GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-03-05 20:41:01 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e WDC_WD1200BEVS-60UST0 rev.01.01A01 Running: 9d0ql2xr.exe; Driver: C:\DOCUME~1\Maciek\USTAWI~1\Temp\pxtdypob.sys ---- System - GMER 1.0.15 ---- SSDT 8842AC90 ZwAssignProcessToJobObject SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA91887E] SSDT 8842B200 ZwDebugActiveProcess SSDT 8842B2F0 ZwDuplicateObject SSDT 8842A590 ZwOpenProcess SSDT 8842A800 ZwOpenThread SSDT 8842AFD0 ZwProtectVirtualMemory SSDT 8842B0E0 ZwQueueApcThread SSDT 8842AEC0 ZwSetContextThread SSDT 8842AD90 ZwSetInformationThread SSDT 88427DA0 ZwSetSecurityObject SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA918BFE] SSDT 8842AB90 ZwSuspendProcess SSDT 8842AA80 ZwSuspendThread SSDT 8842A6E0 ZwTerminateProcess SSDT 8842AA50 ZwTerminateThread SSDT 8842B6D0 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9BE3360, 0x305AC7, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[984] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 00] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x55 0xED 0x70 0xE8 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x55 0xED 0x70 0xE8 ... ---- EOF - GMER 1.0.15 ----