GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-08-25 19:20:14 Windows 5.1.2600 Dodatek Service Pack. 1 \Device\Harddisk0\DR0 -> \Device\00000058 ST380011A rev.8.01 74,53GB Running: i1uf9pq7.exe; Driver: C:\DOCUME~1\gosik\USTAWI~1\Temp\kxdoypoc.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwAssignProcessToJobObject [0xB4ED94B0] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwCreateThread [0xB4ED97F0] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwDebugActiveProcess [0xB4ED9AB0] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwDuplicateObject [0xB4ED95D0] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwLoadDriver [0xB4ED98B0] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwOpenProcess [0xB4ED9350] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwOpenThread [0xB4ED9410] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwProtectVirtualMemory [0xB4ED9570] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwQueueApcThread [0xB4ED9630] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwSetContextThread [0xB4ED9530] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwSetInformationThread [0xB4ED94F0] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwSetSecurityObject [0xB4ED9670] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwSetSystemInformation [0xB4ED9870] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwSuspendProcess [0xB4ED93B0] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwSuspendThread [0xB4ED9430] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwSystemDebugControl [0xB4ED9830] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwTerminateProcess [0xB4ED9370] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwTerminateThread [0xB4ED9470] SSDT \SystemRoot\System32\DRIVERS\ehdrv.sys ZwWriteVirtualMemory [0xB4ED95F0] ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!KeInitializeInterrupt + B67 804DA23C 1 Byte [06] .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 158 805025D4 4 Bytes [B0, 94, ED, B4] .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1E0 8050265C 4 Bytes [F0, 97, ED, B4] .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1F0 8050266C 4 Bytes [B0, 9A, ED, B4] .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 21C 80502698 4 Bytes [D0, 95, ED, B4] .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 290 8050270C 4 Bytes [B0, 98, ED, B4] .text ... init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xB8B7F900] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[868] ntdll.dll!LdrLoadDll 77F55669 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1616] kernel32.dll!SetUnhandledExceptionFilter 77E7E5A1 4 Bytes [C2, 04, 00, 00] ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys AttachedDevice \FileSystem\Fastfat \Fat eamon.sys ---- EOF - GMER 2.1 ----