GMER 2.1.19155 - http://www.gmer.net Rootkit scan 2013-03-24 17:20:09 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0 INTEL_SS rev.4PC1 111,79GB Running: wlewgnx4.exe; Driver: C:\DOCUME~1\ARTUR~1.PRI\USTAWI~1\Temp\ugldapod.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys section is writeable [0xB71843C0, 0x70A55A, 0xE8000020] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS.0\Explorer.EXE[548] @ C:\WINDOWS.0\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{DE69A676-BF3C-4B59-AFE3-2DF8BA50649C}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Performance@Error Count 20 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 285 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager\kernel@ObUnsecureGlobalNames netfxcustomperfcounters.1.0?SharedPerfIPCBlock?Cor_Private_IPCBlock?Cor_Public_IPCBlock_?Cor_SxSPublic_IPCBlock_? Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager\Memory Management\PrefetchParameters@VideoInitTime 953 Reg HKLM\SYSTEM\ControlSet002\Control\Video\{DE69A676-BF3C-4B59-AFE3-2DF8BA50649C}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet002\Control\Watchdog\Display@ShutdownCount 88 Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\Application\.NET Runtime@EventMessageFile c:\WINDOWS.0\system32\mscoree.dll Reg HKLM\SYSTEM\ControlSet002\Services\RemoteAccess\Performance@Error Count 3 Reg HKLM\SYSTEM\ControlSet002\Services\SharedAccess\Epoch@Epoch 283 ---- EOF - GMER 2.1 ----