GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2010-12-27 09:45:25 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD322HJ rev.1AG01118 Running: 4nbd1e0m.exe; Driver: C:\DOCUME~1\user\USTAWI~1\Temp\uflyiaow.sys ---- System - GMER 1.0.15 ---- SSDT 89281C90 ZwAssignProcessToJobObject SSDT 89282200 ZwDebugActiveProcess SSDT 892822F0 ZwDuplicateObject SSDT 89281590 ZwOpenProcess SSDT 89281800 ZwOpenThread SSDT 89281FD0 ZwProtectVirtualMemory SSDT 892820E0 ZwQueueApcThread SSDT 89281EC0 ZwSetContextThread SSDT 89281D90 ZwSetInformationThread SSDT 8927EDA0 ZwSetSecurityObject SSDT 89281B90 ZwSuspendProcess SSDT 89281A80 ZwSuspendThread SSDT 892816E0 ZwTerminateProcess SSDT 89281A50 ZwTerminateThread SSDT 892826D0 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7131360, 0x3D46A5, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[456] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) ---- EOF - GMER 1.0.15 ----