GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-06-04 23:12:11 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 FUJITSU_MHW2120BH rev.00000012 111,79GB Running: pvk3i0n6.exe; Driver: C:\DOCUME~1\Kasia\USTAWI~1\Temp\pwadiaod.sys ---- System - GMER 2.1 ---- SSDT 848FDE28 ZwAlertResumeThread SSDT 848FDEC0 ZwAlertThread SSDT 84997828 ZwAllocateVirtualMemory SSDT 848FD8A0 ZwAssignProcessToJobObject SSDT 84A597E0 ZwConnectPort SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwCreateKey [0xEDE96F50] SSDT 848FDC50 ZwCreateMutant SSDT 848FD750 ZwCreateSymbolicLinkObject SSDT 84997B60 ZwCreateThread SSDT 848FD938 ZwDebugActiveProcess SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteKey [0xEDE971D0] SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteValueKey [0xEDE97890] SSDT 84997968 ZwDuplicateObject SSDT 849976B8 ZwFreeVirtualMemory SSDT 848FDCF8 ZwImpersonateAnonymousToken SSDT 848FDD90 ZwImpersonateThread SSDT 849F83E8 ZwLoadDriver SSDT 84997600 ZwMapViewOfSection SSDT 848FDBB8 ZwOpenEvent SSDT 84997AB8 ZwOpenProcess SSDT 849978D0 ZwOpenProcessToken SSDT 848FDA88 ZwOpenSection SSDT 84997A10 ZwOpenThread SSDT 848FD7F8 ZwProtectVirtualMemory SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwRenameKey [0xEDE97DF0] SSDT 848FDF58 ZwResumeThread SSDT 84997428 ZwSetContextThread SSDT 849974C0 ZwSetInformationProcess SSDT 848FD9D0 ZwSetSystemInformation SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwSetValueKey [0xEDE97B10] SSDT 848FDB20 ZwSuspendProcess SSDT 848FDFD0 ZwSuspendThread SSDT 8490E358 ZwTerminateProcess SSDT 84997390 ZwTerminateThread SSDT 84997568 ZwUnmapViewOfSection SSDT 84997760 ZwWriteVirtualMemory ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2D48 805045E4 4 Bytes [E8, 83, 9F, 84] ? SYMDS.SYS Nie można odnaleźć określonego pliku. ! ? SYMEFA.SYS Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 2.1 ---- .text C:\Documents and Settings\Kasia\Moje dokumenty\Pobieranie\pvk3i0n6.exe[3872] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 005F0048 .text C:\Documents and Settings\Kasia\Moje dokumenty\Pobieranie\pvk3i0n6.exe[3872] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 003D0050 .text C:\Documents and Settings\Kasia\Moje dokumenty\Pobieranie\pvk3i0n6.exe[3872] ADVAPI32.dll!OpenSCManagerW + A3 77DD6FF8 7 Bytes JMP 005F020E .text C:\Documents and Settings\Kasia\Moje dokumenty\Pobieranie\pvk3i0n6.exe[3872] ADVAPI32.dll!LogonUserExW + 461 77DE4A04 7 Bytes JMP 005F012A .text C:\Documents and Settings\Kasia\Moje dokumenty\Pobieranie\pvk3i0n6.exe[3872] ADVAPI32.dll!SystemFunction025 + 8D 77DE4C61 7 Bytes JMP 005F0682 .text C:\Documents and Settings\Kasia\Moje dokumenty\Pobieranie\pvk3i0n6.exe[3872] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E26E64 7 Bytes JMP 005F059E .text C:\Documents and Settings\Kasia\Moje dokumenty\Pobieranie\pvk3i0n6.exe[3872] ADVAPI32.dll!ChangeServiceConfigA + 193 77E26FFC 7 Bytes JMP 005F03D6 .text C:\Documents and Settings\Kasia\Moje dokumenty\Pobieranie\pvk3i0n6.exe[3872] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E2720C 2 Bytes JMP 005F02F2 .text C:\Documents and Settings\Kasia\Moje dokumenty\Pobieranie\pvk3i0n6.exe[3872] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E2720F 4 Bytes [7C, 88, EB, F9] {JL 0xffffff8a; JMP 0xfffffffd} .text C:\Documents and Settings\Kasia\Moje dokumenty\Pobieranie\pvk3i0n6.exe[3872] ADVAPI32.dll!CreateServiceA + 193 77E273A4 7 Bytes JMP 005F04BA .text C:\Documents and Settings\Kasia\Moje dokumenty\Pobieranie\pvk3i0n6.exe[3872] ADVAPI32.dll!CreateServiceW + 103 77E274AC 7 Bytes JMP 005F0766 .text C:\Documents and Settings\Kasia\Moje dokumenty\Pobieranie\pvk3i0n6.exe[3872] USER32.dll!CreateSystemThreads + 10A 7E3817F2 7 Bytes JMP 005F092C .text C:\Documents and Settings\Kasia\Moje dokumenty\Pobieranie\pvk3i0n6.exe[3872] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 005F084A ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS ---- EOF - GMER 2.1 ----