GMER 2.1.19155 - http://www.gmer.net Rootkit scan 2013-03-07 19:32:39 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 ST3500320AS rev.SD15 465,76GB Running: 4p70ornp.exe; Driver: C:\DOCUME~1\Kacper\USTAWI~1\Temp\fxrcqaob.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB686B3A0, 0x59FFE5, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB3473300, 0x3ACC8, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB8440300, 0x1B7E, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3996] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} ---- Devices - GMER 2.1 ---- Device \Driver\prodrv06 \Device\ProDrv06 E1BBFC30 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpman.sys AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpman.sys Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 prosync1.sys Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys Device \Driver\atapi \Device\Ide\IdePort2 prosync1.sys Device \Driver\atapi \Device\Ide\IdePort3 prosync1.sys Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-10 prosync1.sys AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpman.sys AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 tdrpman.sys Device \Driver\prohlp02 \Device\ProHlp02 E16F2E08 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys ---- EOF - GMER 2.1 ----