GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-12-18 20:59:30 Windows 5.1.2600 Dodatek Service Pack 3 Running: 6eel5siu.exe; Driver: I:\DOCUME~1\PatrykG\USTAWI~1\Temp\pxtdapow.sys ---- Kernel code sections - GMER 2.1 ---- .text I:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB660E000, 0x2AAE02, 0xE8000020] ? I:\WINDOWS\system32\Drivers\PROCEXP100.SYS Nie można odnaleźć określonego pliku. ! ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip tStLibG.sys AttachedDevice \Driver\Tcpip \Device\Tcp tStLibG.sys AttachedDevice \Driver\Tcpip \Device\Udp tStLibG.sys AttachedDevice \Driver\Tcpip \Device\RawIp tStLibG.sys ---- Registry - GMER 2.1 ---- Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\23\0 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\23\0@NodeSlot 4578 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\23\0@MRUListEx 0xFF 0xFF 0xFF 0xFF Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\129\Shell@ScrollPos1280x1024(1).y 419 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\148\Shell@MinPos1280x1024(1).x -32000 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\148\Shell@MinPos1280x1024(1).y -32000 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\148\Shell@WinPos1280x1024(1).left 154 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\148\Shell@WinPos1280x1024(1).top 203 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\148\Shell@WinPos1280x1024(1).right 954 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\148\Shell@WinPos1280x1024(1).bottom 803 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\148\Shell@ScrollPos1280x1024(1).x 2 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\2366\Shell@WinPos1280x1024(1).left 117 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\2366\Shell@WinPos1280x1024(1).top 145 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\2366\Shell@WinPos1280x1024(1).right 1176 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\2366\Shell@WinPos1280x1024(1).bottom 754 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\3352\Shell@MinPos1280x1024(1).x -32000 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\3352\Shell@MinPos1280x1024(1).y -32000 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\3352\Shell@WinPos1280x1024(1).left 154 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\3352\Shell@WinPos1280x1024(1).top 203 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\3352\Shell@WinPos1280x1024(1).right 954 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\3352\Shell@WinPos1280x1024(1).bottom 803 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\4578\Shell@WinPos1280x1024(1).left 50 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\4578\Shell@WinPos1280x1024(1).top 137 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\4578\Shell@WinPos1280x1024(1).right 1212 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\4578\Shell@WinPos1280x1024(1).bottom 871 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\4964\Shell@WinPos1280x1024(1).left 50 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\4964\Shell@WinPos1280x1024(1).top 137 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\4964\Shell@WinPos1280x1024(1).right 1212 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\4964\Shell@WinPos1280x1024(1).bottom 871 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\7\Shell@WinPos1280x1024(1).left 88 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\7\Shell@WinPos1280x1024(1).top 116 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\7\Shell@WinPos1280x1024(1).right 1082 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\7\Shell@WinPos1280x1024(1).bottom 782 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\7\Shell@ScrollPos1280x1024(1).y 1721 ---- EOF - GMER 2.1 ----