GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-07-26 20:21:08 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST380011A rev.8.01 Running: gmer.exe; Driver: C:\DOCUME~1\Ukasz\USTAWI~1\Temp\kgldapoc.sys ---- System - GMER 1.0.15 ---- SSDT sptd.sys ZwCreateKey [0xF7590FA0] SSDT sptd.sys ZwEnumerateKey [0xF75C5018] SSDT sptd.sys ZwEnumerateValueKey [0xF75C53A6] SSDT sptd.sys ZwOpenKey [0xF7590F80] SSDT sptd.sys ZwQueryKey [0xF75C547E] SSDT sptd.sys ZwQueryValueKey [0xF75C52FE] SSDT sptd.sys ZwSetValueKey [0xF75C5510] INT 0x62 ? 86F8DCB8 INT 0x63 ? 86E84CB8 INT 0x73 ? 86E84CB8 INT 0x82 ? 86F8DCB8 INT 0xA4 ? 86E84CB8 INT 0xB1 ? 86F92CB8 INT 0xB1 ? 86F92CB8 ---- Kernel code sections - GMER 1.0.15 ---- .text sptd.sys F7554000 28 Bytes [30, 28, 70, 80, A6, 7B, 70, ...] .text sptd.sys F755401D 3 Bytes [29, 70, 80] {SUB [EAX-0x80], ESI} .text sptd.sys F7554024 60 Bytes [AA, 94, 50, 80, 05, 10, 55, ...] .text sptd.sys F7554061 79 Bytes [8A, 50, 80, DA, AA, 54, 80, ...] .text sptd.sys F75540B1 87 Bytes [C4, 4D, 80, 05, 85, 4E, 80, ...] .text ... .sptd2 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xF75FE9E3] ? C:\WINDOWS\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .sfreloc˙˙˙˙sfsync03unknown last section [0xF76E7000, 0xA20, 0x40000040] C:\WINDOWS\system32\drivers\sfsync03.sys unknown last section [0xF76E7000, 0xA20, 0x40000040] .text USBPORT.SYS!DllUnload F70E48AC 5 Bytes JMP 86E841C8 .text aj25fzsz.SYS F702E2E0 46 Bytes [00, 00, 00, 00, 10, 00, 00, ...] .text aj25fzsz.SYS F702E310 28 Bytes [00, 40, 03, 00, 24, 0F, 00, ...] .text aj25fzsz.SYS F702E32E 33 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text aj25fzsz.SYS F702E351 11 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text aj25fzsz.SYS F702E35F 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL} .text ... .text a45ydrw3.SYS F6FEE2E0 41 Bytes [00, 00, 04, 00, 00, 10, 00, ...] .text a45ydrw3.SYS F6FEE30A 4 Bytes [03, 00, 28, 03] {ADD EAX, [EAX]; SUB [EBX], AL} .text a45ydrw3.SYS F6FEE310 29 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text a45ydrw3.SYS F6FEE32E 33 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text a45ydrw3.SYS F6FEE351 12 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADC [EAX], AL; ADD AL, DL} .text ... ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [F755620E] sptd.sys IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [F755570C] sptd.sys IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [F7555EEE] sptd.sys IAT \WINDOWS\system32\DRIVERS\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86F922F8 IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F755570C] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F75558F0] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7555832] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F75560CC] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F7555EEE] sptd.sys IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86E842F8 IAT \SystemRoot\System32\Drivers\aj25fzsz.SYS[ntoskrnl.exe!IofCallDriver] 00000000 IAT \SystemRoot\System32\Drivers\aj25fzsz.SYS[ntoskrnl.exe!IofCompleteRequest] 00000000 IAT \SystemRoot\System32\Drivers\aj25fzsz.SYS[ntoskrnl.exe!ExFreePoolWithTag] 00000000 IAT \SystemRoot\System32\Drivers\aj25fzsz.SYS[ntoskrnl.exe!wcsstr] 00000000 IAT \SystemRoot\System32\Drivers\aj25fzsz.SYS[ntoskrnl.exe!MmLockPagableDataSection] 00000000 IAT \SystemRoot\System32\Drivers\aj25fzsz.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 00000000 IAT \SystemRoot\System32\Drivers\aj25fzsz.SYS[ntoskrnl.exe!KeInitializeEvent] 00000000 IAT \SystemRoot\System32\Drivers\aj25fzsz.SYS[ntoskrnl.exe!IoCreateDevice] 00000000 IAT \SystemRoot\System32\Drivers\aj25fzsz.SYS[ntoskrnl.exe!IoFreeIrp] 00000000 IAT \SystemRoot\System32\Drivers\aj25fzsz.SYS[ntoskrnl.exe!IoAllocateIrp] 00000000 IAT \SystemRoot\System32\Drivers\aj25fzsz.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000 IAT \SystemRoot\System32\Drivers\aj25fzsz.