GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-12-29 22:29:05
Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdePort1 ST380011A rev.8.01 0,00MB
Running: zv0sle5k.exe; Driver: D:\DOCUME~1\kixx\USTAWI~1\Temp\pxtdqpow.sys


---- Kernel code sections - GMER 2.1 ----

?       08949999.sys                                                                                                                   Nie można odnaleźć określonego pliku. !
?       455d83e69fbe57f4.sys                                                                                                           Nie można odnaleźć określonego pliku. !
.text   D:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                                       section is writeable [0xF7B79380, 0x3DEB95, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text   D:\WINDOWS\system32\winlogon.exe[524] ntdll.dll!NtLockProductActivationKeys                                                    7C90D4AE 5 Bytes  JMP 10001000 D:\WINDOWS\system32\antiwpa.dll
.text   D:\WINDOWS\system32\winlogon.exe[524] USER32.dll!GetSystemMetrics                                                              7E368F9C 5 Bytes  JMP 10001018 D:\WINDOWS\system32\antiwpa.dll

---- Devices - GMER 2.1 ----

Device  \Driver\00001411 \Device\KLMD12112013_02100002                                                                                 08949999.sys
Device  \Driver\00001411 \Device\KLMD12112013_02100002                                                                                 08949999.sys
Device  \FileSystem\14357641 \Device\KLMD12112013_02100002_B                                                                           08949999.sys

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch                                                                11907
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DAEA8827-466C-4007-A195-660BC26A89F6}@LeaseObtainedTime    1388346830
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DAEA8827-466C-4007-A195-660BC26A89F6}@T1                   1388347101
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DAEA8827-466C-4007-A195-660BC26A89F6}@T2                   1388347326
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DAEA8827-466C-4007-A195-660BC26A89F6}@LeaseTerminatesTime  1388347430
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DAEA8827-466C-4007-A195-660BC26A89F6}@DhcpRetryTime        271
Reg     HKLM\SYSTEM\CurrentControlSet\Services\{DAEA8827-466C-4007-A195-660BC26A89F6}\Parameters\Tcpip@LeaseObtainedTime               1388346830
Reg     HKLM\SYSTEM\CurrentControlSet\Services\{DAEA8827-466C-4007-A195-660BC26A89F6}\Parameters\Tcpip@T1                              1388347101
Reg     HKLM\SYSTEM\CurrentControlSet\Services\{DAEA8827-466C-4007-A195-660BC26A89F6}\Parameters\Tcpip@T2                              1388347326
Reg     HKLM\SYSTEM\CurrentControlSet\Services\{DAEA8827-466C-4007-A195-660BC26A89F6}\Parameters\Tcpip@LeaseTerminatesTime             1388347430

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                          sector 0: rootkit-like behavior

---- EOF - GMER 2.1 ----