GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-08-10 11:42:08 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e ST31500341AS rev.CC1H Running: nl2gdo0d.exe; Driver: C:\DOCUME~1\ABC\USTAWI~1\Temp\kwadrkob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\drivers\dwprot.sys ZwAllocateVirtualMemory [0xB17292D2] SSDT \SystemRoot\system32\drivers\dwprot.sys ZwCreateThread [0xB172A904] SSDT \SystemRoot\system32\drivers\dwprot.sys ZwFreeVirtualMemory [0xB172955E] SSDT \SystemRoot\system32\drivers\dwprot.sys ZwOpenSection [0xB17290F0] SSDT \SystemRoot\system32\drivers\dwprot.sys ZwQueueApcThread [0xB172AA0C] SSDT \SystemRoot\system32\drivers\dwprot.sys ZwSetContextThread [0xB172AA58] SSDT \SystemRoot\system32\drivers\dwprot.sys ZwSystemDebugControl [0xB1729006] SSDT \SystemRoot\system32\drivers\dwprot.sys ZwWriteVirtualMemory [0xB172966E] ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB67003C0, 0x9B091A, 0xE8000020] .text C:\WINDOWS\system32\drivers\oreans32.sys section is writeable [0xB82B8280, 0x7B1C, 0xE8000020] ? system32\drivers\dwprot.sys System nie może odnaleźć określonej ścieżki. ! ? C:\DOCUME~1\ABC\USTAWI~1\Temp\M5BEn7m4.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Utility\FreeCommanderXE\FreeCommander.exe[492] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 00468CED C:\Utility\FreeCommanderXE\FreeCommander.exe (FreeCommander - Freeware File Manager for Windows/Marek Jasinski) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 89DD88E8 Device \FileSystem\Ntfs \Ntfs 8A05F890 Device \FileSystem\Ntfs \Ntfs 891DF5A8 Device \FileSystem\Ntfs \Ntfs 89091390 AttachedDevice \FileSystem\Ntfs \Ntfs dwprot.sys Device \FileSystem\Fastfat \FatCdrom 89FC0F48 Device \FileSystem\Fastfat \FatCdrom 8A0018B0 Device \FileSystem\Fastfat \FatCdrom 891A7928 AttachedDevice \Driver\Tcpip \Device\Ip dwprot.sys AttachedDevice \Driver\Tcpip \Device\Tcp dwprot.sys AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume7 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume8 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Tcpip \Device\Udp dwprot.sys AttachedDevice \Driver\Tcpip \Device\RawIp dwprot.sys Device \FileSystem\Fastfat \Fat 89FC0F48 Device \FileSystem\Fastfat \Fat 8A0018B0 Device \FileSystem\Fastfat \Fat 891A7928 AttachedDevice \FileSystem\Fastfat \Fat dwprot.sys ---- EOF - GMER 1.0.15 ----