GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-04-08 11:42:49 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD502HJ rev.1AJ10001 Running: 9lq1jvms.exe; Driver: C:\DOCUME~1\PC\USTAWI~1\Temp\ffryyaow.sys ---- System - GMER 1.0.15 ---- SSDT B632D1BC ZwClose SSDT B632D176 ZwCreateKey SSDT B632D1C6 ZwCreateSection SSDT B632D16C ZwCreateThread SSDT B632D17B ZwDeleteKey SSDT B632D185 ZwDeleteValueKey SSDT B632D1B7 ZwDuplicateObject SSDT B632D18A ZwLoadKey SSDT B632D158 ZwOpenProcess SSDT B632D15D ZwOpenThread SSDT B632D1DF ZwQueryValueKey SSDT B632D194 ZwReplaceKey SSDT B632D1D0 ZwRequestWaitReplyPort SSDT B632D18F ZwRestoreKey SSDT B632D1CB ZwSetContextThread SSDT B632D1D5 ZwSetSecurityObject SSDT B632D180 ZwSetValueKey SSDT B632D1DA ZwSystemDebugControl SSDT B632D167 ZwTerminateProcess ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[2044] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044C909 C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit Malware Fighter Service/IObit) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\System\ql10wnt@EventMessageFile %SystemRoot%\System32\IoLogMsg.dll Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\System\ql10wnt@TypesSupported 7 ---- EOF - GMER 1.0.15 ----