GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-08-22 18:25:14 Windows 5.1.2600 Dodatek Service Pack. 1 \Device\Harddisk0\DR0 -> \Device\00000059 ST380011A rev.8.01 74,53GB Running: dzh58m9m.exe; Driver: C:\DOCUME~1\gosia\USTAWI~1\Temp\ffaoipog.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwAssignProcessToJobObject [0xB60C14B0] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwCreateThread [0xB60C17F0] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwDebugActiveProcess [0xB60C1AB0] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwDuplicateObject [0xB60C15D0] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwLoadDriver [0xB60C18B0] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwOpenProcess [0xB60C1350] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwOpenThread [0xB60C1410] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwProtectVirtualMemory [0xB60C1570] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwQueueApcThread [0xB60C1630] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwSetContextThread [0xB60C1530] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwSetInformationThread [0xB60C14F0] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwSetSecurityObject [0xB60C1670] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwSetSystemInformation [0xB60C1870] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwSuspendProcess [0xB60C13B0] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwSuspendThread [0xB60C1430] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwSystemDebugControl [0xB60C1830] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwTerminateProcess [0xB60C1370] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwTerminateThread [0xB60C1470] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwWriteVirtualMemory [0xB60C15F0] ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!KeInitializeInterrupt + B67 804DA23C 1 Byte [06] .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 158 805025D4 4 Bytes [B0, 14, 0C, B6] {MOV AL, 0x14; OR AL, 0xb6} .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1E0 8050265C 4 Bytes [F0, 17, 0C, B6] {POP SS; OR AL, 0xb6} .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1F0 8050266C 4 Bytes [B0, 1A, 0C, B6] {MOV AL, 0x1a; OR AL, 0xb6} .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 21C 80502698 4 Bytes [D0, 15, 0C, B6] .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 290 8050270C 4 Bytes [B0, 18, 0C, B6] {MOV AL, 0x18; OR AL, 0xb6} .text ... init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xB9280900] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1248] kernel32.dll!SetUnhandledExceptionFilter 77E7E5A1 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Mozilla Firefox\firefox.exe[1956] ntdll.dll!LdrLoadDll 77F55669 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys AttachedDevice \FileSystem\Fastfat \Fat eamon.sys ---- EOF - GMER 2.1 ----