GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-23 12:27:56 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 298,09GB Running: 8n1frt40.exe; Driver: C:\Users\Bartek\AppData\Local\Temp\ufdiipow.sys ---- System - GMER 2.1 ---- INT 0x52 ? 86C77BF8 INT 0x62 ? 86C77BF8 INT 0x82 ? 86C77BF8 INT 0x92 ? 85350BF8 INT 0x92 ? 85350BF8 INT 0x92 ? 86C77BF8 INT 0x92 ? 85350BF8 INT 0xB2 ? 86C77BF8 INT 0xB2 ? 8534FBF8 INT 0xB2 ? 8534FBF8 INT 0xB2 ? 8534FBF8 INT 0xB2 ? 86C77BF8 ---- Kernel code sections - GMER 2.1 ---- ? System32\Drivers\spyw.sys System nie może odnaleźć określonej ścieżki. ! ? \Program Files\DAEMON Tools Lite\Engine.dll System nie może odnaleźć określonej ścieżki. ! ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74997817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [749DB4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7499BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7498F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [749975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7498E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [749C73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7499DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7498FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7498FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74A1CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [749BC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7498D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74986853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7498687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74992AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 85CE61F8 AttachedDevice \FileSystem\Ntfs \Ntfs tvtumon.sys Device \Driver\BTHUSB \Device\0000008f bthport.sys Device \Driver\BTHUSB \Device\0000008f bthport.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys Device \Driver\netbt \Device\NetBT_Tcpip_{38DCA44C-4D0C-4EA8-84A7-4BFA04C6DEB7} 87318500 Device \Driver\volmgr \Device\VolMgrControl 853521F8 Device \Driver\usbuhci \Device\USBPDO-0 86CE11F8 Device \Driver\usbuhci \Device\USBPDO-1 86CE11F8 Device \Driver\usbuhci \Device\USBPDO-2 86CE11F8 Device \Driver\usbehci \Device\USBPDO-3 86C871F8 Device \Driver\USBSTOR \Device\000000a0 879DD1F8 Device \Driver\usbuhci \Device\USBPDO-4 86CE11F8 Device \Driver\USBSTOR \Device\000000a1 879DD1F8 Device \Driver\usbuhci \Device\USBPDO-5 86CE11F8 Device \Driver\USBSTOR \Device\000000a2 879DD1F8 Device \Driver\usbuhci \Device\USBPDO-6 86CE11F8 Device \Driver\volmgr \Device\HarddiskVolume1 853521F8 Device \Driver\USBSTOR \Device\000000a3 879DD1F8 Device \Driver\usbehci \Device\USBPDO-7 86C871F8 Device \Driver\volmgr \Device\HarddiskVolume2 853521F8 Device \Driver\cdrom \Device\CdRom0 86CF61F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85CE41F8 Device \Driver\atapi \Device\Ide\IdePort0 85CE41F8 Device \Driver\atapi \Device\Ide\IdePort1 85CE41F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 85CE41F8 Device \Driver\msahci \Device\Ide\PciIde0Channel0 85CE51F8 Device \Driver\msahci \Device\Ide\PciIde0Channel1 85CE51F8 Device \Driver\volmgr \Device\HarddiskVolume3 853521F8 Device \Driver\cdrom \Device\CdRom2 86CF61F8 Device \Driver\volmgr \Device\HarddiskVolume4 853521F8 Device \Driver\volmgr \Device\HarddiskVolume5 853521F8 Device \Driver\netbt \Device\NetBt_Wins_Export 87318500 Device \Driver\Smb \Device\NetbiosSmb 873091F8 Device \Driver\netbt \Device\NetBT_Tcpip_{47C94018-1D05-4DAB-A678-25953F30A8F4} 87318500 Device \Driver\iScsiPrt \Device\RaidPort0 86E131F8 Device \Driver\netbt \Device\NetBT_Tcpip_{E7F5CA4F-0A6C-4BF1-91D1-12DE94ECC57E} 87318500 Device \Driver\usbuhci \Device\USBFDO-0 86CE11F8 Device \Driver\usbuhci \Device\USBFDO-1 86CE11F8 Device \Driver\usbuhci \Device\USBFDO-2 86CE11F8 Device \Driver\usbehci \Device\USBFDO-3 86C871F8 Device \Driver\usbuhci \Device\USBFDO-4 86CE11F8 Device \Driver\usbuhci \Device\USBFDO-5 86CE11F8 Device \Driver\usbuhci \Device\USBFDO-6 86CE11F8 Device \Driver\usbehci \Device\USBFDO-7 86C871F8 Device \Driver\netbt \Device\NetBT_Tcpip_{CB0D53BA-248D-435B-980C-2AEE5431473B} 87318500 Device \Driver\JMCR \Device\Scsi\JMCR1 86C991F8 Device \Driver\JMCR \Device\Scsi\JMCR2 86C991F8 Device \Driver\JMCR \Device\Scsi\JMCR3 86C991F8 Device \Driver\BTHUSB \Device\0000008d bthport.sys Device \Driver\BTHUSB \Device\0000008d bthport.sys Device \FileSystem\cdfs \Cdfs 878851F8 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85ce41f8]<< 85ce41f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864e45a0] 864e45a0 Trace 3 CLASSPNP.SYS[8abac8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85d70b98] 85d70b98 Trace \Driver\atapi[0x85d6cb08] -> IRP_MJ_CREATE -> 0x85ce41f8 85ce41f8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269f468a0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFA 0xBE 0xFA 0x87 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x02 0xD5 0x34 0xCF ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002269f468a0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFA 0xBE 0xFA 0x87 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x69 0x4E 0x68 0xBE ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF8 0x82 0xC4 0x88 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x42 0x98 0xEC 0x0E ... ---- EOF - GMER 2.1 ----