GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-03-11 20:54:46 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e WDC_WD1200BEVS-60UST0 rev.01.01A01 Running: 7cl9nv97.exe; Driver: C:\DOCUME~1\Maciek\USTAWI~1\Temp\pxtdypob.sys ---- System - GMER 1.0.15 ---- SSDT 88B9BC90 ZwAssignProcessToJobObject SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA91887E] SSDT 88B9C200 ZwDebugActiveProcess SSDT 88B9C2F0 ZwDuplicateObject SSDT 88B9B590 ZwOpenProcess SSDT 88B9B800 ZwOpenThread SSDT 88B9BFD0 ZwProtectVirtualMemory SSDT 88B9C0E0 ZwQueueApcThread SSDT 88B9BEC0 ZwSetContextThread SSDT 88B9BD90 ZwSetInformationThread SSDT 88B98DA0 ZwSetSecurityObject SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA918BFE] SSDT 88B9BB90 ZwSuspendProcess SSDT 88B9BA80 ZwSuspendThread SSDT 88B9B6E0 ZwTerminateProcess SSDT 88B9BA50 ZwTerminateThread SSDT 88B9C6D0 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB960B360, 0x305AC7, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1808] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 00] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET) ---- Processes - GMER 1.0.15 ---- Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [708] 0x03F50000 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x55 0xED 0x70 0xE8 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x55 0xED 0x70 0xE8 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x55 0xED 0x70 0xE8 ... ---- EOF - GMER 1.0.15 ----