GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-11-13 10:43:39 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3 ST3250410AS rev.3.AAF Running: n2bz8lju.exe; Driver: C:\DOCUME~1\crowli\USTAWI~1\Temp\pxtdqpow.sys ---- System - GMER 1.0.15 ---- SSDT 89BD3C90 ZwAssignProcessToJobObject SSDT 89BD4200 ZwDebugActiveProcess SSDT 89BD42F0 ZwDuplicateObject SSDT 89BD3590 ZwOpenProcess SSDT 89BD3800 ZwOpenThread SSDT 89BD3FD0 ZwProtectVirtualMemory SSDT 89BD40E0 ZwQueueApcThread SSDT 89BD3EC0 ZwSetContextThread SSDT 89BD3D90 ZwSetInformationThread SSDT 89BD0DA0 ZwSetSecurityObject SSDT 89BD3B90 ZwSuspendProcess SSDT 89BD3A80 ZwSuspendThread SSDT 89BD36E0 ZwTerminateProcess SSDT 89BD3A50 ZwTerminateThread SSDT 89BD46D0 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6AEC380, 0x8D6CD5, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1784] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Mozilla Firefox\firefox.exe[2208] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 012A2EC0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2576] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 1045E363 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2576] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 1045E91C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET) ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\$NtUninstallKB16776$\2362417513 0 bytes File C:\WINDOWS\$NtUninstallKB16776$\392910563 0 bytes File C:\WINDOWS\$NtUninstallKB16776$\392910563\@ 2048 bytes File C:\WINDOWS\$NtUninstallKB16776$\392910563\bckfg.tmp 847 bytes File C:\WINDOWS\$NtUninstallKB16776$\392910563\cfg.ini 227 bytes File C:\WINDOWS\$NtUninstallKB16776$\392910563\Desktop.ini 4608 bytes File C:\WINDOWS\$NtUninstallKB16776$\392910563\kwrd.dll 223744 bytes File C:\WINDOWS\$NtUninstallKB16776$\392910563\L 0 bytes File C:\WINDOWS\$NtUninstallKB16776$\392910563\L\flbbsmad 58880 bytes File C:\WINDOWS\$NtUninstallKB16776$\392910563\U 0 bytes File C:\WINDOWS\$NtUninstallKB16776$\392910563\U\00000001.@ 2048 bytes File C:\WINDOWS\$NtUninstallKB16776$\392910563\U\00000002.@ 224768 bytes File C:\WINDOWS\$NtUninstallKB16776$\392910563\U\00000004.@ 1024 bytes File C:\WINDOWS\$NtUninstallKB16776$\392910563\U\80000000.@ 1024 bytes File C:\WINDOWS\$NtUninstallKB16776$\392910563\U\80000004.@ 12800 bytes File C:\WINDOWS\$NtUninstallKB16776$\392910563\U\80000032.@ 96256 bytes ---- EOF - GMER 1.0.15 ----