GMER 2.1.19155 - http://www.gmer.net
Rootkit scan 2013-03-20 21:43:27
Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD3200AAJB-00J3A0 rev.01.03E01 298,09GB
Running: jpdpbc8d.exe; Driver: C:\DOCUME~1\(\USTAWI~1\Temp\pxtdipow.sys


---- System - GMER 2.1 ----

SSDT     \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys                        ZwAddBootEntry [0xBA783538]
SSDT     \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys                        ZwConnectPort [0xBA784AA6]
SSDT     \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys                        ZwCreateKey [0xBA783F78]
SSDT     \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys                        ZwCreateSection [0xBA784726]
SSDT     \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys                        ZwCreateThread [0xBA782DC0]
SSDT     \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys                        ZwDeleteBootEntry [0xBA7835A4]
SSDT     \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys                        ZwDeleteFile [0xBA783C80]
SSDT     \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys                        ZwDeviceIoControlFile [0xBA782E9C]
SSDT     \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys                        ZwDuplicateObject [0xBA7831DC]
SSDT     \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys                        ZwFsControlFile [0xBA783C20]
SSDT     \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys                        ZwImpersonateClientOfPort [0xBA783BE6]
SSDT     \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys                        ZwImpersonateThread [0xBA783BA4]
SSDT     \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys                        ZwLoadDriver [0xBA7854CE]
SSDT     \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys                        ZwMapViewOfSection [0xBA783E7C]
SSDT     \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys                        ZwModifyBootEntry [0xBA78356E]
SSDT     \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys                        ZwOpenProcess [0xBA7848B4]
SSDT     \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys                        ZwOpenSection [0xBA7842A0]
SSDT     \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys                        ZwOpenThread [0xBA78499A]
SSDT     \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys                        ZwProtectVirtualMemory [0xBA784364]
SSDT     \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys                        ZwQueueApcThread [0xBA782F5A]
SSDT     \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys                        ZwReplaceKey [0xBA7836C6]
SSDT     \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys                        ZwRequestWaitReplyPort [0xBA785874]
SSDT     \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys                        ZwRestoreKey [0xBA783610]
SSDT     \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys                        ZwSecureConnectPort [0xBA784B9A]
SSDT     \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys                        ZwSetBootOptions [0xBA7835DA]
SSDT     \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys                        ZwSetContextThread [0xBA782FBE]
SSDT     \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys                        ZwSetInformationFile [0xBA783CE6]
SSDT     \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys                        ZwSetSystemInformation [0xBA7845FE]
SSDT     \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys                        ZwShutdownSystem [0xBA7834F0]
SSDT     \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys                        ZwSystemDebugControl [0xBA783030]
SSDT     \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys                        ZwTerminateProcess [0xBA78FC60]
SSDT     \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys                        ZwTerminateThread [0xBA78FC83]
SSDT     \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys                        ZwWriteVirtualMemory [0xBA785588]

---- Kernel code sections - GMER 2.1 ----

.text    C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                            section is writeable [0xF7220000, 0x1C5D38, 0xE8000020]
.Shltr1  C:\Program Files\SpyShelter Personal Free\SpyShelter.sys                            entry point in ".Shltr1" section [0xBA7C00C5]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[240] ntdll.dll!LdrLoadDll  7C91632D 5 Bytes  JMP 1002A220 C:\Program Files\SpyShelter Personal Free\klhelper.dll

---- Registry - GMER 2.1 ----

Reg      HKLM\SOFTWARE\Classes\CLSID\{F5F9B44C-528A-26D3-B2CE-1730ACC8FD16}\kkpqkrzg@        x]fVjfuztn`vZMnwgOwNHjWdDg
Reg      HKLM\SOFTWARE\Classes\CLSID\{F5F9B44C-528A-26D3-B2CE-1730ACC8FD16}\wuqjasobHi@      kjVBOBuejZgM{[_bf\fyVSO[`c

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                               malicious Win32:MBRoot code @ sector 625121283 !

---- EOF - GMER 2.1 ----