GMER 1.0.15.15640 - http://www.gmer.net Rootkit scan 2011-06-24 16:07:12 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST3808110AS rev.3.ADH Running: 79s8ph7n.exe; Driver: C:\DOCUME~1\gx520\USTAWI~1\Temp\pfacyfoc.sys ---- System - GMER 1.0.15 ---- SSDT 8607FC90 ZwAssignProcessToJobObject SSDT 86080200 ZwDebugActiveProcess SSDT 860802F0 ZwDuplicateObject SSDT 8607F590 ZwOpenProcess SSDT 8607F800 ZwOpenThread SSDT 8607FFD0 ZwProtectVirtualMemory SSDT 860800E0 ZwQueueApcThread SSDT 8607FEC0 ZwSetContextThread SSDT 8607FD90 ZwSetInformationThread SSDT 8607CDA0 ZwSetSecurityObject SSDT 8607FB90 ZwSuspendProcess SSDT 8607FA80 ZwSuspendThread SSDT 8607F6E0 ZwTerminateProcess SSDT 8607FA50 ZwTerminateThread SSDT 860806D0 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF707EF80] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Real\RealPlayer\update\realsched.exe[432] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1616] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET) ---- EOF - GMER 1.0.15 ----