1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43. | GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-09 18:29:53
Windows 5.1.2600 Dodatek Service Pack 2
Running: l4t45l0g.exe; Driver: C:\DOCUME~1\Prezes\USTAWI~1\Temp\kxacrfod.sys
---- System - GMER 1.0.15 ----
SSDT 8914AA70 ZwAssignProcessToJobObject
SSDT 8914B5F0 ZwDebugActiveProcess
SSDT 8914B020 ZwDuplicateObject
SSDT 8914A1B0 ZwOpenProcess
SSDT 8914A4B0 ZwOpenThread
SSDT 8914AEB0 ZwProtectVirtualMemory
SSDT 8914AD50 ZwSetContextThread
SSDT 8914ABD0 ZwSetInformationThread
SSDT 89147A90 ZwSetSecurityObject
SSDT 8914A910 ZwSuspendProcess
SSDT 8914A7B0 ZwSuspendThread
SSDT 8914A340 ZwTerminateProcess
SSDT 8914A640 ZwTerminateThread
SSDT 8914B440 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xBA89F380, 0x2F1D77, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[572] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3404] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
---- EOF - GMER 1.0.15 ----
|
