GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-09-09 11:48:17 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS541080G9AT00 rev.MB4OA60A 74,53GB Running: 2mirw7n9.exe; Driver: C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\agndypog.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwAssignProcessToJobObject [0xBA6CC4B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwCreateThread [0xBA6CC7F0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwDebugActiveProcess [0xBA6CCAB0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwDuplicateObject [0xBA6CC5D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwLoadDriver [0xBA6CC8B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwOpenProcess [0xBA6CC350] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwOpenThread [0xBA6CC410] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwProtectVirtualMemory [0xBA6CC570] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwQueueApcThread [0xBA6CC630] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetContextThread [0xBA6CC530] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetInformationThread [0xBA6CC4F0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSecurityObject [0xBA6CC670] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSystemInformation [0xBA6CC870] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSuspendProcess [0xBA6CC3B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSuspendThread [0xBA6CC430] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSystemDebugControl [0xBA6CC830] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwTerminateProcess [0xBA6CC370] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwTerminateThread [0xBA6CC470] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwWriteVirtualMemory [0xBA6CC5F0] ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!_abnormal_termination + 271 804E2845 3 Bytes [C5, 6C, BA] .text ntoskrnl.exe!_abnormal_termination + 440 804E2A14 12 Bytes [B0, C3, 6C, BA, 30, C4, 6C, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1896] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Mozilla Firefox\firefox.exe[2256] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0171F140 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2256] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01D3FDF5 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2256] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01D3FDD2 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2256] kernel32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 01722942 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2256] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01D3FD53 C:\Program Files\Mozilla Firefox\xul.dll ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys AttachedDevice \FileSystem\Fastfat \Fat eamon.sys AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys