GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-08-02 16:44:19 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 Hitachi_HTS541212H9AT00 rev.HP4OA23C Running: t94llw7g.exe; Driver: C:\DOCUME~1\XP\USTAWI~1\Temp\ufldqaog.sys ---- System - GMER 1.0.15 ---- SSDT FEFDF908 ZwAlertResumeThread SSDT FEFDF9E8 ZwAlertThread SSDT FEFE0590 ZwAllocateVirtualMemory SSDT 82DBD108 ZwConnectPort SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xAA0AB410] SSDT FEFDF668 ZwCreateMutant SSDT FEFE09C8 ZwCreateThread SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xAA0AB6B0] SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAA0ABDC0] SSDT FEFE03E0 ZwFreeVirtualMemory SSDT FEFDF748 ZwImpersonateAnonymousToken SSDT FEFDF828 ZwImpersonateThread SSDT FF419CC0 ZwMapViewOfSection SSDT FEFDF588 ZwOpenEvent SSDT FEFE08E8 ZwOpenProcessToken SSDT FEFDFEB0 ZwOpenThreadToken SSDT FEFDF498 ZwQueryValueKey SSDT FF3E5540 ZwResumeThread SSDT FEFDFDD0 ZwSetContextThread SSDT FEFDFF90 ZwSetInformationProcess SSDT FEFDFCF0 ZwSetInformationThread SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAA0AC020] SSDT FEFDF3B8 ZwSuspendProcess SSDT FEFDFB30 ZwSuspendThread SSDT FEFE11A0 ZwTerminateProcess SSDT FEFDFC10 ZwTerminateThread SSDT FEFE0258 ZwUnmapViewOfSection SSDT FEFE04C0 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2DD0 8050466C 4 Bytes [E8, 08, FE, FE] ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) Device \Driver\Cdrom \Device\CdRom0 OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies) AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) AttachedDevice \FileSystem\Fastfat \Fat OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----