GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2010-11-30 12:33:13 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHT2040AT_PL rev.0022 Running: 2e3w7x3x.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\ugtdapod.sys ---- System - GMER 1.0.15 ---- SSDT E17F9600 ZwConnectPort ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!_abnormal_termination + C9 804E2725 3 Bytes [96, 7F, E1] {XCHG ESI, EAX; JG 0xffffffffffffffe4} init C:\WINDOWS\system32\drivers\tifm.sys entry point in "init" section [0xF753F580] ? System32\Drivers\hiber_WMILIB.SYS System nie może odnaleźć określonej ścieżki. ! ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Sterownik klasy myszy/Microsoft Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company) AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Classes\CLSID\{26B91B40-FEEB-518A-1A4E-24E9A965725A}\InprocServer32@ C:\WINDOWS\System32\scrobj.dll Reg HKLM\SOFTWARE\Classes\CLSID\{26B91B40-FEEB-518A-1A4E-24E9A965725A}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{26B91B40-FEEB-518A-1A4E-24E9A965725A}\ProgID@ Scriptlet.TypeLib Reg HKLM\SOFTWARE\Classes\CLSID\{49EADB02-EA93-BE46-05B7-5950C24C50E4}\Aliases@Microsoft SQL Server DATETIME (Earlier Wins) Conflict Resolver Microsoft SQL Server DATETIME (Earlier Wins) Conflict Resolver Reg HKLM\SOFTWARE\Classes\CLSID\{49EADB02-EA93-BE46-05B7-5950C24C50E4}\Implemented Categories\{AEF21081-CD22-11D2-A8E8-00C04F9FC436} Reg HKLM\SOFTWARE\Classes\CLSID\{49EADB02-EA93-BE46-05B7-5950C24C50E4}\InprocServer32@ C:\Program Files\Microsoft SQL Server\80\COM\ssrmin.dll Reg HKLM\SOFTWARE\Classes\CLSID\{49EADB02-EA93-BE46-05B7-5950C24C50E4}\InprocServer32@ThreadingModel Both Reg HKLM\SOFTWARE\Classes\CLSID\{DF2830B8-1156-90CF-772B-D2D3167F6147}\InprocServer32@ C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll Reg HKLM\SOFTWARE\Classes\CLSID\{DF2830B8-1156-90CF-772B-D2D3167F6147}\InprocServer32@InprocServer32 O+ccxfqnb?Of[,MKJ]^OTypical>0,X2KJH.g(cM!!!FxVSZ?4]gAVn-}f(ZXfeAR6.jiTranslationFiles_1031>CFG$0D+!g(3?!!!_GX=b? Reg HKLM\SOFTWARE\Classes\CLSID\{DF2830B8-1156-90CF-772B-D2D3167F6147}\InprocServer32@ThreadingModel Both Reg HKLM\SOFTWARE\Classes\CLSID\{DF2830B8-1156-90CF-772B-D2D3167F6147}\ProgID@ Microsoft.ITSS.AssociationSet ---- EOF - GMER 1.0.15 ----