow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1792] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075251465 2 bytes [25, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1792] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000752514bb 2 bytes [25, 75] .text ... * 2 .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075251465 2 bytes [25, 75] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752514bb 2 bytes [25, 75] .text ... * 2 .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075251465 2 bytes [25, 75] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752514bb 2 bytes [25, 75] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\svchost.exe [1200:2408] 000007fef2135170 Thread C:\Windows\system32\svchost.exe [1200:3080] 000007feeb7783d8 Thread C:\Windows\system32\svchost.exe [1200:3480] 000007feeb7783d8 Thread C:\Windows\system32\svchost.exe [1200:772] 000007feeb6b3f1c Thread C:\Windows\system32\svchost.exe [1200:1720] 000007fefa8b22b8 Thread C:\Windows\system32\svchost.exe [1200:3544] 000007fefa8b1a38 Thread C:\Windows\system32\svchost.exe [1200:1724] 000007fefa585388 Thread C:\Windows\system32\svchost.exe [1200:2308] 000007fefa567738 Thread C:\Windows\system32\svchost.exe [1200:2320] 000007fefa361f90 Thread C:\Windows\System32\svchost.exe [2056:2468] 000007feea329688 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1952:3416] 000007fefb112a7c ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0024337515e6 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00243388de53 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00264370ad09 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00264370ad09@60d0a9564a5a 0x3A 0xE2 0x46 0xFB ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00264370ad09@001a6bee8b96 0x8E 0x7B 0x7F 0x58 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00264370ad09@002567d495cf 0x84 0xCA 0xE4 0xF4 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00264370ad09@945103fb917c 0x8C 0x91 0x2C 0xE7 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00264370ad09@58c38be58201 0x74 0xA8 0x19 0xBC ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00264370ad09@78471d495d8c 0x41 0xFC 0x81 0x56 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00264370ad09@30392645ef84 0x67 0x84 0x31 0xDE ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00264370ad09@4c809302b0f1 0x36 0xB7 0xE5 0x7D ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00264370ad09@e440e218b195 0x19 0xAC 0x06 0xF3 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0024337515e6 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00243388de53 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00264370ad09 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00264370ad09@60d0a9564a5a 0x3A 0xE2 0x46 0xFB ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00264370ad09@001a6bee8b96 0x8E 0x7B 0x7F 0x58 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00264370ad09@002567d495cf 0x84 0xCA 0xE4 0xF4 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00264370ad09@945103fb917c 0x8C 0x91 0x2C 0xE7 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00264370ad09@58c38be58201 0x74 0xA8 0x19 0xBC ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00264370ad09@78471d495d8c 0x41 0xFC 0x81 0x56 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00264370ad09@30392645ef84 0x67 0x84 0x31 0xDE ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00264370ad09@4c809302b0f1 0x36 0xB7 0xE5 0x7D ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00264370ad09@e440e218b195 0x19 0xAC 0x06 0xF3 ... ---- Files - GMER 2.1 ---- File C:\Users\Madzia\Desktop\avast.png 10028 bytes ---- EOF - GMER 2.1 ----