GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-02-25 20:02:21 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PC2O Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\fxlyykog.sys ---- System - GMER 1.0.15 ---- SSDT 88EDFA78 ZwAlertResumeThread SSDT 88EE1A78 ZwAlertThread SSDT 8925D580 ZwAllocateVirtualMemory SSDT 8921C0B0 ZwConnectPort SSDT 8924ECE8 ZwCreateMutant SSDT 88E9EAE0 ZwCreateThread SSDT 88E8BB70 ZwFreeVirtualMemory SSDT 88E9CB00 ZwImpersonateAnonymousToken SSDT 88E9DB00 ZwImpersonateThread SSDT 88E8BAD0 ZwMapViewOfSection SSDT 88EDBAE8 ZwOpenEvent SSDT 891EBB78 ZwOpenProcessToken SSDT 89254CF0 ZwOpenThreadToken SSDT 891E0728 ZwResumeThread SSDT 8921A170 ZwSetContextThread SSDT 8922F4B8 ZwSetInformationProcess SSDT 8925F540 ZwSetInformationThread SSDT 8925D4C0 ZwSuspendProcess SSDT 88EF1A78 ZwSuspendThread SSDT 88EBFB38 ZwTerminateProcess SSDT 89D4D418 ZwTerminateThread SSDT 891EC2D0 ZwUnmapViewOfSection SSDT 88E74B40 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2C90 8050452C 4 Bytes [E8, EC, 24, 89] .text ntkrnlpa.exe!ZwCallbackReturn + 2CB8 80504554 4 Bytes [E0, EA, E9, 88] .text ntkrnlpa.exe!ZwCallbackReturn + 2DAC 80504648 4 Bytes CALL FED93407 ? ltheqf.sys Nie można odnaleźć określonego pliku. ! .INIT C:\WINDOWS\system32\DRIVERS\netbt.sys entry point in ".INIT" section [0xA9630722] ? system32\drivers\89746738.sys System nie może odnaleźć określonej ścieżki. ! ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) Device \Driver\87546960 \Device\KLMD16012012_207010 89746738.sys ---- Threads - GMER 1.0.15 ---- Thread System [4:1048] 81FFD540 Thread System [4:1052] 81FFD540 ---- Processes - GMER 1.0.15 ---- Library c:\windows\system32\lvrs.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1644] 0x01910000 ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Opera\Opera\vps\0005\adoc.bx-g 8 bytes File C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Opera\Opera\vps\0005\url.axx-g 8 bytes File C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Opera\Opera\vps\0005\w.axx-g 8 bytes File C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Opera\Opera\vps\0006\adoc.bx-g 8 bytes File C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Opera\Opera\vps\0006\url.axx-g 8 bytes File C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Opera\Opera\vps\0006\w.axx-g 8 bytes File C:\TDSSKiller.2.7.14.0_25.02.2012_19.13.02_log.txt 62056 bytes File C:\WINDOWS\$NtUninstallKB15275$\10668317 0 bytes File C:\WINDOWS\$NtUninstallKB15275$\675343380 0 bytes File C:\WINDOWS\$NtUninstallKB15275$\675343380\@ 2048 bytes File C:\WINDOWS\$NtUninstallKB15275$\675343380\L 0 bytes File C:\WINDOWS\$NtUninstallKB15275$\675343380\L\uuzerwmc 162816 bytes File C:\WINDOWS\$NtUninstallKB15275$\675343380\loader.tlb 2632 bytes File C:\WINDOWS\$NtUninstallKB15275$\675343380\U 0 bytes File C:\WINDOWS\$NtUninstallKB15275$\675343380\U\@00000001 45968 bytes File C:\WINDOWS\$NtUninstallKB15275$\675343380\U\@000000c0 2560 bytes File C:\WINDOWS\$NtUninstallKB15275$\675343380\U\@000000cb 3072 bytes File C:\WINDOWS\$NtUninstallKB15275$\675343380\U\@000000cf 1536 bytes File C:\WINDOWS\$NtUninstallKB15275$\675343380\U\@80000000 73216 bytes File C:\WINDOWS\$NtUninstallKB15275$\675343380\U\@800000c0 43520 bytes File C:\WINDOWS\$NtUninstallKB15275$\675343380\U\@800000cb 25600 bytes File C:\WINDOWS\$NtUninstallKB15275$\675343380\U\@800000cf 31232 bytes File C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll 0 bytes ---- EOF - GMER 1.0.15 ----