Jump to content

Can't run Malwarebytes


gustoii

Recommended Posts

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit quick scan 2010-09-20 16:06:22

Windows 5.1.2600 Service Pack 3

Running: vqc4w2zy.exe; Driver: C:\DOCUME~1\wrb\LOCALS~1\Temp\kwldipob.sys

---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateFile [0xF86857B8]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF8685676]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xF8685610]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF8685624]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF868568A]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF86856B6]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF8685724]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF868570E]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwLoadKey2 [0xF868573A]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF86857F8]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF8685766]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF8685662]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF86855D4]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF86855E8]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF86857CC]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryKey [0xF86857A2]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF86856F8]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF86856E2]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF86856A0]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0xF868578E]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0xF868577A]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xF868564E]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF868563A]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF86856CC]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF8685827]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnloadKey [0xF8685750]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF868580E]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF86857E2]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtCreateFile

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 82E93EC5

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Attach.zip

DDS.zip

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.