GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-12-05 16:53:53 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path1Target1Lun0 SAMSUNG_ rev.1AC0 Running: edomcd7q.exe; Driver: C:\DOCUME~1\Marek\USTAWI~1\Temp\ffrdrpow.sys ---- System - GMER 1.0.15 ---- SSDT 894D9C90 ZwAssignProcessToJobObject SSDT 894DA200 ZwDebugActiveProcess SSDT 894DA2F0 ZwDuplicateObject SSDT 894D9590 ZwOpenProcess SSDT 894D9800 ZwOpenThread SSDT 894D9FD0 ZwProtectVirtualMemory SSDT 894DA0E0 ZwQueueApcThread SSDT 894D9EC0 ZwSetContextThread SSDT 894D9D90 ZwSetInformationThread SSDT 894D6DA0 ZwSetSecurityObject SSDT 894D9B90 ZwSuspendProcess SSDT 894D9A80 ZwSuspendThread SSDT 894D96E0 ZwTerminateProcess SSDT 894D9A50 ZwTerminateThread SSDT 894DA6D0 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB961A360, 0x35424F, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1108] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 312560643 ---- EOF - GMER 1.0.15 ----