GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-02-12 07:52:02 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS541060G9AT00 rev.MB3VA60A 55,89GB Running: 6ig7vt84.exe; Driver: C:\DOCUME~1\Zbyszek\USTAWI~1\Temp\fxrdypob.sys ---- System - GMER 2.2 ---- SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwAssignProcessToJobObject [0xACAE36F0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwCreateThread [0xACAE3890] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwDebugActiveProcess [0xACAE39F0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwDuplicateObject [0xACAE3780] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwLoadDriver [0xACAE38F0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwOpenProcess [0xACAE3640] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwOpenThread [0xACAE36A0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwProtectVirtualMemory [0xACAE3750] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwQueueApcThread [0xACAE37B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwReplaceKey [0xACAE3AD0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwRestoreKey [0xACAE3AB0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetContextThread [0xACAE3730] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetInformationThread [0xACAE3710] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSecurityObject [0xACAE37D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSystemInformation [0xACAE38D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSuspendProcess [0xACAE3670] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSuspendThread [0xACAE36B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSystemDebugControl [0xACAE38B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwTerminateProcess [0xACAE3650] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwTerminateThread [0xACAE36D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwWriteVirtualMemory [0xACAE3790] ---- Kernel code sections - GMER 2.2 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2818 80502074 12 Bytes [70, 36, AE, AC, B0, 36, AE, ...] {JO 0x38; SCASB ; LODSB ; MOV AL, 0x36; SCASB ; LODSB ; MOV AL, 0x38; SCASB ; LODSB } init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB9528900] ? System32\Drivers\hiber_WMILIB.SYS System nie może odnaleźć określonej ścieżki. ! ---- User code sections - GMER 2.2 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[3672] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 4 Bytes [C2, 04, 00, 00] ---- Devices - GMER 2.2 ---- AttachedDevice \Driver\Tcpip \Device\Tcp tcpipBM.SYS AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys ---- Threads - GMER 2.2 ---- Thread System [4:2688] AD545AEA Thread System [4:2204] ACB205B0 Thread System [4:2024] ACB1C9E8 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???%?%???????????%???????????%???????????%??????????????????? ???????????????????????????????????F?????????????????:???%?????????????%???????????????%???&???????%???????????????????%???????????%??????????????? ???????%???????????????????#???????%?????????????????E?%??? ???????%???????????????????%???????????????%??? ???????%???????????????????????%???%????????????????