GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-12-08 02:51:47
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.SB2O
Running: 4bsuqsp2.exe; Driver: C:\DOCUME~1\Goga\USTAWI~1\Temp\kgtiqfow.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwEnumerateKey [0xA9FED9D6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwEnumerateValueKey [0xA9FEE36A]

---- Devices - GMER 1.0.15 ----

Device          \Driver\iaStor \Device\Ide\iaStor0                                                     [F7BFAD30] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\iaStor0                                                     prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort0                                                     831701F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                     prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort1                                                     831701F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                     prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                          [F7BFAD30] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                          prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\anh3ubwp \Device\Scsi\anh3ubwp1                                                82237500
Device          \Driver\anh3ubwp \Device\Scsi\anh3ubwp1                                                sfsync04.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\anh3ubwp \Device\Scsi\anh3ubwp1Port3Path0Target0Lun0                           82237500
Device          \Driver\anh3ubwp \Device\Scsi\anh3ubwp1Port3Path0Target0Lun0                           sfsync04.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \FileSystem\Ntfs \Ntfs                                                                 831DE1F8

AttachedDevice  \Driver\Tcpip \Device\Ip                                                               kltdi.sys (Network filtering component/Kaspersky Lab)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                              tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                              kltdi.sys (Network filtering component/Kaspersky Lab)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                              kltdi.sys (Network filtering component/Kaspersky Lab)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                            kltdi.sys (Network filtering component/Kaspersky Lab)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----