GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-03-19 20:40:49 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e TOSHIBA_MK3252GSX rev.LV010A Running: utc2h569.exe; Driver: C:\DOCUME~1\wqw\USTAWI~1\Temp\pwtdykog.sys ---- Kernel code sections - GMER 1.0.15 ---- ? ywtnhof.sys Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9F54380, 0x300F77, 0xE8000020] .INIT C:\WINDOWS\System32\drivers\afd.sys entry point in ".INIT" section [0xB84EE822] ? C:\WINDOWS\System32\drivers\afd.sys suspicious PE modification ? C:\DOCUME~1\wqw\USTAWI~1\Temp\mbr.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[2888] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01269720 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2888] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 0149E21B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2888] kernel32.dll!MapViewOfFile 7C80B9A5 5 Bytes JMP 0149E1F4 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2888] GDI32.dll!CreateDIBSection 77F19E19 5 Bytes JMP 0149E17E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2888] CRYPT32.dll!CryptMsgCountersignEncoded + 27A 77A82F62 7 Bytes JMP 35675637 C:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Dostawca usługi/Microsoft Corporation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2888] CRYPT32.dll!CertComparePublicKeyInfo + 1E8 77A8B76A 7 Bytes JMP 35675697 C:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Dostawca usługi/Microsoft Corporation) ---- Modules - GMER 1.0.15 ---- Module (noname) (*** hidden *** ) F7461000-F7470000 (61440 bytes) ---- Threads - GMER 1.0.15 ---- Thread System [4:464] 8917B540 Thread System [4:468] 8917B540 Thread services.exe [624:1840] 0112EE96 ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\$NtUninstallKB36381$\1928987416 0 bytes File C:\WINDOWS\$NtUninstallKB36381$\1928987416\@ 2048 bytes File C:\WINDOWS\$NtUninstallKB36381$\1928987416\L 0 bytes File C:\WINDOWS\$NtUninstallKB36381$\1928987416\L\xmhodzdk 138496 bytes File C:\WINDOWS\$NtUninstallKB36381$\1928987416\loader.tlb 2632 bytes File C:\WINDOWS\$NtUninstallKB36381$\1928987416\U 0 bytes File C:\WINDOWS\$NtUninstallKB36381$\1928987416\U\@00000001 45968 bytes File C:\WINDOWS\$NtUninstallKB36381$\1928987416\U\@000000c0 2560 bytes File C:\WINDOWS\$NtUninstallKB36381$\1928987416\U\@000000cb 3072 bytes File C:\WINDOWS\$NtUninstallKB36381$\1928987416\U\@000000cf 1536 bytes File C:\WINDOWS\$NtUninstallKB36381$\1928987416\U\@80000000 73728 bytes File C:\WINDOWS\$NtUninstallKB36381$\1928987416\U\@800000c0 43008 bytes File C:\WINDOWS\$NtUninstallKB36381$\1928987416\U\@800000cb 25600 bytes File C:\WINDOWS\$NtUninstallKB36381$\1928987416\U\@800000cf 31232 bytes File C:\WINDOWS\$NtUninstallKB36381$\2333208628 0 bytes ---- EOF - GMER 1.0.15 ----