GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-12-21 12:31:11 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\00000066 SAMSUNG_HD160JJ rev.WU100-41 149,05GB Running: ygpolouj.exe; Driver: C:\DOCUME~1\user\USTAWI~1\Temp\pxtdqpob.sys ---- Kernel code sections - GMER 2.1 ---- PAGE ntoskrnl.exe!ZwResumeThread 80578F98 1 Byte [CC] {INT 3 } .sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xF75BC346] ---- User code sections - GMER 2.1 ---- .text D:\Program Files\Mozilla Firefox\firefox.exe[408] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0171F140 D:\Program Files\Mozilla Firefox\xul.dll .text D:\Program Files\Mozilla Firefox\firefox.exe[408] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01D3FDF5 D:\Program Files\Mozilla Firefox\xul.dll .text D:\Program Files\Mozilla Firefox\firefox.exe[408] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01D3FDD2 D:\Program Files\Mozilla Firefox\xul.dll .text D:\Program Files\Mozilla Firefox\firefox.exe[408] kernel32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 01722942 D:\Program Files\Mozilla Firefox\xul.dll .text D:\Program Files\Mozilla Firefox\firefox.exe[408] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01D3FD53 D:\Program Files\Mozilla Firefox\xul.dll ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys >>UNKNOWN [0x899d9129]<< 899d9129 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89a17720] 89a17720 Trace 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000067[0x899e7bb8] 899e7bb8 Trace 5 ACPI.sys[f7496620] -> nt!IofCallDriver -> \Device\00000066[0x89a29030] 89a29030 ---- Threads - GMER 2.1 ---- Thread System [4:504] 8991F39F Thread System [4:620] 890100F4 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2E 0x42 0x01 0x4F ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2E 0x42 0x01 0x4F ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\@P_9}\x90o\5Ȍ\5\f\0.0}\x2dd/0}\xa0o9}ȍo\5X_9}\22 ?????@???????????????????????????????????????????????!??L?!This program cannot be run in DOS mode. $????????w{???????????????x???????{???????H?????????|???o?h?????o?x?v???o?{???????? ---- EOF - GMER 2.1 ----