GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2013-01-17 18:54:40 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0 Hitachi_ rev.JP2O Running: 28vp6kon.exe; Driver: E:\DOCUME~1\KRZY~1\USTAWI~1\Temp\fgtdapob.sys ---- System - GMER 1.0.15 ---- SSDT 88E826D0 ZwAlertResumeThread SSDT 88E856D0 ZwAlertThread SSDT 88E8D700 ZwAllocateVirtualMemory SSDT 88F166F0 ZwConnectPort SSDT 88E67700 ZwCreateMutant SSDT 899F4250 ZwCreateThread SSDT 88E87700 ZwFreeVirtualMemory SSDT 88E7D6D0 ZwImpersonateAnonymousToken SSDT 88E806D0 ZwImpersonateThread SSDT 88E846F0 ZwMapViewOfSection SSDT 88E7A6D0 ZwOpenEvent SSDT 899F43C8 ZwOpenProcessToken SSDT 88E7C700 ZwOpenThreadToken SSDT \??\E:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwProtectVirtualMemory [0xB81BD840] SSDT 88F206E0 ZwResumeThread SSDT 88E8E6D0 ZwSetContextThread SSDT 88E7F700 ZwSetInformationProcess SSDT 88E77700 ZwSetInformationThread SSDT 88E786D0 ZwSuspendProcess SSDT 88E886D0 ZwSuspendThread SSDT 89A9F6E0 ZwTerminateProcess SSDT 88E8B6D0 ZwTerminateThread SSDT 88E906D0 ZwUnmapViewOfSection SSDT 88E8A700 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2B64 80503764 8 Bytes [D0, 26, E8, 88, D0, 56, E8, ...] .text E:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB4958360, 0x354C5F, 0xE8000020] init E:\WINDOWS\system32\drivers\monfilt.sys entry point in "init" section [0xB1D6A280] ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f81000250 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f81000250@001c9ae6c30a 0xFC 0x51 0xD4 0xAC ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001f81000250 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001f81000250@001c9ae6c30a 0xFC 0x51 0xD4 0xAC ... ---- Files - GMER 1.0.15 ---- File E:\Documents and Settings\Administrator\Moje dokumenty\desktop.ini 62 bytes File E:\Documents and Settings\Administrator\Moje dokumenty\Microsoft 0 bytes File E:\Documents and Settings\Administrator\Moje dokumenty\Mozilla 0 bytes File E:\Documents and Settings\Administrator\NetHood\index.dat 16384 bytes ---- EOF - GMER 1.0.15 ----