GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-06-02 17:03:57 Windows 5.1.2600 Dodatek Service Pack 3 Running: gmer.exe; Driver: D:\DOCUME~1\SysOp\USTAWI~1\Temp\uxloakoc.sys ---- System - GMER 1.0.15 ---- SSDT 89679C00 ZwAlertResumeThread SSDT 89644050 ZwAlertThread SSDT 88D88458 ZwAllocateVirtualMemory SSDT 88D8E050 ZwAssignProcessToJobObject SSDT 896F8AC8 ZwConnectPort SSDT \??\D:\WINDOWS\system32\drivers\HMFAxCore56d706f6725c732df006697fd5ec3381.sys ZwCreateFile [0xB84A9592] SSDT \??\D:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB39AA210] SSDT 88DF1F40 ZwCreateMutant SSDT 88D556A8 ZwCreateSymbolicLinkObject SSDT 88D88838 ZwCreateThread SSDT 88E0F050 ZwDebugActiveProcess SSDT \??\D:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB39AA490] SSDT \??\D:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB39AA9F0] SSDT 88D88630 ZwDuplicateObject SSDT 88E085E0 ZwFreeVirtualMemory SSDT 89689050 ZwImpersonateAnonymousToken SSDT 8968B050 ZwImpersonateThread SSDT 899C7990 ZwLoadDriver SSDT 88E08500 ZwMapViewOfSection SSDT 88D92050 ZwOpenEvent SSDT \??\D:\WINDOWS\system32\drivers\HMFAxCore56d706f6725c732df006697fd5ec3381.sys ZwOpenFile [0xB84A97AA] SSDT \??\D:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwOpenKey [0xB39AA7A0] SSDT 88CBE308 ZwOpenProcess SSDT 8964C050 ZwOpenProcessToken SSDT 88D90050 ZwOpenSection SSDT 88D88700 ZwOpenThread SSDT 88D55778 ZwProtectVirtualMemory SSDT \??\D:\WINDOWS\system32\drivers\HMFAxCore56d706f6725c732df006697fd5ec3381.sys ZwQueryDirectoryFile [0xB84A994E] SSDT 8956A050 ZwResumeThread SSDT 89574050 ZwSetContextThread SSDT 88E136B8 ZwSetInformationProcess SSDT 88D8F050 ZwSetSystemInformation SSDT \??\D:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB39AAC40] SSDT 88E11050 ZwSuspendProcess SSDT 8956C050 ZwSuspendThread SSDT 896B2708 ZwTerminateProcess SSDT 88DE7050 ZwTerminateThread SSDT 89578050 ZwUnmapViewOfSection SSDT 88D88388 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- ? SYMDS.SYS Nie można odnaleźć określonego pliku. ! ? SYMEFA.SYS Nie można odnaleźć określonego pliku. ! .text D:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7540360, 0x3D46B5, 0xE8000020] ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) ---- EOF - GMER 1.0.15 ----