GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-11-18 21:57:26 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0 ST316081 rev.3.AA Running: mbt672s8.exe; Driver: C:\DOCUME~1\HLTV~1.PRO\USTAWI~1\Temp\kwldrpow.sys ---- System - GMER 1.0.15 ---- SSDT \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwAllocateVirtualMemory [0xB7D544D4] SSDT \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwAssignProcessToJobObject [0xB7D54E3A] SSDT \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwConnectPort [0xB7D55B60] SSDT \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwCreateFile [0xB7D5571E] SSDT \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwCreateKey [0xB7D56124] SSDT \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwCreateProcess [0xB7D55056] SSDT \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwCreateProcessEx [0xB7D5510C] SSDT \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwCreateSection [0xB7D552CE] SSDT \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwCreateThread [0xB7D53EC4] SSDT \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwDeviceIoControlFile [0xB7D562A0] SSDT \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwDuplicateObject [0xB7D5986A] SSDT spim.sys ZwEnumerateKey [0xF72ACDA4] SSDT spim.sys ZwEnumerateValueKey [0xF72AD132] SSDT \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwFsControlFile [0xB7D56556] SSDT \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwLoadDriver [0xB7D548B0] SSDT \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwMakeTemporaryObject [0xB7D56DB0] SSDT \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwOpenFile [0xB7D5560A] SSDT spim.sys ZwOpenKey [0xF72940C0] SSDT \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwOpenProcess [0xB7D59340] SSDT \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwOpenSection [0xB7D551C6] SSDT \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwOpenThread [0xB7D595A4] SSDT \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwProtectVirtualMemory [0xB7D54374] SSDT spim.sys ZwQueryKey [0xF72AD20A] SSDT spim.sys ZwQueryValueKey [0xF72AD08A] SSDT \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwQueueApcThread [0xB7D54F46] SSDT \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwReplaceKey [0xB7D56C20] SSDT \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwRequestPort [0xB7D55CC6] SSDT \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwRequestWaitReplyPort [0xB7D55840] SSDT \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwRestoreKey [0xB7D56CA4] SSDT \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwSecureConnectPort [0xB7D55FBC] SSDT \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwSetContextThread [0xB7D54020] SSDT \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwSetSecurityObject [0xB7D56B86] SSDT \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwSetSystemInformation [0xB7D54A54] SSDT spim.sys ZwSetValueKey [0xF72AD29C] SSDT \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwShutdownSystem [0xB7D56D28] SSDT \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwSuspendProcess [0xB7D5426C] SSDT \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwSuspendThread [0xB7D54164] SSDT \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwSystemDebugControl [0xB7D54D78] SSDT \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwTerminateProcess [0xB7D59242] SSDT \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwTerminateThread [0xB7D59A28] SSDT \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwWriteVirtualMemory [0xB7D53D64] INT 0x62 ? 865DFBF8 INT 0x73 ? 865E2BF8 INT 0xB4 ? 8622FBF8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2720 80501424 12 Bytes [6C, 42, D5, B7, 64, 41, D5, ...] ? spim.sys Nie można odnaleźć określonego pliku. ! .text USBPORT.SYS!DllUnload F279F62C 5 Bytes JMP 8622F1D8 .text C:\windows\system32\DRIVERS\nv4_mini.sys section is writeable [0xF18EB380, 0x8D6CD5, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3096] USER32.dll!SetWindowLongA 77D3DED3 5 Bytes JMP 106AC350 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3096] USER32.dll!SetWindowLongW 77D3DEF1 5 Bytes JMP 106AC2E2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3096] USER32.dll!GetWindowInfo 77D3F122 5 Bytes JMP 1045E363 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3096] USER32.dll!TrackPopupMenu 77D84F16 5 Bytes JMP 1045E91C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3272] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01262EC0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\windows\system32\RunDLL32.exe[3424] ntdll.dll!NtClose + 5 7C90D58B 5 Bytes JMP 60031E20 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] ntdll.dll!NtCreateEvent + 5 7C90D65D 5 Bytes JMP 60031F42 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 60031E52 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 60032050 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] ntdll.dll!NtCreateMutant + 5 7C90D705 5 Bytes JMP 60031F4C C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] ntdll.dll!NtCreateProcess + 5 7C90D759 5 Bytes JMP 6003203C C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] ntdll.dll!NtCreateProcessEx + 5 7C90D76E 5 Bytes JMP 60031E7A C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] ntdll.dll!NtCreateSection + 5 7C90D798 5 Bytes JMP 60031E2A C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6003200A C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] ntdll.dll!NtDeleteKey + 5 7C90D8A9 5 Bytes JMP 60031FF6 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 60031FEC C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] ntdll.dll!NtDuplicateObject + 5 7C90D912 5 Bytes JMP 60031FA6 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] ntdll.dll!NtLoadDriver + 5 7C90DB73 5 Bytes JMP 60031F38 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 60031E3E C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 60032000 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6003205A C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] ntdll.dll!NtOpenProcess + 5 7C90DD80 5 Bytes JMP 60032032 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] ntdll.dll!NtOpenSection + 5 7C90DDBF 5 Bytes JMP 60031E34 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] ntdll.dll!NtQueueApcThread + 5 7C90E242 5 Bytes JMP 60032046 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 60031FE2 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 60031E84 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 60031FD8 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] ntdll.dll!NtUnmapViewOfSection + 5 7C90E965 5 Bytes JMP 60031E48 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] ntdll.dll!NtWriteFile + 5 7C90E9F8 5 Bytes JMP 60031F9C C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] ntdll.dll!NtWriteVirtualMemory + 5 7C90EA37 5 Bytes JMP 6003201E C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] ntdll.dll!RtlCreateProcessParameters 7C9233C1 5 Bytes JMP 60031ECA C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E5 5 Bytes JMP 60031EA2 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!CreateFileA 7C801A24 5 Bytes JMP 60031F10 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 60031F92 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 60031EFC C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 60031EC0 