GMER 2.1.19355 - http://www.gmer.net
Rootkit scan 2014-01-23 12:03:39
Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3500413AS rev.JC4B 465,76GB
Running: 5dn94k4h.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\kwryrfoc.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys                                                             ZwAssignProcessToJobObject [0xAE680610]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys                                                             ZwDebugActiveProcess [0xAE680C10]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys                                                             ZwDuplicateObject [0xAE680730]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys                                                             ZwOpenProcess [0xAE6804B0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys                                                             ZwOpenThread [0xAE680570]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys                                                             ZwProtectVirtualMemory [0xAE6806D0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys                                                             ZwQueueApcThread [0xAE680790]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys                                                             ZwSetContextThread [0xAE680690]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys                                                             ZwSetInformationThread [0xAE680650]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys                                                             ZwSetSecurityObject [0xAE6807D0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys                                                             ZwSuspendProcess [0xAE680510]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys                                                             ZwSuspendThread [0xAE680590]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys                                                             ZwTerminateProcess [0xAE6804D0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys                                                             ZwTerminateThread [0xAE6805D0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys                                                             ZwWriteVirtualMemory [0xAE680750]

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwCallbackReturn + 307D                                                               80504965 7 Bytes  [05, 68, AE, 90, 05, 68, AE]
.text           C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                                           section is writeable [0xF6A98000, 0xEDC62, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1716] kernel32.dll!SetUnhandledExceptionFilter  7C8449CD 4 Bytes  [C2, 04, 00, 00]

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                             eamon.sys
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                           epfwtdi.sys
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                          epfwtdi.sys
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                          epfwtdi.sys
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                        epfwtdi.sys
AttachedDevice  \FileSystem\Fastfat \Fat                                                                           eamon.sys

---- EOF - GMER 2.1 ----