GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-08-26 12:51:32 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HM080HI rev.AB100-12 74,53GB Running: xveoifum.exe; Driver: C:\DOCUME~1\jacek_\USTAWI~1\Temp\uxtdypow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwAssignProcessToJobObject [0xEE9404B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwCreateThread [0xEE9407F0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwDebugActiveProcess [0xEE940AB0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwDuplicateObject [0xEE9405D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwLoadDriver [0xEE9408B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwOpenProcess [0xEE940350] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwOpenThread [0xEE940410] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwProtectVirtualMemory [0xEE940570] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwQueueApcThread [0xEE940630] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetContextThread [0xEE940530] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetInformationThread [0xEE9404F0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSecurityObject [0xEE940670] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSystemInformation [0xEE940870] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSuspendProcess [0xEE9403B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSuspendThread [0xEE940430] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSystemDebugControl [0xEE940830] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwTerminateProcess [0xEE940370] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwTerminateThread [0xEE940470] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwWriteVirtualMemory [0xEE9405F0] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2758 80501F80 12 Bytes [B0, 03, 94, EE, 30, 04, 94, ...] {MOV AL, 0x3; XCHG ESP, EAX; OUT DX, AL; XOR [ESP+EDX*4], AL; OUT DX, AL; XOR [EAX], CL; XCHG ESP, EAX; OUT DX, AL} ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[476] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 00] ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys ---- EOF - GMER 2.1 ----