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 00000000 IAT \SystemRoot\System32\Drivers\aj25fzsz.SYS[ntoskrnl.exe!ObfDereferenceObject] 00000000 IAT \SystemRoot\System32\Drivers\aj25fzsz.SYS[ntoskrnl.exe!KeSetEvent] 00000000 IAT \SystemRoot\System32\Drivers\aj25fzsz.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 00000000 IAT \SystemRoot\System32\Drivers\aj25fzsz.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 00000000 IAT \SystemRoot\System32\Drivers\aj25fzsz.SYS[ntoskrnl.exe!IoDeleteDevice] 00000000 IAT \SystemRoot\System32\Drivers\aj25fzsz.SYS[ntoskrnl.exe!IoDetachDevice] 00000000 IAT \SystemRoot\System32\Drivers\aj25fzsz.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 00000000 IAT \SystemRoot\System32\Drivers\aj25fzsz.SYS[ntoskrnl.exe!PoCallDriver] 00000000 IAT \SystemRoot\System32\Drivers\aj25fzsz.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 00000000 IAT \SystemRoot\System32\Drivers\aj25fzsz.SYS[ntoskrnl.exe!IoGetDeviceProperty] 00000000 IAT \SystemRoot\System32\Drivers\aj25fzsz.SYS[ntoskrnl.exe!ObfReferenceObject] 00000000 IAT \SystemRoot\System32\Drivers\a45ydrw3.SYS[ntoskrnl.exe!IofCallDriver] 00000000 IAT \SystemRoot\System32\Drivers\a45ydrw3.SYS[ntoskrnl.exe!IofCompleteRequest] 00000000 IAT \SystemRoot\System32\Drivers\a45ydrw3.SYS[ntoskrnl.exe!ExFreePoolWithTag] 00000000 IAT \SystemRoot\System32\Drivers\a45ydrw3.SYS[ntoskrnl.exe!wcsstr] 00000000 IAT \SystemRoot\System32\Drivers\a45ydrw3.SYS[ntoskrnl.exe!MmLockPagableDataSection] 00000000 IAT \SystemRoot\System32\Drivers\a45ydrw3.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 00000000 IAT \SystemRoot\System32\Drivers\a45ydrw3.SYS[ntoskrnl.exe!KeInitializeEvent] 00000000 IAT \SystemRoot\System32\Drivers\a45ydrw3.SYS[ntoskrnl.exe!IoCreateDevice] 00000000 IAT \SystemRoot\System32\Drivers\a45ydrw3.SYS[ntoskrnl.exe!IoFreeIrp] 00000000 IAT \SystemRoot\System32\Drivers\a45ydrw3.SYS[ntoskrnl.exe!IoAllocateIrp] 00000000 IAT \SystemRoot\System32\Drivers\a45ydrw3.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000 IAT \SystemRoot\System32\Drivers\a45ydrw3.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 00000000 IAT \SystemRoot\System32\Drivers\a45ydrw3.SYS[ntoskrnl.exe!ObfDereferenceObject] 00000000 IAT \SystemRoot\System32\Drivers\a45ydrw3.SYS[ntoskrnl.exe!KeSetEvent] 00000000 IAT \SystemRoot\System32\Drivers\a45ydrw3.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 00000000 IAT \SystemRoot\System32\Drivers\a45ydrw3.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 00000000 IAT \SystemRoot\System32\Drivers\a45ydrw3.SYS[ntoskrnl.exe!IoDeleteDevice] 00000000 IAT \SystemRoot\System32\Drivers\a45ydrw3.SYS[ntoskrnl.exe!IoDetachDevice] 00000000 IAT \SystemRoot\System32\Drivers\a45ydrw3.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 00000000 IAT \SystemRoot\System32\Drivers\a45ydrw3.SYS[ntoskrnl.exe!PoCallDriver] 00000000 IAT \SystemRoot\System32\Drivers\a45ydrw3.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 00000000 IAT \SystemRoot\System32\Drivers\a45ydrw3.SYS[ntoskrnl.exe!IoGetDeviceProperty] 00000000 IAT \SystemRoot\System32\Drivers\a45ydrw3.SYS[ntoskrnl.exe!ObfReferenceObject] 00000000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 86F781E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{720498BC-A19E-42AC-BE17-A872B4A15521} 8685A1E8 Device \Driver\usbuhci \Device\USBPDO-0 86E7A1E8 Device \Driver\usbuhci \Device\USBPDO-1 86E7A1E8 Device \Driver\usbuhci \Device\USBPDO-2 86E7A1E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{6A18AB77-5AE4-421A-AA64-4C72A0F33919} 8685A1E8 Device \Driver\usbuhci \Device\USBPDO-3 86E7A1E8 Device \Driver\usbehci \Device\USBPDO-4 86E8A1E8 Device \Driver\Cdrom \Device\CdRom0 86E891E8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F73C2B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort0 [F73C2B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort1 [F73C2B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F73C2B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\Cdrom \Device\CdRom1 86E891E8 Device \Driver\Cdrom \Device\CdRom2 86E891E8 Device \Driver\Cdrom \Device\CdRom3 86E891E8 Device \Driver\prohlp02 \Device\ProHlp02 E18363E0 