GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-06-02 17:10:38 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-1a SAMSUNG_HD322HJ rev.1AC01118 298,09GB Running: gmer.exe; Driver: C:\DOCUME~1\twielich\USTAWI~1\Temp\kgtiyuod.sys ---- System - GMER 2.2 ---- SSDT \WINDOWS\system32\ntkrnlpa.exe ZwCreateKey [0x804D7FE2] SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D7FE2] ZwCreateKey [0x804D7FE2] SSDT \WINDOWS\system32\ntkrnlpa.exe ZwOpenKey [0x804D7FE7] SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D7FE7] ZwOpenKey [0x804D7FE7] INT 0x03 \WINDOWS\system32\ntkrnlpa.exe[unknown section] 804D7FF1 INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys BA1BB16D INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys BA1BAFC2 ---- Kernel code sections - GMER 2.2 ---- .text C:\WINDOWS\system32\DRIVERS\aksfridge.sys section is writeable [0xA8456000, 0x4BE00, 0xE0000020] .init C:\WINDOWS\system32\DRIVERS\aksfridge.sys entry point in ".init" section [0xA84AF224] .init C:\WINDOWS\system32\DRIVERS\aksfridge.sys unknown last code section [0xA84AF000, 0x4000, 0xE20000E0] .text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xA8232400, 0x6CBD0, 0xE8000020] .init C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".init" section [0xA82B6424] .init C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xA82B6200, 0xEC00, 0xE20000E0] ? C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 2.2 ---- .text C:\Program Files\Aladdin\HASP LM\nhsrvice.exe[1696] kernel32.dll!ExitProcess 7C81BFA2 5 Bytes JMP 0043B37E C:\Program Files\Aladdin\HASP LM\nhsrvice.exe .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1932] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Mozilla Firefox\firefox.exe[4452] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10001980 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4452] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01895634 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4452] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 018949A0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4452] kernel32.dll!ValidateLocale + B648 7C844EE0 7 Bytes JMP 015EAAFA C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4452] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01894289 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 024823AB C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 015C5579 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 01980EF6 C:\Program Files\Mozilla Firefox\xul.dll ---- Devices - GMER 2.2 ---- AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys Device \FileSystem\Cdfs \Cdfs A6841400 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----