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 60031EB6 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 60032064 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 60031F24 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!SleepEx 7C80239C 5 Bytes JMP 60031ED4 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!Sleep 7C802442 5 Bytes JMP 60031EE8 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!CloseHandle 7C809B77 5 Bytes JMP 60031E5C C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!QueryPerformanceCounter 7C80A417 5 Bytes JMP 60031EAC C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!FreeLibrary 7C80AA66 5 Bytes JMP 60032078 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 60031EF2 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 60031E8E C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 60031E98 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 60032014 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!CreateThread 7C81082F 5 Bytes JMP 6003206E C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!CreateFileW 7C810976 5 Bytes JMP 60031F2E C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 60031FB0 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 60031EDE C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!CreateDirectoryW 7C81E968 5 Bytes JMP 60031FC4 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 60031FBA C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!SetFileAttributesW 7C81FC05 5 Bytes JMP 60031F88 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 60031E70 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!CopyFileExW 7C82EFF2 5 Bytes JMP 60031E66 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!PulseEvent 7C8340FE 5 Bytes JMP 60032082 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!CheckRemoteDebuggerPresent 7C859902 5 Bytes JMP 60031F56 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!CreateDirectoryExW 7C85A3DA 5 Bytes JMP 60031FCE C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!WinExec 7C86114D 5 Bytes JMP 60031F1A C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!SetThreadContext 7C862849 5 Bytes JMP 60032028 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!CreateToolhelp32Snapshot 7C8647B7 5 Bytes JMP 60031F06 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!ReadConsoleA 7C8716CD 5 Bytes JMP 60031F74 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!ReadConsoleW 7C87171C 5 Bytes JMP 60031F7E C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!ReadConsoleInputA 7C873183 5 Bytes JMP 60031F60 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] KERNEL32.dll!ReadConsoleInputW 7C8731A6 5 Bytes JMP 60031F6A C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 600320B4 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 600320BE C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 6003208C C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] USER32.dll!GetMessageW 77D391A3 5 Bytes JMP 600320D2 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] USER32.dll!PeekMessageW 77D39278 5 Bytes JMP 600320E6 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] USER32.dll!PeekMessageA 77D3CEFD 5 Bytes JMP 600320DC C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] USER32.dll!UserClientDllInitialize 77D40EB9 5 Bytes JMP 60032096 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 600320F0 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] USER32.dll!GetMessageA 77D5EA45 5 Bytes JMP 600320C8 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 600320FA C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] ADVAPI32.dll!RegQueryValueExW + 10C 77DC70D4 5 Bytes JMP 600320A0 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] ADVAPI32.dll!OpenServiceW 77DD6165 5 Bytes JMP 60032118 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] ADVAPI32.dll!ControlService 77DDB635 5 Bytes JMP 60032136 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] ADVAPI32.dll!OpenServiceA 77DDB88C 2 Bytes JMP 60032122 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] ADVAPI32.dll!OpenServiceA + 3 77DDB88F 2 Bytes [25, E8] .text C:\windows\system32\RunDLL32.exe[3424] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 6003214A C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 60032140 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 60032104 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 6003210E C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 6003212C C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] SHELL32.dll!StrStrW 7C9DFA10 5 Bytes JMP 600320AA C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] SHELL32.dll!Shell_NotifyIconW 7CA37CE1 5 Bytes JMP 60032154 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] WS2_32.dll!WEP 71A51273 5 Bytes JMP 6003215E C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 6003217C C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] WS2_32.dll!connect 71A5406A 5 Bytes JMP 60032190 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] WS2_32.dll!send 71A5428A 5 Bytes JMP 60032168 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] WS2_32.dll!gethostbyname 71A54FD4 5 Bytes JMP 60032186 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\windows\system32\RunDLL32.exe[3424] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 60032172 C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7295042] spim.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F729513E] spim.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72950C0] spim.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7295800] spim.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72956D6] spim.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F72A4B90] spim.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 865711F8 AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC) Device \Driver\usbohci \Device\USBPDO-0 862291F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 865731F8 Device \Driver\dmio \Device\DmControl\DmConfig 865731F8 Device \Driver\dmio \Device\DmControl\DmPnP 865731F8 Device \Driver\dmio \Device\DmControl\DmInfo 865731F8 Device \Driver\usbehci \Device\USBPDO-1 862281F8 AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC) Device \Driver\Ftdisk \Device\HarddiskVolume1 865E01F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 865E01F8 Device \Driver\Cdrom \Device\CdRom0 862241F8 Device \Driver\atapi \Device\Ide\IdePort0 865DF1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 865DF1F8 Device \Driver\atapi \Device\Ide\IdePort1 865DF1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{EDF5E921-F820-4E6A-B790-75B4150E4B01} 850061F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 850061F8 Device \Driver\NetBT \Device\NetbiosSmb 850061F8 AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC) AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC) Device \Driver\usbohci \Device\USBFDO-0 862291F8 Device \Driver\usbehci \Device\USBFDO-1 862281F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 84EAC1F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 84EAC1F8 Device \Driver\Ftdisk \Device\FtControl 865E01F8 Device \Driver\nvgts \Device\Scsi\nvgts1Port2Path0Target0Lun0 865721F8 Device \Driver\nvgts \Device\Scsi\nvgts1 865721F8 Device \FileSystem\Cdfs \Cdfs 86157500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 ---- EOF - GMER 1.0.15 ----