GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2010-11-15 18:02:31 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 FUJITSU_MHV2060AT_PL rev.008300A1 Running: n7346gmu.exe; Driver: C:\DOCUME~1\COMPAQ~1\USTAWI~1\Temp\axtdqpod.sys ---- System - GMER 1.0.15 ---- SSDT 82BA23F0 ZwAlertResumeThread SSDT 82BA31E0 ZwAlertThread SSDT 82AD9EA8 ZwAllocateVirtualMemory SSDT 82B26FD0 ZwAssignProcessToJobObject SSDT 82C3FED8 ZwConnectPort SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xAA6CE210] SSDT 82D4BA38 ZwCreateMutant SSDT 82A4B290 ZwCreateSymbolicLinkObject SSDT 82B2D8F8 ZwCreateThread SSDT 82B270D8 ZwDebugActiveProcess SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xAA6CE490] SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAA6CE9F0] SSDT 82B12B88 ZwDuplicateObject SSDT 82C60C88 ZwFreeVirtualMemory SSDT 82B2CF80 ZwImpersonateAnonymousToken SSDT 82B9EFD0 ZwImpersonateThread SSDT 82AE1128 ZwLoadDriver SSDT 82B05180 ZwMapViewOfSection SSDT 82B2D438 ZwOpenEvent SSDT 82C44680 ZwOpenProcess SSDT 82C61E30 ZwOpenProcessToken SSDT 82B27A30 ZwOpenSection SSDT 82B243E0 ZwOpenThread SSDT 82A4B9F8 ZwProtectVirtualMemory SSDT 82BA3AA0 ZwResumeThread SSDT 82BCBA10 ZwSetContextThread SSDT 82C64830 ZwSetInformationProcess SSDT 82B277F0 ZwSetSystemInformation SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAA6CEC40] SSDT 82B2A138 ZwSuspendProcess SSDT 82BA5EC8 ZwSuspendThread SSDT 82C60BF8 ZwTerminateProcess SSDT 82C62B10 ZwTerminateThread SSDT 82C61F20 ZwUnmapViewOfSection SSDT 82C5E580 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2488 80501CC0 4 Bytes JMP 6504C731 ? SYMDS.SYS Nie można odnaleźć określonego pliku. ! ? SYMEFA.SYS Nie można odnaleźć określonego pliku. ! init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF78698BF] ---- Devices - GMER 1.0.15 ---- Device Ntfs.sys (NT File System Driver/Microsoft Corporation) Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----