GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-11-16 00:14:04 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3250820AS rev.3.AAE Running: unsdfwer.exe; Driver: C:\DOCUME~1\user\USTAWI~1\Temp\fwtiypow.sys ---- System - GMER 1.0.15 ---- SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG) ZwCreateKey [0xBA19A382] SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG) ZwDeleteKey [0xBA19A606] SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG) ZwDeleteValueKey [0xBA19A628] SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG) ZwOpenKey [0xBA19A4C4] SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG) ZwOpenProcess [0xBA19A23E] SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG) ZwSetValueKey [0xBA19A5D8] ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9270360, 0x24526E, 0xE8000020] ---- Devices - GMER 1.0.15 ---- Device \Driver\Tcpip \Device\Ip GDTdiIcpt.sys (G Data Software AG) Device \Driver\Tcpip \Device\Tcp GDTdiIcpt.sys (G Data Software AG) Device \Driver\PROCEXP152 \Device\PROCEXP152 B296B730 Device \Driver\Tcpip \Device\Udp GDTdiIcpt.sys (G Data Software AG) Device \Driver\Tcpip \Device\RawIp GDTdiIcpt.sys (G Data Software AG) Device \Driver\Tcpip \Device\IPMULTICAST GDTdiIcpt.sys (G Data Software AG) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----