GMER 1.0.15.15641 - http://www.gmer.net Rootkit quick scan 2012-04-13 11:10:46 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-4 MAXTOR_STM3750330AS rev.MX15 Running: gmer.exe; Driver: C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\pwriakob.sys ---- System - GMER 1.0.15 ---- SSDT sptd.sys ZwEnumerateKey [0xB9F03018] SSDT sptd.sys ZwEnumerateValueKey [0xB9F033A6] ---- Devices - GMER 1.0.15 ---- Device \Driver\atapi \Device\Ide\IdePort0 [B9DEEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B9DEEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-c [B9DEEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [B9DEEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-17 [B9DEEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [B9DEEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort4 [B9DEEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3a [B9DEEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-4 [B9DEEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-2d [B9DEEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-25 [B9DEEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\acq8yu1c \Device\Scsi\acq8yu1c1 8AE031E8 Device \Driver\acq8yu1c \Device\Scsi\acq8yu1c1Port6Path0Target0Lun0 8AE031E8 Device \FileSystem\Ntfs \Ntfs 8B18C1E8 Device \FileSystem\Fastfat \Fat 895AA1E8 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC) AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC) AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC) AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC) ---- Processes - GMER 1.0.15 ---- Process ukryty proces (*** hidden *** ) 20440 Process ukryty proces (*** hidden *** ) 20460 Process ukryty proces (*** hidden *** ) 21080 Process ukryty proces (*** hidden *** ) 22008 Process ukryty proces (*** hidden *** ) 24596 Process ukryty proces (*** hidden *** ) 24744 Process ukryty proces (*** hidden *** ) 30060 Process ukryty proces (*** hidden *** ) 31424 Process ukryty proces (*** hidden *** ) 31456 Process ukryty proces (*** hidden *** ) 32540 Process ukryty proces (*** hidden *** ) 35824 ---- EOF - GMER 1.0.15 ----