GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-08-29 10:40:20 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-12 ST3808110AS rev.3.AAD 74,53GB Running: gqbbkw3m.exe; Driver: C:\DOCUME~1\Admin\USTAWI~1\Temp\uwldipow.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF684E3C0, 0x84E2FA, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[1992] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0171F140 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1992] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01D3FDF5 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1992] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01D3FDD2 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1992] kernel32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 01722942 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1992] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01D3FD53 C:\Program Files\Mozilla Firefox\xul.dll ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x46 0xCD 0x3A 0x99 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE5 0x79 0xC7 0x38 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x84 0xC9 0xE7 0xB5 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8A 0x1C 0xFF 0xC3 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8A 0x1C 0xFF 0xC3 ... ---- EOF - GMER 2.1 ----