GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-08-29 09:49:11 Windows 5.1.2600 Dodatek Service Pack 2 Running: 01nhnupn.exe; Driver: C:\DOCUME~1\RAREPA~1\USTAWI~1\Temp\pfldapog.sys ---- System - GMER 1.0.15 ---- SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF764C87E] SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF764CBFE] ---- Kernel code sections - GMER 1.0.15 ---- init C:\WINDOWS\system32\drivers\ctmmfilt.sys entry point in "init" section [0xF675C400] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\SMINST\Scheduler.exe[2744] USER32.dll!GetSysColor 7E368E78 5 Bytes JMP 0041C110 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2744] USER32.dll!GetSysColorBrush 7E368EAB 5 Bytes JMP 0041C180 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2744] USER32.dll!SetScrollInfo 7E369056 7 Bytes JMP 0041C000 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2744] USER32.dll!GetScrollInfo 7E370DA2 7 Bytes JMP 0041BF50 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2744] USER32.dll!ShowScrollBar 7E37F2B3 5 Bytes JMP 0041C0D0 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2744] USER32.dll!GetScrollPos 7E37F6C4 5 Bytes JMP 0041BF90 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2744] USER32.dll!SetScrollPos 7E37F710 5 Bytes JMP 0041C040 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2744] USER32.dll!GetScrollRange 7E37F747 5 Bytes JMP 0041BFC0 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2744] USER32.dll!SetScrollRange 7E37F95B 5 Bytes JMP 0041C080 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2744] USER32.dll!EnableScrollBar 7E3B7DDD 7 Bytes JMP 0041BF10 C:\WINDOWS\SMINST\Scheduler.exe ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.) AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----