GMER 2.1.19163 Rootkit scan 2013-10-11 16:36:22 Windows 5.1.2600 Dodatek Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541680J9SA00 rev.SB2OC70P 74,53GB Running: dd7wgxhc.exe; Driver: C:\DOCUME~1\JA\USTAWI~1\Temp\pgryypow.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeReleaseInStackQueuedSpinLockFromDpcLevel + AFD 8053CBB1 3 Bytes JMP 843DB178 ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[192] kernel32.dll!MoveFileWithProgressW 7C81F69E 5 Bytes JMP 65704850 C:\Program Files\360\360 Internet Security\safemon\iNetSafe.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[192] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 6737E1F0 C:\Program Files\360\360 Internet Security\safemon\safemon.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[192] kernel32.dll!CopyFileExW 7C827AA2 7 Bytes JMP 6737E490 C:\Program Files\360\360 Internet Security\safemon\safemon.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[192] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 6737DE60 C:\Program Files\360\360 Internet Security\safemon\safemon.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[192] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 6737DF60 C:\Program Files\360\360 Internet Security\safemon\safemon.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[192] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 6737E0F0 C:\Program Files\360\360 Internet Security\safemon\safemon.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[192] kernel32.dll!MoveFileWithProgressA 7C835E36 5 Bytes JMP 657046E0 C:\Program Files\360\360 Internet Security\safemon\iNetSafe.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[192] kernel32.dll!CopyFileExA 7C85E5C4 5 Bytes JMP 6737E380 C:\Program Files\360\360 Internet Security\safemon\safemon.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[192] WS2_32.dll!send 71A5428A 5 Bytes JMP 673826B0 C:\Program Files\360\360 Internet Security\safemon\safemon.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[192] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 673828B0 C:\Program Files\360\360 Internet Security\safemon\safemon.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[192] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 6737B500 C:\Program Files\360\360 Internet Security\safemon\safemon.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[192] ole32.dll!CoGetClassObject 775056DD 5 Bytes JMP 6737B6E0 C:\Program Files\360\360 Internet Security\safemon\safemon.dll .text C:\WINDOWS\Explorer.EXE[1312] kernel32.dll!CreateProcessInternalW 7C819724 5 Bytes JMP 6737BD00 C:\Program Files\360\360 Internet Security\safemon\safemon.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Npfs \Device\NamedPipe 360Box.sys AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat qutmdrv.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION 1B6D0CF298852AAD76E2301EF5666584E2A4C0919E7B85B768A8BFB788E156FC16189695DC59CDDD9E0DEF39C4FED06339D8E7B0F021C5DA635507977F1D00AADF520A2E2C48ECB3958686094AF39A413898D345A0F90DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D14079DB7CE019D40AA5CFEBC9E127BECC74CA2D97226D213B5552374471925910C52C2B24D76AC58874C0FB91C5D7BDC910C38F09C3AD3DEF2AE10E68C94ED40D53A7C807CFCB5DA52727BEAEF4A959C93FC3369792952FA0256966AFCEDF0AF7E161871EA50374DB885E6CE9D5B311D89FD4A28BDBD4CD1DDA5FB55396B05043C6CA17FC7039F094F68C623070B728C05EF7AD119863F05BC996650E0C4A0760578897A47977F7B6D3276FC8FCE26ACE168285E42FE504E18E461DA9DA3DED193272504210A8B252F30B1C3228AB8D33A2E179B721D45F7AFECDBC417AA0177E89BAB938FC49C1CF3E098B2281ABA6CF2BE7429E7C5095F834A2B35FEECEA5BC42C3AF353AA2F0B61F6B3DA94C9E475AE4B4DFB63D52CF95C4C04A506F2A30632E4D044308FE42B5FDB6A9EDB5C8F01D637925DAB1ADECE42F203E3E23857927982D4766EBC83D198A989B6F508B8B3191B9D698957F8F783732790D1AC56B3AB770D51D770F0E27FAF442FDFF582C9E6442 ---- EOF - GMER 2.1 ----