GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-03-03 09:20:02 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c ST340810A rev.3.39 Running: eh4p3x32.exe; Driver: C:\DOCUME~1\MICHA~1\USTAWI~1\Temp\afxdrpog.sys ---- System - GMER 1.0.15 ---- SSDT 82E17C90 ZwAssignProcessToJobObject SSDT 82E18200 ZwDebugActiveProcess SSDT 82E182F0 ZwDuplicateObject SSDT 82E17590 ZwOpenProcess SSDT 82E17800 ZwOpenThread SSDT 82E17FD0 ZwProtectVirtualMemory SSDT 82E180E0 ZwQueueApcThread SSDT 82E17EC0 ZwSetContextThread SSDT 82E17D90 ZwSetInformationThread SSDT 82E14DA0 ZwSetSecurityObject SSDT 82E17B90 ZwSuspendProcess SSDT 82E17A80 ZwSuspendThread SSDT 82E176E0 ZwTerminateProcess SSDT 82E17A50 ZwTerminateThread SSDT 82E186D0 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6BAC360, 0x2456AE, 0xE8000020] ? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[692] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 00] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET) ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 61 Disk \Device\Harddisk0\DR0 PE file @ sector 78140160 ---- EOF - GMER 1.0.15 ----