GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-05-02 12:41:19 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST3200822A rev.3.01 186,31GB Running: g76sg1sf.exe; Driver: C:\DOCUME~1\Admin\USTAWI~1\Temp\kwecypob.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwAssignProcessToJobObject [0xEBD89610] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwDebugActiveProcess [0xEBD89C10] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwDuplicateObject [0xEBD89730] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwOpenProcess [0xEBD894B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwOpenThread [0xEBD89570] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwProtectVirtualMemory [0xEBD896D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetContextThread [0xEBD89690] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetInformationThread [0xEBD89650] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSecurityObject [0xEBD897D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSuspendProcess [0xEBD89510] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSuspendThread [0xEBD89590] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwTerminateProcess [0xEBD894D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwTerminateThread [0xEBD895D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwWriteVirtualMemory [0xEBD89750] ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF744E000, 0x1C5D38, 0xE8000020] init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xEF257A80] .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xEC58F300, 0x3AE88, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF886E300, 0x1B7E, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Real\RealPlayer\update\realsched.exe[1264] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1944] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 00] ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys ---- EOF - GMER 2.1 ----