GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-05 12:26:17
Windows 5.1.2600 Dodatek Service Pack 2
---- System - GMER 1.0.10 ----
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwClose
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcess
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcessEx
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteValueKey
SSDT \SystemRoot\system32\drivers\khips.sys ZwLoadDriver
SSDT \SystemRoot\system32\drivers\khips.sys ZwMapViewOfSection
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwResumeThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetInformationFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetValueKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwWriteFile
---- Files - GMER 1.0.10 ----
File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\System Volume Information_restore{2CE132FE-DF76-4707-8C4E-43343915483C}
File D:\System Volume Information\MountPointManagerRemoteDatabase
File D:\System Volume Information\tracking.log
File D:\System Volume Information_restore{2CE132FE-DF76-4707-8C4E-43343915483C}
File D:\System Volume Information_restore{57496C88-CE7E-4017-9889-850B090DF057}
File D:\System Volume Information_restore{57496C88-CE7E-4017-9889-850B090DF057}(2)
File E:\System Volume Information\MountPointManagerRemoteDatabase
File E:\System Volume Information\tracking.log
File E:\System Volume Information_restore{2CE132FE-DF76-4707-8C4E-43343915483C}
File E:\System Volume Information_restore{57496C88-CE7E-4017-9889-850B090DF057}
---- EOF - GMER 1.0.10 ----