GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-03-02 11:41:00 Windows 5.1.2600 Dodatek Service Pack 3 Running: rgse5mzb.exe; Driver: H:\DOCUME~1\OEM\USTAWI~1\Temp\kfddipob.sys ---- System - GMER 1.0.15 ---- SSDT d347bus.sys (PnP BIOS Extension/ ) ZwClose [0xF75BD818] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreateKey [0xF75BD7D0] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xF75B1A20] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF75B22A8] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF75BD910] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xF75BD794] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xF75B22C8] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xF75BD866] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xF75BD0B0] ---- Modules - GMER 1.0.15 ---- Module _________ F7499000-F74B1000 (98304 bytes) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@khjeh 0x20 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z0 0x5B 0x9D 0x87 0x82 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z1 0xC5 0x9D 0x87 0x82 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z2 0xC5 0x9D 0x87 0x82 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z3 0xC5 0x9D 0x87 0x82 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z4 0xC5 0x9D 0x87 0x82 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41@khjeh 0x20 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41@hj34z0 0x06 0x9C 0x87 0x82 ... ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk1\DR5 sector 00: rootkit-like behavior ---- Files - GMER 1.0.15 ---- File H:\WINDOWS\$NtUninstallKB15912$\4235242298 0 bytes File H:\WINDOWS\$NtUninstallKB15912$\811077232 0 bytes File H:\WINDOWS\$NtUninstallKB15912$\811077232\@ 2048 bytes File H:\WINDOWS\$NtUninstallKB15912$\811077232\cfg.ini 109 bytes File H:\WINDOWS\$NtUninstallKB15912$\811077232\Desktop.ini 4608 bytes File H:\WINDOWS\$NtUninstallKB15912$\811077232\L 0 bytes File H:\WINDOWS\$NtUninstallKB15912$\811077232\L\kjfidwma 162816 bytes File H:\WINDOWS\$NtUninstallKB15912$\811077232\U 0 bytes File H:\WINDOWS\$NtUninstallKB15912$\811077232\U\00000001.@ 2048 bytes File H:\WINDOWS\$NtUninstallKB15912$\811077232\U\00000002.@ 224768 bytes File H:\WINDOWS\$NtUninstallKB15912$\811077232\U\00000004.@ 1024 bytes File H:\WINDOWS\$NtUninstallKB15912$\811077232\U\80000000.@ 66560 bytes File H:\WINDOWS\$NtUninstallKB15912$\811077232\U\80000004.@ 12800 bytes File H:\WINDOWS\$NtUninstallKB15912$\811077232\U\80000032.@ 73216 bytes File H:\WINDOWS\$NtUninstallKB15912$\811077232\version 852 bytes ---- EOF - GMER 1.0.15 ----