GMER 1.0.15.15640 - http://www.gmer.net Rootkit scan 2011-08-19 10:00:55 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST912081 rev.3.AD Running: gmer.exe; Driver: C:\Users\Orange\AppData\Local\Temp\ugddqpow.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [746B7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7470A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [746BBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [746AF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [746B75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [746AE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [746E8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [746BDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [746AFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [746AFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [746A71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7473CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [746DC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [746AD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [746A6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [746A687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [746B2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3ae1bbc2 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1e40c6f Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1f1ccd8 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe2dd6fa4 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe2dd6fa4@0013fd87ccaf 0x3E 0x69 0x95 0x88 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe2dd6fa4@0012625ffefe 0xA2 0x2C 0xEA 0x51 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe2dd6fa4@00164e0888c7 0x56 0x1D 0x41 0x6C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe2dd6fa4@001cd68886c3 0xBD 0x90 0xD5 0xE1 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe2dd6fa4@00149af9fea0 0x72 0x94 0x24 0x12 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe2dd6fa4@0025cf6ad71c 0x6B 0xD0 0x03 0x9E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe2dd6fa4@0026ccac094f 0x10 0x5B 0x3D 0xDE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe2dd6fa4@0012d2790e03 0x50 0xFD 0x52 0xE2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe2dd6fa4@402ba10997a2 0xCE 0x44 0xCE 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe2dd6fa4@d45d4294b2fa 0x86 0x01 0x0E 0x1B ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001f3ae1bbc2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1e40c6f (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1f1ccd8 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe2dd6fa4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe2dd6fa4@0013fd87ccaf 0x3E 0x69 0x95 0x88 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe2dd6fa4@0012625ffefe 0xA2 0x2C 0xEA 0x51 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe2dd6fa4@00164e0888c7 0x56 0x1D 0x41 0x6C ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe2dd6fa4@001cd68886c3 0xBD 0x90 0xD5 0xE1 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe2dd6fa4@00149af9fea0 0x72 0x94 0x24 0x12 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe2dd6fa4@0025cf6ad71c 0x6B 0xD0 0x03 0x9E ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe2dd6fa4@0026ccac094f 0x10 0x5B 0x3D 0xDE ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe2dd6fa4@0012d2790e03 0x50 0xFD 0x52 0xE2 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe2dd6fa4@402ba10997a2 0xCE 0x44 0xCE 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe2dd6fa4@d45d4294b2fa 0x86 0x01 0x0E 0x1B ... ---- EOF - GMER 1.0.15 ----