GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-24 10:48:06 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e ST3250310AS rev.3.AAC 232,89GB Running: gmer.exe; Driver: C:\DOCUME~1\Sonic\USTAWI~1\Temp\pwairfob.sys ---- System - GMER 2.1 ---- INT 0x01 \??\C:\DOCUME~1\Sonic\USTAWI~1\Temp\pwairfob.sys ACE6F50B ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB71523C0, 0x9B091A, 0xE8000020] .text C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl section is writeable [0xAE0EB000, 0x2892, 0xE8000020] .vmp2 C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl entry point in ".vmp2" section [0xAE10E050] ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL 08692E143D8F61C2BE466AF6A5AC838A98F25A64CAFD8D9586D614393C7F9FCC734101A9087988DF879369202FAAB5654576CEA3E58D0110EE9E9C5923213DEBBEA51F0601C91EB8F3EF56306FC16C4525238BC430928965ED2A4557AB2944F3E2CFFE6710EF7E65DF65B33EC07E9FE91972BF57995C5B9E0A830D5D7A484455AB7C09302D1AB25FFA00F886143576F45664110FA6FD5BA89E3C6336C9F10265B86C1E6568BFFD844CD191FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6171C11EC38DE3DC038D530D6EB34525D575E7D6A3B9808D720B8555F9F0F8B6A85A1F1071B8448E455781A9EDBF0966054BCD292B71284D2BB6939CF8A60015ED5962ADA80B66B2AECA5336F2C846BCA117F5C32739822BEA265B777C4F4A379B6CBC58F9E35C47DC6CCAEAFED87B7052FA241602DB078BE84B9CB8065230718AE4F3F59F3A8F7965B9A203F2091CC413F9252458803259EA736A57E584AB5BD58F0C153CE3F1ACE3B02D2E19BC3EDD0E503166C04C2B949656FA867DDC82F8FE0C5AD7D552B39A70AB9C33E8840D22ED9EBC848EC2139502B3CEB928983E3D68CA99938002251427D3C2560E4AC2974E988D62DE4569F68783A3C3F4364B982AF37CB4B1C5CD7E5E246DB3702B48E62F357E4D0641E576A65C9978 ---- EOF - GMER 2.1 ----