GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-08-28 15:17:10 Windows 5.1.2600 Dodatek Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 HTS541060G9AT00 rev.MB3OA60A 55,89GB Running: wrgd5rrg.exe; Driver: C:\DOCUME~1\Admin\USTAWI~1\Temp\afayrpoc.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Program Files\PowerDVD12\Common\NavFilter\000.fcl section is writeable [0xF433D000, 0x2892, 0xE8000020] .vmp2 C:\Program Files\PowerDVD12\Common\NavFilter\000.fcl entry point in ".vmp2" section [0xF4360050] ? C:\WINDOWS\system32\drivers\gmsmsn.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[144] kernel32.dll!TerminateProcess 7C801E16 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[144] kernel32.dll!TerminateThread 7C81CACB 1 Byte [C3] .text C:\Program Files\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe[240] kernel32.dll!TerminateProcess 7C801E16 1 Byte [C3] .text C:\Program Files\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe[240] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes JMP 00C51000 C:\Program Files\PowerDVD12\Common\Boomerang\BoomerangLib.dll .text C:\Program Files\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe[240] kernel32.dll!TerminateThread 7C81CACB 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[360] kernel32.dll!TerminateProcess 7C801E16 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[360] kernel32.dll!TerminateThread 7C81CACB 1 Byte [C3] .text C:\WINDOWS\system32\CMD.EXE[388] kernel32.dll!TerminateProcess 7C801E16 1 Byte [C3] .text C:\WINDOWS\system32\CMD.EXE[388] kernel32.dll!TerminateThread 7C81CACB 1 Byte [C3] .text C:\Program Files\SMART Board Software\SMARTBoardTools.exe[536] kernel32.dll!TerminateProcess 7C801E16 1 Byte [C3] .text C:\Program Files\SMART Board Software\SMARTBoardTools.exe[536] kernel32.dll!TerminateThread 7C81CACB 1 Byte [C3] .text C:\Program Files\SMART Board Software\Aware.exe[1152] kernel32.dll!TerminateProcess 7C801E16 1 Byte [C3] .text C:\Program Files\SMART Board Software\Aware.exe[1152] kernel32.dll!TerminateThread 7C81CACB 1 Byte [C3] .text C:\Program Files\SMART Board Software\Marker.exe[1188] kernel32.dll!TerminateProcess 7C801E16 1 Byte [C3] .text C:\Program Files\SMART Board Software\Marker.exe[1188] kernel32.dll!TerminateThread 7C81CACB 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[1568] kernel32.dll!TerminateProcess 7C801E16 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[1568] kernel32.dll!TerminateThread 7C81CACB 1 Byte [C3] .text C:\WINDOWS\RTHDCPL.EXE[1840] kernel32.dll!TerminateProcess 7C801E16 1 Byte [C3] .text C:\WINDOWS\RTHDCPL.EXE[1840] kernel32.dll!TerminateThread 7C81CACB 1 Byte [C3] .text F:\wrgd5rrg.exe[2152] kernel32.dll!TerminateProcess 7C801E16 1 Byte [C3] .text F:\wrgd5rrg.exe[2152] kernel32.dll!TerminateThread 7C81CACB 1 Byte [C3] .text C:\Program Files\Common Files\SMART Technologies Inc\SMART Product Update\SMARTProductUpdate.exe[2312] kernel32.dll!TerminateProcess 7C801E16 1 Byte [C3] .text C:\Program Files\Common Files\SMART Technologies Inc\SMART Product Update\SMARTProductUpdate.exe[2312] kernel32.dll!TerminateThread 7C81CACB 1 Byte [C3] ---- EOF - GMER 2.1 ----