GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-09 19:21:55
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800JB-00ETA0 rev.77.07W77
Running: ule2gw9i.exe; Driver: C:\DOCUME~1\MK091A~1\USTAWI~1\Temp\kwadrfog.sys


---- Kernel code sections - GMER 1.0.15 ----

?        RGRCZ@J@                                                            Nazwa pliku, nazwa katalogu lub składnia etykiety woluminu jest niepoprawna. !
?        system32\drivers\xpsec.sys                                           System nie może odnaleźć określonej ścieżki. !
?        system32\drivers\xcpip.sys                                           System nie może odnaleźć określonej ścieżki. !

---- User code sections - GMER 1.0.15 ----

.text    C:\WINDOWS\system32\winlogon.exe[512] Secur32.dll!LsaLogonUser       77FE33F1 5 Bytes  JMP 00DF2C81 
.text    C:\WINDOWS\Explorer.EXE[1544] USER32.dll!DisplayExitWindowsWarnings  7E3A9F91 5 Bytes  JMP 00C72A93 
.text    C:\WINDOWS\Explorer.EXE[1544] WS2_32.dll!closesocket                 71A53E2B 5 Bytes  JMP 00FD9F7E 
.text    C:\WINDOWS\Explorer.EXE[1544] WS2_32.dll!send                        71A54C27 5 Bytes  JMP 00FD9B1B 
.text    C:\WINDOWS\Explorer.EXE[1544] WS2_32.dll!WSARecv                     71A54CB5 5 Bytes  JMP 00FD9E30 
.text    C:\WINDOWS\Explorer.EXE[1544] WS2_32.dll!recv                        71A5676F 5 Bytes  JMP 00FD9BFC 
.text    C:\WINDOWS\Explorer.EXE[1544] WS2_32.dll!WSASend                     71A568FA 5 Bytes  JMP 00FD9CCF 

---- Devices - GMER 1.0.15 ----

Device   \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                          RGRCZ@J@
Device   \Driver\atapi \Device\Ide\IdePort0                                   RGRCZ@J@
Device   \Driver\atapi \Device\Ide\IdePort1                                   RGRCZ@J@
Device   \Driver\atapi \Device\Ide\IdePort2                                   RGRCZ@J@
Device   \Driver\atapi \Device\Ide\IdePort3                                   RGRCZ@J@
Device   \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12                         RGRCZ@J@
Device   \Driver\prohlp02 \Device\ProHlp02                                    E19822E0
Device   \FileSystem\Cdfs \Cdfs                                               F83AD400

---- Services - GMER 1.0.15 ----

Service  C:\WINDOWS\System32\alg.exe? (*** hidden *** )                       [MANUAL] ALG                                                                     <-- ROOTKIT !!!
Service  C:\WINDOWS\system32\cisvc.exe? (*** hidden *** )                     [MANUAL] CiSvc                                                                   <-- ROOTKIT !!!
Service  C:\WINDOWS\system32\clipsrv.exe? (*** hidden *** )                   [MANUAL] ClipSrv                                                                 <-- ROOTKIT !!!
Service  C:\WINDOWS\system32\imapi.exe? (*** hidden *** )                     [MANUAL] ImapiService                                                            <-- ROOTKIT !!!
Service  C:\WINDOWS\system32\lsass.exe? (*** hidden *** )                     [AUTO] PolicyAgent                                                               <-- ROOTKIT !!!
Service  C:\WINDOWS\system32\lsass.exe? (*** hidden *** )                     [AUTO] ProtectedStorage                                                          <-- ROOTKIT !!!
Service  C:\WINDOWS\system32\spoolsv.exe? (*** hidden *** )                   [AUTO] Spooler                                                                   <-- ROOTKIT !!!
Service  C:\WINDOWS\System32\ups.exe? (*** hidden *** )                       [MANUAL] UPS                                                                     <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----