GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-11-15 23:41:29 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\JRAID1Port4Path0Target0Lun0 SATA____ rev. Running: zi03pfbo.exe; Driver: C:\DOCUME~1\PV\USTAWI~1\Temp\pxriqaow.sys ---- Kernel code sections - GMER 1.0.15 ---- ? bxwonhoc.sys Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB67EE3A0, 0x59FFE5, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text F:\Alex\Programy\oodag.exe[1660] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 00401340 F:\Alex\Programy\oodag.exe (O&O Defrag Free Edition Agent (Win32)/O&O Software GmbH) .text C:\Program Files\Mozilla Firefox\firefox.exe[1728] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01495B00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1728] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 016D7B58 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1728] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 1 Byte [E9] .text C:\Program Files\Mozilla Firefox\firefox.exe[1728] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 016D7B35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1728] kernel32.dll!ValidateLocale + B130 7C844958 7 Bytes JMP 0149EF12 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1728] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 016D7AB6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text F:\Alex\Programy\Gadu-Gadu 10\gg.exe[2012] USER32.dll!BeginPaint 7E378FE9 5 Bytes JMP 106E3730 F:\Alex\Programy\Gadu-Gadu 10\QtWebKit4.dll .text F:\Alex\Programy\Gadu-Gadu 10\gg.exe[2012] USER32.dll!EndPaint 7E378FFD 5 Bytes JMP 106E37A0 F:\Alex\Programy\Gadu-Gadu 10\QtWebKit4.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3848] USER32.dll!DefWindowProcA + 11A 7E37C298 7 Bytes JMP 105DAAB0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3848] USER32.dll!SetWindowLongA + 19 7E37C2B6 7 Bytes JMP 105DAA3F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3848] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 10424559 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3848] USER32.dll!GetMenuContextHelpId + 1A 7E3B5319 7 Bytes JMP 10424BB1 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Devices - GMER 1.0.15 ---- Device \Driver\prodrv06 \Device\ProDrv06 E1ABC728 Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\prohlp02 \Device\ProHlp02 E10130B8 Device \Driver\JRAID \Device\Scsi\JRAID1Port4Path0Target0Lun0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\JRAID \Device\Scsi\JRAID1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\JRAID \Device\Scsi\JRAID1Port4Path0Target1Lun0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 F:\Alex\Programy\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCC 0x26 0x1C 0xD0 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xD0 0xDC 0x15 0xB3 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xF3 0x4E 0x36 0x24 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION C79E7C96E69F21DD584AC0600701F89465533C1B639F20DD80719778D9EB8E6B5949B4D2E94BF48B54B6647F2E1EA08BEF9E74B5A95BACA3714D8107E53B7C76766DA7E3597194A03D86F1312E78B5D2D0922873C5E9CC07789FE87E196C39BA02838D4463AA56BA5098E3A222E1DF0B44993ACE5DF521CA6DFBB24E48A378B81267707428B4A24082B40C0417505E993B83DD4D8C4E5DF3DED99867BAA7033A725A2FF7BCEFF6D8FA830C0B0F5D03A75B811C71606546CD8C15FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CA9C6AECB7A5D1407BA7FD869164D679472466BE1BDE4A6C9BD3BA5418FDEA45E4DB22ACEFB2EFB6FA520AEC921E24D9D4C3F16BF44DBE4E1CE03B8240B2FE8EC208205FAF531E31E3A08EA15B17F92819C2199D9391B8EE5144A081F461EBE7E4D20D6188F769D1347ACF84C5EB24E440137B0A2E5657E620C2DDC00FE0F9DC45C9A16EA9F1FE049772F99C9AF81954C68D288B02A3EC6C28C4F70B48827B5D62505A8D98B9397A04932831144B4AE6117C8C4BC7670ACDA3DD471CECB5068B1D6F46BF2D17E61DE115D5EC5CBD7163125717AA5D18827E01D6804074239C8347206AE63814F8F2C74DC47B08C3B7B4E7CA9B3EB5657E2F07AB73FB7FB542321CE563681BFB ---- EOF - GMER 1.0.15 ----