GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-02-20 17:42:33 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 SAMSUNG_HD753LJ rev.1AA01113 698,64GB Running: gmer.exe; Driver: C:\DOCUME~1\admin\USTAWI~1\Temp\kxtyiaoc.sys ---- System - GMER 2.2 ---- SSDT sptd.sys ZwCreateKey [0xB9ECFA50] SSDT sptd.sys ZwEnumerateKey [0xB9F03FFE] SSDT sptd.sys ZwEnumerateValueKey [0xB9F0438C] SSDT sptd.sys ZwOpenKey [0xB9ECFA30] SSDT sptd.sys ZwQueryKey [0xB9F04464] SSDT sptd.sys ZwQueryValueKey [0xB9F042E4] SSDT sptd.sys ZwSetValueKey [0xB9F044F6] INT 0x63 ? 8B1C4CC8 INT 0x63 ? 8B1C4CC8 INT 0x63 ? 8B1C4CC8 INT 0x63 ? 8B1C4CC8 INT 0x63 ? 8A393CC8 INT 0x83 ? 8B1C8CC8 INT 0x83 ? 8A393CC8 INT 0x83 ? 8B1C8CC8 INT 0x94 ? 8A393CC8 INT 0x94 ? 8A393CC8 INT 0x94 ? 8A393CC8 INT 0x94 ? 8A393CC8 INT 0xA4 ? 8A393CC8 INT 0xB4 ? 8A393CC8 ---- Kernel code sections - GMER 2.2 ---- .text sptd.sys B9E95000 4 Bytes [A6, CB, 6E, 80] .text sptd.sys B9E95005 27 Bytes [79, 6E, 80, 30, 78, 6E, 80, ...] .text sptd.sys B9E95024 4 Bytes [74, 7F, E8, B9] .text sptd.sys B9E9502C 116 Bytes [A4, 1A, 5E, 80, 6A, 8F, 5E, ...] .text sptd.sys B9E950A1 128 Bytes [97, 53, 80, A0, 98, 53, 80, ...] .text ... .sptd2 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xB9F8CD38] ? C:\WINDOWS\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8F4C000, 0x29C9F0, 0xE8000020] ---- EOF - GMER 2.2 ----