GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-03-03 14:45:13 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600JS-60MHB1 rev.10.02E02 149,05GB Running: o7vrfm37.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\pftdypow.sys ---- System - GMER 2.1 ---- SSDT \??\c:\documents and settings\administrator\ustawienia lokalne\temp\663423F0.sys ZwCreateSection [0xB182C7E8] SSDT \??\c:\documents and settings\administrator\ustawienia lokalne\temp\663423F0.sys ZwCreateThread [0xB182C96C] SSDT \??\C:\WINDOWS\system32\drivers\avgtpx86.sys ZwEnumerateKey [0xB8779342] SSDT \??\C:\WINDOWS\system32\drivers\avgtpx86.sys ZwEnumerateValueKey [0xB87793F2] SSDT \??\c:\documents and settings\administrator\ustawienia lokalne\temp\663423F0.sys ZwMakeTemporaryObject [0xB182C75E] SSDT \??\c:\documents and settings\administrator\ustawienia lokalne\temp\663423F0.sys ZwOpenSection [0xB18294EC] SSDT \??\C:\WINDOWS\system32\drivers\avgtpx86.sys ZwQueryValueKey [0xB877922A] SSDT \??\c:\documents and settings\administrator\ustawienia lokalne\temp\663423F0.sys ZwQueueApcThread [0xB182CA8A] SSDT \??\c:\documents and settings\administrator\ustawienia lokalne\temp\663423F0.sys ZwSetContextThread [0xB182CBAA] SSDT \??\c:\documents and settings\administrator\ustawienia lokalne\temp\663423F0.sys ZwSetSystemInformation [0xB18292A8] SSDT \??\c:\documents and settings\administrator\ustawienia lokalne\temp\663423F0.sys ZwSetSystemTime [0xB182945E] SSDT \??\c:\documents and settings\administrator\ustawienia lokalne\temp\663423F0.sys ZwSystemDebugControl [0xB1828F82] SSDT \??\c:\documents and settings\administrator\ustawienia lokalne\temp\663423F0.sys ZwUnmapViewOfSection [0xB182C6D0] SSDT \??\c:\documents and settings\administrator\ustawienia lokalne\temp\663423F0.sys ZwWriteVirtualMemory [0xB182A98A] ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!_abnormal_termination + 114 804E2770 4 Bytes CALL BBFFAA3C .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB756F3C0, 0x84E2FA, 0xE8000020] ? c:\documents and settings\administrator\ustawienia lokalne\temp\663423F0.sys Nie można odnaleźć określonego pliku. ! ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs 663423F0.sys AttachedDevice \Driver\Tcpip \Device\Ip 663423F0.sys AttachedDevice \Driver\Tcpip \Device\Tcp 663423F0.sys Device \FileSystem\458705E4ADC68C94 \Device\458705E4ADC68C94 663423F0.sys AttachedDevice \Driver\Tcpip \Device\Udp 663423F0.sys AttachedDevice \Driver\Tcpip \Device\RawIp 663423F0.sys AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat 663423F0.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{659A07C6-3E3F-4424-BE1F-F379229705D3}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{659A07C6-3E3F-4424-BE1F-F379229705D3}\0001@D3D_\x3332\x3331 2089309684 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION E77A25D084DB069ED23B33A72FC6AA9A56A681D2AE09CA6C128EF195F68DEDAE9A7C982EE30A0062AC9584FA3799207C6A51157B238EFCCF350ADC1B663446C188CC204E723FAA4AF486D301A8A9E4CB187D364D26CC59B73B92F78F1B55C90169E46FBAB7820DE1ADB0638EA53662F14B0DD90A12D4CB07977107BFC8F803ECD913BD6E60F072E63B057BECF18E43094FB87868644C0056A0C3537147B841BA5677C4D8BCB9694C6649E757F79A78E0568CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808C038D530D6EB3452C038D530D6EB3452FEBC9E127BECC74CB591BEC54FC0C46D5719908BF2934558BBBCF14B371D6C483ED6103B4417F156BACAD56EF5AE08CAD92DE1E32C9A1552DFC59170A67A0F061D5520E2F59156C7D9364C8E7746ADE6E54C9316677BBA98A7B6FE8E7AAE984748E87D6F13F2F89EE6FD48CFF830D700DFE9E77D2B3EC03326F3B559BC3E1B7424047907C8DD9349B63E97ED674D89A930F0C38DC41E12F7F5D1D017BA630E4C9B068D6603A6480A2484A8B9F0ADAB4AC2BD2E49448B0212B19A152284894A5D9C49535CF3D819760F57101788198A1E86A156CA7DA9C582FB8D65687051100E17960ACC93B06D77D92E05FDE50A56316D610C3E084F751CF8DACE6B968EFE1681AE942D992 ---- EOF - GMER 2.1 ----