GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-05-24 07:57:55 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-a SAMSUNG_SP0802N rev.TK100-24 Running: v0emxhrb.exe; Driver: C:\DOCUME~1\xxx\USTAWI~1\Temp\kfwcqkob.sys ---- System - GMER 1.0.15 ---- SSDT 8231EC90 ZwAssignProcessToJobObject SSDT 8231F200 ZwDebugActiveProcess SSDT 8231F2F0 ZwDuplicateObject SSDT 8231E590 ZwOpenProcess SSDT 8231E800 ZwOpenThread SSDT 8231EFD0 ZwProtectVirtualMemory SSDT 8231F0E0 ZwQueueApcThread SSDT 8231EEC0 ZwSetContextThread SSDT 8231ED90 ZwSetInformationThread SSDT 8231BDA0 ZwSetSecurityObject SSDT 8231EB90 ZwSuspendProcess SSDT 8231EA80 ZwSuspendThread SSDT 8231E6E0 ZwTerminateProcess SSDT 8231EA50 ZwTerminateThread SSDT 8231F6D0 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2DC4 80504650 4 Bytes [00, E8, 31, 82] .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF2B00000, 0x2C8C48, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xAAADF300, 0x3ACC8, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF7960300, 0x1B7E, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2012] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 00] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET) ---- EOF - GMER 1.0.15 ----