GMER 1.0.15.15477 - http://www.gmer.net Rootkit scan 2010-10-27 16:29:56 Windows 5.1.2600 Dodatek Service Pack 3 Running: orp0ps91.exe; Driver: C:\DOCUME~1\Andrzej\USTAWI~1\Temp\pwdiqkob.sys ---- System - GMER 1.0.15 ---- SSDT 88C13580 ZwAssignProcessToJobObject SSDT 88C14100 ZwDebugActiveProcess SSDT 88C13B30 ZwDuplicateObject SSDT 88C12CC0 ZwOpenProcess SSDT 88C12FC0 ZwOpenThread SSDT 88C139C0 ZwProtectVirtualMemory SSDT 88C13860 ZwSetContextThread SSDT 88C136E0 ZwSetInformationThread SSDT 88C10700 ZwSetSecurityObject SSDT 88C13420 ZwSuspendProcess SSDT 88C132C0 ZwSuspendThread SSDT 88C12E50 ZwTerminateProcess SSDT 88C13150 ZwTerminateThread SSDT 88C13F50 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text C:\windows\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8CC5360, 0x2FE337, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[988] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET) ---- Registry - GMER 1.0.15 ---- Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{279E9215-FBD1-9E40-BED9-BBE860EADB98} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{279E9215-FBD1-9E40-BED9-BBE860EADB98}@hajjdghiompcciml 0x6B 0x61 0x70 0x6C ... ---- EOF - GMER 1.0.15 ----