GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-06-04 08:07:01 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932042 rev.0002 298,09GB Running: d3xu6wgh.exe; Driver: C:\DOCUME~1\Ewa\USTAWI~1\Temp\kwldaaod.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwAssignProcessToJobObject [0x999084B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwCreateThread [0x999087F0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwDebugActiveProcess [0x99908AB0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwDuplicateObject [0x999085D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwLoadDriver [0x999088B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwOpenProcess [0x99908350] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwOpenThread [0x99908410] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwProtectVirtualMemory [0x99908570] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwQueueApcThread [0x99908630] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetContextThread [0x99908530] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetInformationThread [0x999084F0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSecurityObject [0x99908670] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSystemInformation [0x99908870] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSuspendProcess [0x999083B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSuspendThread [0x99908430] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSystemDebugControl [0x99908830] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwTerminateProcess [0x99908370] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwTerminateThread [0x99908470] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwWriteVirtualMemory [0x999085F0] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2FD0 805048B8 12 Bytes [B0, 83, 90, 99, 30, 84, 90, ...] {MOV AL, 0x83; NOP ; CDQ ; XOR [EAX+EDX*4-0x6f77cf67], AL; CDQ } ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[640] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 4 Bytes [C2, 04, 00, 00] ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys AttachedDevice \FileSystem\Fastfat \Fat eamon.sys ---- EOF - GMER 2.1 ----