GMER 1.0.15.15640 - http://www.gmer.net Rootkit scan 2011-07-07 19:26:54 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0041 Running: 0p5zsb2j.exe; Driver: C:\Users\Waldek\AppData\Local\Temp\ufdiqpob.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74B67817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74BBA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74B6BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74B5F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74B675E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74B5E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74B98395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74B6DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74B5FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74B5FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74B571CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74BECAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74B8C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74B5D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74B56853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74B5687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74B62AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d028a02 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214fb33b68 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214fbceb41 Reg HKLM\SYSTEM\ControlSet010\Services\BTHPORT\Parameters\Keys\001e3d028a02 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet010\Services\BTHPORT\Parameters\Keys\00214fb33b68 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet010\Services\BTHPORT\Parameters\Keys\00214fbceb41 (not active ControlSet) Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HOMESTUDENTR@SkuComponents ??????????????????????????????????????????????D??????????????n??C:\Program Files\Microsoft Office???? ??????????????????"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /modify HOMESTUDENTR /dll OSETUP.DLL??????????????????????????????????????????????y?????? ??????????????????? ??????????????????????????????????????OfficeMUI.tr-tr?OfficeMUI.ro-ro?OfficeMUI.fi-fi?OfficeMUI.hu-hu?OfficeMUI.el-gr?OfficeMUI.da-dk?OfficeMUI.bg-bg?OfficeMUI.sk-sk?OfficeMUI.pt-pt?OfficeMUI.cs-cz?OfficeMUI.sv-se?OfficeMUI.pl-pl?OfficeMUI.en-us?OfficeMUISet.en-us?ExcelMUI.tr-tr?OneNoteMUI.tr-tr?PowerPointMUI.tr-tr?Proof.tr-tr?Proof.de-de?Proof.fr-fr?Proof.en-us?Proofing.tr-tr?WordMUI.tr-tr?ExcelMUI.ro-ro?OneNoteMUI.ro-ro?PowerPointMUI.ro-ro?Proof.ro-ro?Proofing.ro-ro?WordMUI.ro-ro?ExcelMUI.fi-fi?OneNoteMUI.fi-fi?PowerPointMUI.fi-fi?Proof.fi-fi?Proof.sv-se?Proofing.fi-fi?WordMUI.fi-fi?ExcelMUI.hu-hu?OneNoteMUI.hu-hu?PowerPointMUI.hu-hu?Proof.hu-hu?Proofing.hu-hu?WordMUI.hu-hu?ExcelMUI.el-gr?O ---- EOF - GMER 1.0.15 ----