GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-04-07 00:24:24 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12 SAMSUNG_SP1644N rev.BV100-45 Running: st9zrqt3.exe; Driver: C:\DOCUME~1\Karol1\Ustawienia lokalne\Temp\pxtdypow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xA7A74610] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xA7A74C10] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xA7A74730] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xA7A744B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xA7A74570] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xA7A746D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwQueueApcThread [0xA7A74790] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xA7A74690] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xA7A74650] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xA7A747D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xA7A74510] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xA7A74590] SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA78A7640] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xA7A745D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xA7A74750] ---- Kernel code sections - GMER 1.0.15 ---- ? Combo-Fix.sys Nie można odnaleźć określonego pliku. ! ? C:\ComboFix\catchme.sys System nie może odnaleźć określonej ścieżki. ! ? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1160] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Mozilla Firefox\firefox.exe[2628] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01229720 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2628] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 0145E21B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2628] kernel32.dll!MapViewOfFile 7C80B9A5 5 Bytes JMP 0145E1F4 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2628] GDI32.dll!CreateDIBSection 77F19E19 5 Bytes JMP 0145E17E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2848] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 1044FE0A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2848] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 104503C5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION C1D2A03E63739D511DCDF82237BD9A2E51F80E24BAAB2B23D5B964B1B72D169B210714133508EEB4E6A41A6684B8701C71AD43F2D825EDCBFEE9A1BC711D5208397B10F657A7A93AAFCE513E23A3C70DF46DAA265B3E6E6BB60DA315DD2D13BB797DC870DABEA578D1E0039A5BC278963FB27ABCE42E2634899F95E6182893A4B631F578F351003D88C116611EE921FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D14079DB7CE019D40AA5C5D575E7D6A3B9808FB05391B6D711B5628F33771FE81A3865D82E701C0F75D81EBED21B2351FF9859B531D94F844319004B771F57C82DF002C9CD608159DF741049BC09755EA448AA49F4B533CD174B1EA216DA3AF4E00FE527F038B4B8E59A832DD29A5FA9FE6C73F9760A868A7DB6C5FC48B7BB52A53B7CEC9B25E0E6B438D9479A1217E56BB53C44C49E7A17476BA9A1CFD0320803CA4D8FC7E567C778E8C7B9B494EAAC82E884430C9E7021065D70704CE4276DEB001D58051CC2997A600ECD1907A40573E06FE9DF70495F0DDC345BED7C5B1F73A50641EED9F9CD80A0EA3123FF1740702AFEC50BF1DDDB529C326F1C99D40A0F8555405E730CF69CB1A0A326D086D001F2BB7675E96509EA3DE35A5276003D31D1CA9C728E4B21B14CE466D8914C70C54663 ---- EOF - GMER 1.0.15 ----