GMER 2.1.19355 - http://www.gmer.net Rootkit scan 2014-01-22 12:04:28 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 WDC_WD2500JD-75HBB0 rev.08.02D08 232,83GB Running: gmer.exe; Driver: C:\DOCUME~1\Dell\USTAWI~1\Temp\pxtdypog.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys ZwAdjustPrivilegesToken [0xB91F1AD0] SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys ZwConnectPort [0xB91F4C90] SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys ZwCreateFile [0xB91F3ED0] SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys ZwCreateKey [0xB91F1760] SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys ZwCreatePort [0xB91F4FE0] SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys ZwCreateProcessEx [0xB91F5AE0] SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys ZwCreateSection [0xB91F5240] SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys ZwCreateSymbolicLinkObject [0xB91F4460] SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys ZwCreateThread [0xB91F56E0] SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys ZwDebugActiveProcess [0xB91F1230] SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys ZwDeleteKey [0xB91F3920] SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys ZwDeleteValueKey [0xB91F3A80] SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys ZwDuplicateObject [0xB91F1330] SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys ZwOpenFile [0xB91F41D0] SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys ZwOpenKey [0xB91F1560] SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys ZwOpenProcess [0xB91F3C40] SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys ZwOpenSection [0xB91F0D80] SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys ZwOpenThread [0xB91F1980] SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys ZwResumeThread [0xB91F4730] SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys ZwSecureConnectPort [0xB91F4E30] SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys ZwSetInformationFile [0xB91F4580] SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys ZwSetValueKey [0xB91F3750] SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys ZwTerminateProcess [0xB91F3640] SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys ZwTerminateThread [0xB91F3DB0] ---- Devices - GMER 2.1 ---- Device Ntfs.sys AttachedDevice \Driver\Tcpip \Device\Ip pwipf6.sys AttachedDevice \Driver\Tcpip \Device\Tcp pwipf6.sys Device sfsz.sys AttachedDevice \Driver\Tcpip \Device\Udp pwipf6.sys AttachedDevice \Driver\Tcpip \Device\RawIp pwipf6.sys Device mrxsmb.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\ROOT\PWIPF6MP\0000 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\ROOT\PWIPF6MP\0001 Reg HKLM\SYSTEM\CurrentControlSet\Services\PFNet@Type 16 Reg HKLM\SYSTEM\CurrentControlSet\Services\PFNet@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\PFNet@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\PFNet@ImagePath C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe Reg HKLM\SYSTEM\CurrentControlSet\Services\PFNet@DisplayName Privacyware network service Reg HKLM\SYSTEM\CurrentControlSet\Services\PFNet@Group TDI Reg HKLM\SYSTEM\CurrentControlSet\Services\PFNet@DependOnService RpcSs? Reg HKLM\SYSTEM\CurrentControlSet\Services\PFNet@DependOnGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\PFNet@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\Services\PFNet\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\PFNet\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\PFNet Reg HKLM\SYSTEM\CurrentControlSet\Services\pwipf6@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\pwipf6@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\pwipf6@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\pwipf6@Tag 8 Reg HKLM\SYSTEM\CurrentControlSet\Services\pwipf6@ImagePath system32\DRIVERS\pwipf6.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\pwipf6@DisplayName Privacyware Filter Driver Reg HKLM\SYSTEM\CurrentControlSet\Services\pwipf6@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\Services\pwipf6@DependOnService Tcpip? Reg HKLM\SYSTEM\CurrentControlSet\Services\pwipf6@DependOnGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\pwipf6@Build 2600 Reg HKLM\SYSTEM\CurrentControlSet\Services\pwipf6\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\pwipf6\Parameters\Adapters Reg HKLM\SYSTEM\CurrentControlSet\Services\pwipf6\Parameters\Adapters\NdisWanIp Reg HKLM\SYSTEM\CurrentControlSet\Services\pwipf6\Parameters\Adapters\NdisWanIp@UpperBindings \Device\{6CA6219C-C250-4062-98E2-B96768539B6A} Reg HKLM\SYSTEM\CurrentControlSet\Services\pwipf6\Parameters\Adapters\{59B41330-CD71-461A-B741-22A7889BDFBC} Reg HKLM\SYSTEM\CurrentControlSet\Services\pwipf6\Parameters\Adapters\{59B41330-CD71-461A-B741-22A7889BDFBC}@UpperBindings \Device\{E430456A-5982-4D55-B0E9-9963E460D48D} Reg HKLM\SYSTEM\CurrentControlSet\Services\pwipf6\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\pwipf6\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\pwipf6 Reg HKLM\SYSTEM\ControlSet003\Hardware Profiles\0001\System\CurrentControlSet\Enum\ROOT\PWIPF6MP\0000 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Hardware Profiles\0001\System\CurrentControlSet\Enum\ROOT\PWIPF6MP\0001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\PFNet@Type 16 Reg HKLM\SYSTEM\ControlSet003\Services\PFNet@Start 2 Reg HKLM\SYSTEM\ControlSet003\Services\PFNet@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet003\Services\PFNet@ImagePath C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe Reg HKLM\SYSTEM\ControlSet003\Services\PFNet@DisplayName Privacyware network service Reg HKLM\SYSTEM\ControlSet003\Services\PFNet@Group TDI Reg HKLM\SYSTEM\ControlSet003\Services\PFNet@DependOnService RpcSs? Reg HKLM\SYSTEM\ControlSet003\Services\PFNet@DependOnGroup Reg HKLM\SYSTEM\ControlSet003\Services\PFNet@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet003\Services\PFNet\Security (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\PFNet\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\ControlSet003\Services\pwipf6@Type 1 Reg HKLM\SYSTEM\ControlSet003\Services\pwipf6@Start 3 Reg HKLM\SYSTEM\ControlSet003\Services\pwipf6@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet003\Services\pwipf6@Tag 8 Reg HKLM\SYSTEM\ControlSet003\Services\pwipf6@ImagePath system32\DRIVERS\pwipf6.sys Reg HKLM\SYSTEM\ControlSet003\Services\pwipf6@DisplayName Privacyware Filter Driver Reg HKLM\SYSTEM\ControlSet003\Services\pwipf6@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet003\Services\pwipf6@DependOnService Tcpip? Reg HKLM\SYSTEM\ControlSet003\Services\pwipf6@DependOnGroup Reg HKLM\SYSTEM\ControlSet003\Services\pwipf6@Build 2600 Reg HKLM\SYSTEM\ControlSet003\Services\pwipf6\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\pwipf6\Parameters\Adapters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\pwipf6\Parameters\Adapters\NdisWanIp (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\pwipf6\Parameters\Adapters\NdisWanIp@UpperBindings \Device\{6CA6219C-C250-4062-98E2-B96768539B6A} Reg HKLM\SYSTEM\ControlSet003\Services\pwipf6\Parameters\Adapters\{59B41330-CD71-461A-B741-22A7889BDFBC} (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\pwipf6\Parameters\Adapters\{59B41330-CD71-461A-B741-22A7889BDFBC}@UpperBindings \Device\{E430456A-5982-4D55-B0E9-9963E460D48D} Reg HKLM\SYSTEM\ControlSet003\Services\pwipf6\Security (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\pwipf6\Security@Security 0x01 0x00 0x14 0x80 ... ---- EOF - GMER 2.1 ----