GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-08-26 12:46:31 Windows 5.1.2600 Dodatek Service Pack 2 Running: 01nhnupn.exe; Driver: C:\DOCUME~1\RAREPA~1\USTAWI~1\Temp\pfldapog.sys ---- System - GMER 1.0.15 ---- SSDT 848F3BC0 ZwConnectPort SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF764C87E] SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF764CBFE] SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xED2CE620] ---- Kernel code sections - GMER 1.0.15 ---- init C:\WINDOWS\system32\drivers\ctmmfilt.sys entry point in "init" section [0xF65BE400] ? C:\WINDOWS\system32\drivers\rhklm.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\SMINST\Scheduler.exe[3800] USER32.dll!GetSysColor 7E368E78 5 Bytes JMP 0041C110 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[3800] USER32.dll!GetSysColorBrush 7E368EAB 5 Bytes JMP 0041C180 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[3800] USER32.dll!SetScrollInfo 7E369056 7 Bytes JMP 0041C000 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[3800] USER32.dll!GetScrollInfo 7E370DA2 7 Bytes JMP 0041BF50 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[3800] USER32.dll!ShowScrollBar 7E37F2B3 5 Bytes JMP 0041C0D0 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[3800] USER32.dll!GetScrollPos 7E37F6C4 5 Bytes JMP 0041BF90 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[3800] USER32.dll!SetScrollPos 7E37F710 5 Bytes JMP 0041C040 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[3800] USER32.dll!GetScrollRange 7E37F747 5 Bytes JMP 0041BFC0 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[3800] USER32.dll!SetScrollRange 7E37F95B 5 Bytes JMP 0041C080 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[3800] USER32.dll!EnableScrollBar 7E3B7DDD 7 Bytes JMP 0041BF10 C:\WINDOWS\SMINST\Scheduler.exe ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Ip Lbd.sys (Boot Driver/Lavasoft AB) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.) AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB) AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB) AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Files - GMER 1.0.15 ---- File C:\System Volume Information\_restore{508D91E4-A727-4CE2-8746-7D427BA26FEB}\RP698\A0115046.exe 6006992 bytes executable ---- EOF - GMER 1.0.15 ----