GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-23 22:01:41 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.0040 298,09GB Running: ujtpuzlu.exe; Driver: C:\Users\swietlik\AppData\Local\Temp\kxtdrfow.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8C54F000, 0x4036D, 0xE8000020] .dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8C598000, 0x510, 0x40000040] .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8FC03000, 0x1E73A0, 0xE8000020] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73017817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7305B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7301BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7300F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [730175E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7300E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [730473F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7301DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7300FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7300FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [730071CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7309CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7303C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7300D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73006853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7300687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73012AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFF 0xB0 0x43 0x2E ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFF 0xB0 0x43 0x2E ... ---- EOF - GMER 2.1 ----