GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-09-14 00:53:32 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10 ST31000524AS rev.JC45 Running: gmer.exe; Driver: C:\DOCUME~1\MICHA~1\USTAWI~1\Temp\uxrdypow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xA5F8F4B0] SSDT \SystemRoot\system32\drivers\sbaphd.sys (GFI ActiveProtection hook driver/GFI Software) ZwCreateKey [0xB68E34D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwCreateThread [0xA5F8F7F0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xA5F8FAB0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xA5F8F5D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwLoadDriver [0xA5F8F8B0] SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwOpenProcess [0xBA7698AC] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xA5F8F410] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xA5F8F570] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwQueueApcThread [0xA5F8F630] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xA5F8F530] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xA5F8F4F0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xA5F8F670] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSystemInformation [0xA5F8F870] SSDT \SystemRoot\system32\drivers\sbaphd.sys (GFI ActiveProtection hook driver/GFI Software) ZwSetValueKey [0xB68E3520] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xA5F8F3B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xA5F8F430] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSystemDebugControl [0xA5F8F830] SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess [0xBA769812] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xA5F8F470] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xA5F8F5F0] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2FD0 80504888 12 Bytes [B0, F3, F8, A5, 30, F4, F8, ...] {MOV AL, 0xf3; CLC ; MOVSD ; XOR AH, DH; CLC ; MOVSD ; XOR AL, BH; CLC ; MOVSD } ? C:\Program Files\ewido anti-spyware 4.0\guard.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\OO Software\Defrag\oodag.exe[2180] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 00402FD0 C:\Program Files\OO Software\Defrag\oodag.exe (O&O Defrag Agent (Win32)/O&O Software GmbH) .text C:\Program Files\Opera\opera.exe[2612] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B70001 .text C:\Program Files\Opera\opera.exe[2612] WS2_32.dll!WSALookupServiceNextW 71A53181 6 Bytes JMP 71A90F5A .text C:\Program Files\Opera\opera.exe[2612] WS2_32.dll!WSALookupServiceEnd 71A5350E 6 Bytes JMP 71A30F5A .text C:\Program Files\Opera\opera.exe[2612] WS2_32.dll!WSALookupServiceBeginW 71A535EF 6 Bytes JMP 71AF0F5A .text C:\Program Files\Opera\opera.exe[2612] WS2_32.dll!send 71A54C27 6 Bytes JMP 71A00F5A .text C:\Program Files\Opera\opera.exe[2612] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 71970F5A .text C:\Program Files\Opera\opera.exe[2612] WS2_32.dll!recv 71A5676F 6 Bytes JMP 719D0F5A .text C:\Program Files\Opera\opera.exe[2612] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 719A0F5A .text C:\Program Files\Opera\opera.exe[2612] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 6 Bytes JMP 71940F5A ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) ---- Threads - GMER 1.0.15 ---- Thread System [4:604] A5F7B3D4 ---- EOF - GMER 1.0.15 ----