GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-10-14 15:31:38 Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 TOSHIBA_MK6008GAH rev.BU022C 55,89GB Running: 3r06rfqc.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kxlyraoc.sys ---- System - GMER 2.1 ---- SSDT F7C247E4 ZwClose SSDT F7C2479E ZwCreateKey SSDT F7C247EE ZwCreateSection SSDT F7C24794 ZwCreateThread SSDT F7C247A3 ZwDeleteKey SSDT F7C247AD ZwDeleteValueKey SSDT F7C247DF ZwDuplicateObject SSDT F7C247B2 ZwLoadKey SSDT F7C24780 ZwOpenProcess SSDT F7C24785 ZwOpenThread SSDT F7C24807 ZwQueryValueKey SSDT F7C247BC ZwReplaceKey SSDT F7C247F8 ZwRequestWaitReplyPort SSDT F7C247B7 ZwRestoreKey SSDT F7C247F3 ZwSetContextThread SSDT F7C247FD ZwSetSecurityObject SSDT F7C247A8 ZwSetValueKey SSDT F7C24802 ZwSystemDebugControl SSDT F7C2478F ZwTerminateProcess ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\SMINST\Scheduler.exe[132] USER32.dll!GetSysColor 7E418E78 5 Bytes JMP 00418ED0 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[132] USER32.dll!GetSysColorBrush 7E418EAB 5 Bytes JMP 00418F40 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[132] USER32.dll!SetScrollInfo 7E419056 7 Bytes JMP 00418DC0 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[132] USER32.dll!GetScrollInfo 7E42DFE2 7 Bytes JMP 00418D10 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[132] USER32.dll!ShowScrollBar 7E42F2F2 5 Bytes JMP 00418E90 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[132] USER32.dll!GetScrollPos 7E42F704 5 Bytes JMP 00418D50 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[132] USER32.dll!SetScrollPos 7E42F750 5 Bytes JMP 00418E00 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[132] USER32.dll!GetScrollRange 7E42F787 5 Bytes JMP 00418D80 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[132] USER32.dll!SetScrollRange 7E42F99B 5 Bytes JMP 00418E40 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[132] USER32.dll!EnableScrollBar 7E468005 7 Bytes JMP 00418CD0 C:\WINDOWS\SMINST\Scheduler.exe ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----