GMER 2.1.19357 - http://www.gmer.net Rootkit quick scan 2014-04-05 17:44:37 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HDP725050GLA360 rev.GM4OA52A 465,76GB Running: bz5ewrph.exe; Driver: C:\DOCUME~1\Giza\USTAWI~1\Temp\kwacrkod.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwEnumerateKey [0xB421D28E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwEnumerateValueKey [0xB421D0F9] Code B6C9E47C ZwRequestPort Code B6C9E51C ZwRequestWaitReplyPort Code B6C9E47B NtRequestPort Code B6C9E51B NtRequestWaitReplyPort ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 [B9E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B9E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B9E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\aec4krim \Device\Scsi\aec4krim1 8AC351F8 Device \Driver\aec4krim \Device\Scsi\aec4krim1Port2Path0Target0Lun0 8AC351F8 Device \FileSystem\Ntfs \Ntfs 8B0831F8 AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS ---- EOF - GMER 2.1 ----