GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-09-19 20:29:45 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 ST3250310AS rev.3.AAC Running: js8h7p48.exe; Driver: C:\DOCUME~1\user\USTAWI~1\Temp\awnyqfoc.sys ---- System - GMER 1.0.15 ---- SSDT B86E157C ZwClose SSDT B86E1536 ZwCreateKey SSDT B86E1586 ZwCreateSection SSDT B86E152C ZwCreateThread SSDT B86E153B ZwDeleteKey SSDT B86E1545 ZwDeleteValueKey SSDT B86E1577 ZwDuplicateObject SSDT B86E154A ZwLoadKey SSDT B86E1518 ZwOpenProcess SSDT B86E151D ZwOpenThread SSDT B86E1554 ZwReplaceKey SSDT B86E154F ZwRestoreKey SSDT B86E158B ZwSetContextThread SSDT B86E1540 ZwSetValueKey SSDT B86E1527 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB74643A0, 0x5CC259, 0xE8000020] ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3A 0xDE 0xC2 0x44 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3A 0xDE 0xC2 0x44 ... ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb 65536 bytes ---- EOF - GMER 1.0.15 ----