GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-04-21 19:11:12
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10 SAMSUNG_HD322HJ rev.1AG01113
Running: gmer.exe; Driver: C:\DOCUME~1\TERMIN~1\USTAWI~1\Temp\afdoraob.sys


---- System - GMER 1.0.15 ----

SSDT            sptd.sys                                                                           ZwEnumerateKey [0xF7532018]
SSDT            sptd.sys                                                                           ZwEnumerateValueKey [0xF75323A6]
SSDT            \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)  ZwQueryDirectoryFile [0xB6BA3C8D]

Code            \??\C:\DOCUME~1\TERMIN~1\USTAWI~1\Temp\catchme.sys                                 pIofCallDriver

---- Devices - GMER 1.0.15 ----

Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                        [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort0                                                 [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort1                                                 [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort2                                                 [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort3                                                 [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10                                       [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \FileSystem\Ntfs \Ntfs                                                             8A2091E8

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                             eamon.sys (Amon monitor/ESET)

Device          \Driver\Tcpip \Device\Ip                                                           afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device          \Driver\Tcpip \Device\Tcp                                                          afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                          epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

Device          \Driver\Tcpip \Device\Udp                                                          afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device          \Driver\Tcpip \Device\RawIp                                                        afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

---- EOF - GMER 1.0.15 ----