GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-03 11:02:00
Windows 5.1.2600 Dodatek Service Pack 3
Running: nqe45ki0.exe; Driver: C:\DOCUME~1\DOM\USTAWI~1\Temp\ugporkog.sys


---- System - GMER 1.0.15 ----

SSDT                                                                                                                                  89725630                                                                                           ZwAssignProcessToJobObject
SSDT                                                                                                                                  89724A60                                                                                           ZwOpenProcess
SSDT                                                                                                                                  89724E80                                                                                           ZwOpenThread
SSDT                                                                                                                                  89725460                                                                                           ZwSuspendProcess
SSDT                                                                                                                                  89725280                                                                                           ZwSuspendThread
SSDT                                                                                                                                  89724C90                                                                                           ZwTerminateProcess
SSDT                                                                                                                                  897250B0                                                                                           ZwTerminateThread

---- Kernel code sections - GMER 1.0.15 ----

.text                                                                                                                                 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                           section is writeable [0xB7972360, 0x372FAD, 0xE8000020]
.text                                                                                                                                 C:\WINDOWS\system32\drivers\hardlock.sys                                                           section is writeable [0xB423A400, 0x87EE2, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xB42DE620]  C:\WINDOWS\system32\drivers\hardlock.sys                                                           entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xB42DE620]
.protectÿÿÿÿhardlockunknown last code section [0xB42DE400, 0x5126, 0xE0000020]                                                        C:\WINDOWS\system32\drivers\hardlock.sys                                                           unknown last code section [0xB42DE400, 0x5126, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text                                                                                                                                 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[296] kernel32.dll!SetUnhandledExceptionFilter  7C84495D 4 Bytes  [C2, 04, 00, 00]

---- Devices - GMER 1.0.15 ----

AttachedDevice                                                                                                                        \FileSystem\Ntfs \Ntfs                                                                             PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice                                                                                                                        \FileSystem\Ntfs \Ntfs                                                                             eamon.sys (Amon monitor/ESET)
AttachedDevice                                                                                                                        \Driver\Tcpip \Device\Tcp                                                                          epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
AttachedDevice                                                                                                                        \Driver\Ftdisk \Device\HarddiskVolume1                                                             PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice                                                                                                                        \Driver\Ftdisk \Device\HarddiskVolume2                                                             PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice                                                                                                                        \FileSystem\Fastfat \Fat                                                                           PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice                                                                                                                        \FileSystem\Fastfat \Fat                                                                           eamon.sys (Amon monitor/ESET)

---- Threads - GMER 1.0.15 ----

Thread                                                                                                                                System [4:548]                                                                                     89723790

---- EOF - GMER 1.0.15 ----