GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-06-24 15:40:25 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.01.0 Running: pfckq6x0.exe; Driver: C:\Users\Kiciucha\AppData\Local\Temp\kflyrkod.sys ---- Kernel code sections - GMER 1.0.15 ---- .text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8B95B480, 0x3C939, 0xE8000020] .dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8B99C900, 0x3CA, 0x48000040] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1072] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74267817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1072] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [742AB4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1072] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7426BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1072] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7425F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1072] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [742675E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1072] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7425E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1072] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [742973F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1072] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7426DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1072] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7425FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1072] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7425FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1072] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [742571CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1072] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [742ECAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1072] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7428C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1072] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7425D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1072] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74256853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1072] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7425687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1072] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74262AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\redist\Miles\mssdsp.flt 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\redist\Miles\msseax.flt 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\redist\Miles\mssmp3.asi 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Balance_of_Chaos.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Blood_on_the_Snow.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Castle_of_the_Gods.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Emerge.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\General_Conflict.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Hightower.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Killing_Fields.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Range.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Refill_Conflict.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Reinforcement_Conflict.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Stielstand.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Struggle.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Two_Hills.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Village_in_Squeeze.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Watch_over_Ford.scn 1 ---- EOF - GMER 1.0.15 ----