GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-05-07 00:04:37 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3 SAMSUNG_SP0411C rev.UU100-05 37,31GB Running: kssi5n9p.exe; Driver: C:\DOCUME~1\cryss12\USTAWI~1\Temp\kwlcqkog.sys ---- System - GMER 2.1 ---- SSDT d347bus.sys ZwClose [0xB7F5F818] SSDT d347bus.sys ZwCreateKey [0xB7F5F7D0] SSDT d347bus.sys ZwCreatePagingFile [0xB7F53A20] SSDT d347bus.sys ZwEnumerateKey [0xB7F542A8] SSDT d347bus.sys ZwEnumerateValueKey [0xB7F5F910] SSDT d347bus.sys ZwOpenKey [0xB7F5F794] SSDT d347bus.sys ZwQueryKey [0xB7F542C8] SSDT d347bus.sys ZwQueryValueKey [0xB7F5F866] SSDT d347bus.sys ZwSetSystemPowerState [0xB7F5F0B0] ---- Kernel code sections - GMER 2.1 ---- ? System nie może odnaleźć określonej ścieżki. ! .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6F353C0, 0x9B091A, 0xE8000020] ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 89DE34E8 Device \FileSystem\Fastfat \FatCdrom 89040030 AttachedDevice \Driver\Tcpip \Device\Tcp asdws.sys Device \Driver\Cdrom \Device\CdRom0 89A03008 Device \FileSystem\Rdbss \Device\FsWrap 88FE5240 Device \Driver\atapi \Device\Ide\IdePort0 89B8D008 Device \Driver\atapi \Device\Ide\IdePort1 89B8D008 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e 89B8D008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 89B8D008 Device \FileSystem\Srv \Device\LanmanServer 897E4E08 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88F7BE58 Device \FileSystem\MRxSmb \Device\LanmanRedirector 88F7BE58 Device \FileSystem\Npfs \Device\NamedPipe 897E8C10 Device \FileSystem\Msfs \Device\Mailslot 89A92A68 Device \Driver\d347prt \Device\Scsi\d347prt1 89A5D780 Device \FileSystem\Fastfat \Fat 89040030 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 89C06CE8 Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 89C06CE8 Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 89C06CE8 Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 89C06CE8 Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 89C06CE8 Device \FileSystem\Cdfs \Cdfs 89A563D8 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89b8d008]<< 89b8d008 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89de8030] 89de8030 Trace 3 CLASSPNP.SYS[b80f8fd7] -> nt!IofCallDriver -> \Device\0000006d[0x89e20360] 89e20360 Trace 5 ACPI.sys[b7f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-3[0x89e05940] 89e05940 Trace \Driver\atapi[0x89e068f0] -> IRP_MJ_CREATE -> 0x89b8d008 89b8d008 ---- Modules - GMER 2.1 ---- Module _________ (FILE NOT FOUND) B7EE4000-B7EFC000 (98304 bytes) ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\Control\Video\{7FAC5BCA-DE10-42E3-801F-644CBA246537}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet001\Control\Video\{9F4AEFAA-311C-4021-9138-7CF77FC92D01}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet001\Control\Video\{A23A1D30-2795-4D80-8FA3-1D8805504EE0}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet001\Control\Video\{D42B2AE2-6462-44BB-808B-F432BC64E8E0}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{7FAC5BCA-DE10-42E3-801F-644CBA246537}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{9F4AEFAA-311C-4021-9138-7CF77FC92D01}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{A23A1D30-2795-4D80-8FA3-1D8805504EE0}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{D42B2AE2-6462-44BB-808B-F432BC64E8E0}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf42 ---- EOF - GMER 2.1 ----