GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-02-05 07:52:51 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e WDC_WD5000AADS-00S9B0 rev.01.00A01 465,76GB Running: fcjk7rew.exe; Driver: C:\DOCUME~1\Dorota\USTAWI~1\Temp\fwlyipow.sys ---- System - GMER 2.1 ---- SSDT BA6FC06C ZwClose SSDT BA6FC026 ZwCreateKey SSDT BA6FC076 ZwCreateSection SSDT BA6FC01C ZwCreateThread SSDT BA6FC02B ZwDeleteKey SSDT BA6FC035 ZwDeleteValueKey SSDT BA6FC067 ZwDuplicateObject SSDT BA6FC03A ZwLoadKey SSDT BA6FC008 ZwOpenProcess SSDT BA6FC00D ZwOpenThread SSDT BA6FC08F ZwQueryValueKey SSDT BA6FC044 ZwReplaceKey SSDT BA6FC080 ZwRequestWaitReplyPort SSDT BA6FC03F ZwRestoreKey SSDT BA6FC07B ZwSetContextThread SSDT BA6FC085 ZwSetSecurityObject SSDT BA6FC030 ZwSetValueKey SSDT BA6FC08A ZwSystemDebugControl SSDT BA6FC017 ZwTerminateProcess ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB91D0000, 0x1C5D38, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\SearchIndexer.exe[2020] kernel32.dll!WriteFile 7C8112FF 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F1E502DA-071F-4772-BE04-C327974B0344}@LeaseObtainedTime 1391522071 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F1E502DA-071F-4772-BE04-C327974B0344}@T1 1391522371 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F1E502DA-071F-4772-BE04-C327974B0344}@T2 1391522596 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F1E502DA-071F-4772-BE04-C327974B0344}@LeaseTerminatesTime 1391522671 Reg HKLM\SYSTEM\CurrentControlSet\Services\{F1E502DA-071F-4772-BE04-C327974B0344}\Parameters\Tcpip@LeaseObtainedTime 1391522071 Reg HKLM\SYSTEM\CurrentControlSet\Services\{F1E502DA-071F-4772-BE04-C327974B0344}\Parameters\Tcpip@T1 1391522371 Reg HKLM\SYSTEM\CurrentControlSet\Services\{F1E502DA-071F-4772-BE04-C327974B0344}\Parameters\Tcpip@T2 1391522596 Reg HKLM\SYSTEM\CurrentControlSet\Services\{F1E502DA-071F-4772-BE04-C327974B0344}\Parameters\Tcpip@LeaseTerminatesTime 1391522671 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS@StateIndex 0 ---- EOF - GMER 2.1 ----