GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-10-11 14:04:06 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LB01 Running: gc3tcl9y.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\kxtdipow.sys ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\plugin-container.exe[264] USER32.dll!SetWindowLongA 77D3DED3 5 Bytes JMP 1069E349 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[264] USER32.dll!SetWindowLongW 77D3DEF1 5 Bytes JMP 1069E2DB C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[264] USER32.dll!GetWindowInfo 77D3F122 5 Bytes JMP 104589A7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[264] USER32.dll!TrackPopupMenu 77D84F16 5 Bytes JMP 10458F65 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2144] USER32.dll!GetSysColor 77D38E50 5 Bytes JMP 0045B9C0 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2144] USER32.dll!GetSysColorBrush 77D38E83 5 Bytes JMP 0045BA20 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2144] USER32.dll!SetScrollInfo 77D3902C 7 Bytes JMP 0045B8B0 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2144] USER32.dll!GetScrollPos 77D3F66F 5 Bytes JMP 0045B840 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2144] USER32.dll!SetScrollRange 77D3F6BB 5 Bytes JMP 0045B930 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2144] USER32.dll!SetScrollPos 77D3F780 5 Bytes JMP 0045B8F0 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2144] USER32.dll!GetScrollRange 77D3F7B7 5 Bytes JMP 0045B870 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2144] USER32.dll!ShowScrollBar 77D40142 5 Bytes JMP 0045B980 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2144] USER32.dll!GetScrollInfo 77D43A2F 7 Bytes JMP 0045B800 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2144] USER32.dll!EnableScrollBar 77D87BAD 7 Bytes JMP 0045B7C0 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Program Files\Mozilla Firefox\firefox.exe[3244] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0125FAE0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBF 0xE2 0xDC 0x73 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBF 0xE2 0xDC 0x73 ... ---- EOF - GMER 1.0.15 ----