GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-05 04:23:31
Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS721010G9SA00 rev.MCZIC14V
Running: h3rmid02.exe; Driver: C:\DOCUME~1\komputer\USTAWI~1\Temp\awldafob.sys


---- System - GMER 1.0.15 ----

SSDT            BA7C0E06                                ZwCreateKey
SSDT            BA7C0DFC                                ZwCreateThread
SSDT            BA7C0E0B                                ZwDeleteKey
SSDT            BA7C0E15                                ZwDeleteValueKey
SSDT            BA7C0E1A                                ZwLoadKey
SSDT            BA7C0DE8                                ZwOpenProcess
SSDT            BA7C0DED                                ZwOpenThread
SSDT            BA7C0E24                                ZwReplaceKey
SSDT            BA7C0E1F                                ZwRestoreKey
SSDT            BA7C0E10                                ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwCallbackReturn + 2D1C    8050391C 4 Bytes  CALL 910AB52E 
init            C:\WINDOWS\system32\drivers\tifm21.sys  entry point in "init" section [0xB9077EBF]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Fastfat \Fat                fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk0\DR0                   sector 61: malicious code @ sector 0xba50a90 size 0x1fd

---- EOF - GMER 1.0.15 ----