GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-06-20 06:06:24 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3250820AS rev.3.AAE Running: 49dgvery.exe; Driver: C:\DOCUME~1\user\USTAWI~1\Temp\fwtiypow.sys ---- System - GMER 1.0.15 ---- SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG) ZwCreateKey [0xBA24A382] SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG) ZwDeleteKey [0xBA24A606] SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG) ZwDeleteValueKey [0xBA24A628] SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG) ZwOpenKey [0xBA24A4C4] SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG) ZwOpenProcess [0xBA24A23E] SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG) ZwSetValueKey [0xBA24A5D8] ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB92D6360, 0x24526E, 0xE8000020] ---- Devices - GMER 1.0.15 ---- Device \Driver\Tcpip \Device\Ip GDTdiIcpt.sys (G Data Software AG) Device \Driver\Tcpip \Device\Tcp GDTdiIcpt.sys (G Data Software AG) Device \Driver\Tcpip \Device\Udp GDTdiIcpt.sys (G Data Software AG) Device \Driver\Tcpip \Device\RawIp GDTdiIcpt.sys (G Data Software AG) Device \Driver\Tcpip \Device\IPMULTICAST GDTdiIcpt.sys (G Data Software AG) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----