GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-05-02 14:59:40 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD400BB-00JHA0 rev.05.01C05 37,27GB Running: wm37w17e.exe; Driver: C:\DOCUME~1\Pc\USTAWI~1\Temp\aflirpob.sys ---- System - GMER 2.1 ---- SSDT F7EF5F4C ZwClose SSDT F7EF5F06 ZwCreateKey SSDT F7EF5F56 ZwCreateSection SSDT F7EF5EFC ZwCreateThread SSDT F7EF5F0B ZwDeleteKey SSDT F7EF5F15 ZwDeleteValueKey SSDT F7EF5F47 ZwDuplicateObject SSDT F7EF5F1A ZwLoadKey SSDT F7EF5EE8 ZwOpenProcess SSDT F7EF5EED ZwOpenThread SSDT F7EF5F6F ZwQueryValueKey SSDT F7EF5F24 ZwReplaceKey SSDT F7EF5F60 ZwRequestWaitReplyPort SSDT F7EF5F1F ZwRestoreKey SSDT F7EF5F5B ZwSetContextThread SSDT F7EF5F65 ZwSetSecurityObject SSDT F7EF5F10 ZwSetValueKey SSDT F7EF5F6A ZwSystemDebugControl SSDT F7EF5EF7 ZwTerminateProcess ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!_abnormal_termination + 234 804E2808 4 Bytes CALL A246176B .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF69C23C0, 0x84E2FA, 0xE8000020] ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{102EAB1E-1728-47BA-B431-F7FFDB0A79EF}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 89576 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8ED62054-E9BA-41C2-B1CB-FB2756E2425B}@LeaseObtainedTime 1399025730 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8ED62054-E9BA-41C2-B1CB-FB2756E2425B}@T1 1399025857 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8ED62054-E9BA-41C2-B1CB-FB2756E2425B}@T2 1399025953 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8ED62054-E9BA-41C2-B1CB-FB2756E2425B}@LeaseTerminatesTime 1399025985 Reg HKLM\SYSTEM\CurrentControlSet\Services\{8ED62054-E9BA-41C2-B1CB-FB2756E2425B}\Parameters\Tcpip@LeaseObtainedTime 1399025730 Reg HKLM\SYSTEM\CurrentControlSet\Services\{8ED62054-E9BA-41C2-B1CB-FB2756E2425B}\Parameters\Tcpip@T1 1399025857 Reg HKLM\SYSTEM\CurrentControlSet\Services\{8ED62054-E9BA-41C2-B1CB-FB2756E2425B}\Parameters\Tcpip@T2 1399025953 Reg HKLM\SYSTEM\CurrentControlSet\Services\{8ED62054-E9BA-41C2-B1CB-FB2756E2425B}\Parameters\Tcpip@LeaseTerminatesTime 1399025985 Reg HKLM\SYSTEM\ControlSet002\Control\Video\{102EAB1E-1728-47BA-B431-F7FFDB0A79EF}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0x95 0x2B 0x2F 0x8C ... Reg HKLM\SOFTWARE\Classes\CLSID\{fbf3e422-b8a0-4fbc-b55d-90c1a8489580}@Model 17 Reg HKLM\SOFTWARE\Classes\CLSID\{fbf3e422-b8a0-4fbc-b55d-90c1a8489580}@Therad 2 Reg HKLM\SOFTWARE\Classes\CLSID\{fbf3e422-b8a0-4fbc-b55d-90c1a8489580}@MData 0x73 0xD5 0xCF 0xB8 ... ---- EOF - GMER 2.1 ----