Device \Driver\NetBT \Device\NetBt_Wins_Export 8685A1E8 Device \Driver\PCI_PNP6338 \Device\00000083 sptd.sys Device \Driver\PCI_PNP6338 \Device\00000084 sptd.sys Device \Driver\NetBT \Device\NetbiosSmb 8685A1E8 Device \Driver\usbuhci \Device\USBFDO-0 86E7A1E8 Device \Driver\usbuhci \Device\USBFDO-1 86E7A1E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 868521E8 Device \Driver\usbuhci \Device\USBFDO-2 86E7A1E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 868521E8 Device \Driver\usbuhci \Device\USBFDO-3 86E7A1E8 Device \Driver\usbehci \Device\USBFDO-4 86E8A1E8 Device \Driver\aj25fzsz \Device\Scsi\aj25fzsz1Port3Path0Target0Lun0 86E881E8 Device \Driver\a45ydrw3 \Device\Scsi\a45ydrw31 86E341E8 Device \Driver\aj25fzsz \Device\Scsi\aj25fzsz1 86E881E8 Device \Driver\a45ydrw3 \Device\Scsi\a45ydrw31Port2Path0Target0Lun0 86E341E8 Device \Driver\aj25fzsz \Device\Scsi\aj25fzsz1Port3Path0Target1Lun0 86E881E8 Device \FileSystem\Cdfs \Cdfs 868151E8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBE 0xC1 0xD8 0xC8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x24 0x4A 0x88 0xFF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x01 0xE7 0x3F 0x97 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xEA 0x7D 0x2B 0x7C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x50 0x8A 0x41 0x65 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCD 0xA0 0xAC 0x2D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC7 0x3B 0x1D 0xFD ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBE 0xC1 0xD8 0xC8 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x24 0x4A 0x88 0xFF ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x01 0xE7 0x3F 0x97 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xEA 0x7D 0x2B 0x7C ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x50 0x8A 0x41 0x65 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCD 0xA0 0xAC 0x2D ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC7 0x3B 0x1D 0xFD ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION 3D9FB2E76AF29110B2A8501C8E17EBCDC1A45E72F8BD4B9F355F762300570A0008A408ECBB9B749EECA9156496E34FD462480192E746E86E5C0B666626943AC6FC11817624981B2B53AE2E8F5F2D8498B9756F96DDA0E2BEB7768BB71EE97860F8E7B4E716AED071578AC6B73D163F19EAEA0E6C316AF7F438EB24F9DF142EB4DF21583B48D9C67E6A01300947751B2A99DA6697F8F9CB4AD3A913A3A205A50597A9C9FAB5C71137844BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DBA7FD869164D6794FEBC9E127BECC74CE168BE77E7A4E59F9F71B1FE93A669A63ABB630E6D9DA0A64778779FE03E8EC158ECA2012A55342A2C71AE594C749E0B6043857E11E6F3C4C5A85119997CA179305927940422126DECC64AEB1CC7ECACB129F938219BF30D2EDDCB951292E778A59D9FDA17BEFC8A9677999B6EF9657BF825B4FB72DBE15D86285C57A905EEA894BC22336C36F61B009BF28494B9995D29856C443F99820878293CD2A2AB4F6A02CF082EEFE5082A265F70F4C10BA3AB55AB203B249F9ED35217E8B0A235A11193FE7090EF00B9B72903F1ED8F431D33380D0EBF238702F9863C224BB5208361160C3CD51F099BB94B591C287A8E28B4ACB2BA67A141FE28A977ECB548C19619F54913A996D ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 156280323 Disk \Device\Harddisk0\DR0 PE file @ sector 156280345 ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\Ukasz\Ustawienia lokalne\Dane aplikacji\Opera\Opera\cache\g_000A\opr0010B.tmp 56 bytes File C:\Documents and Settings\Ukasz\Ustawienia lokalne\Dane aplikacji\Opera\Opera\cache\g_000A\opr0010C.tmp 32400 bytes File C:\Documents and Settings\Ukasz\Ustawienia lokalne\Dane aplikacji\Opera\Opera\cache\g_000A\opr0010D.tmp 0 bytes File C:\Documents and Settings\Ukasz\Ustawienia lokalne\Dane aplikacji\Opera\Opera\cache\g_000A\opr0010E.tmp 56 bytes File C:\Documents and Settings\Ukasz\Ustawienia lokalne\Dane aplikacji\Opera\Opera\cache\g_000A\opr0010F.tmp 35520 bytes File C:\Documents and Settings\Ukasz\Ustawienia lokalne\Dane aplikacji\Opera\Opera\cache\g_000A\opr0010G.tmp 49865 bytes File C:\Documents and Settings\Ukasz\Ustawienia lokalne\Dane aplikacji\Opera\Opera\cache\g_000A\opr0010J.tmp 192 bytes File C:\Documents and Settings\Ukasz\Ustawienia lokalne\Dane aplikacji\Opera\Opera\cache\g_000A\opr00109.tmp 0 bytes ---- EOF - GMER 1.0.15 ----