GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-04-25 22:51:08
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 WDC_WD3200AAKS-00B3A0 rev.01.03A01
Running: 6k995e8j.exe; Driver: C:\DOCUME~1\Ja\USTAWI~1\Temp\pxtdypog.sys


---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk0\DR0                                         sector 00: rootkit-like behavior
Disk            \Device\Harddisk0\DR0                                         malicious Win32:MBRoot code @ sector 625121283
Disk            \Device\Harddisk0\DR0                                         PE file @ sector 625121305
Disk            \Device\Harddisk0\DR0                                         MBRoot/Sinowal@MBR code has been found                                                                             <-- ROOTKIT !!!

---- System - GMER 1.0.15 ----

SSDT            spze.sys                                                      ZwEnumerateKey [0xB9ECDDA4]
SSDT            spze.sys                                                      ZwEnumerateValueKey [0xB9ECE132]

---- Devices - GMER 1.0.15 ----

Device          \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-12                  [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort0                            [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort1                            [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort2                            [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-7                   [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort3                            [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort4                            [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort5                            [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\a61j9x03 \Device\Scsi\a61j9x031                       89B91500
Device          \Driver\a61j9x03 \Device\Scsi\a61j9x031Port6Path0Target0Lun0  89B91500
Device          \Driver\a61j9x03 \Device\Scsi\a61j9x031Port6Path0Target1Lun0  89B91500
Device          \FileSystem\Ntfs \Ntfs                                        89DDF1F8

AttachedDevice  \FileSystem\Ntfs \Ntfs                                        eamon.sys (Amon monitor/ESET)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                     epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

---- EOF - GMER 1.0.15 ----