GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-02-04 14:19:14 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST3200822A rev.3.01 186,31GB Running: tv704m2g.exe; Driver: C:\DOCUME~1\Admin\USTAWI~1\Temp\kwecypob.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwAssignProcessToJobObject [0xEF7EA610] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwDebugActiveProcess [0xEF7EAC10] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwDuplicateObject [0xEF7EA730] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwOpenProcess [0xEF7EA4B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwOpenThread [0xEF7EA570] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwProtectVirtualMemory [0xEF7EA6D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwQueueApcThread [0xEF7EA790] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetContextThread [0xEF7EA690] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetInformationThread [0xEF7EA650] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSecurityObject [0xEF7EA7D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSuspendProcess [0xEF7EA510] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSuspendThread [0xEF7EA590] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwTerminateProcess [0xEF7EA4D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwTerminateThread [0xEF7EA5D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwWriteVirtualMemory [0xEF7EA750] ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF7BE7000, 0x1C5D38, 0xE8000020] init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xEF928A80] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Real\RealPlayer\update\realsched.exe[636] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1520] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Mozilla Firefox\firefox.exe[3444] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0172B780 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3444] kernel32.dll!lstrlenW + 43 7C809ADC 7 Bytes JMP 01F66EFD C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3444] kernel32.dll!MapViewOfFileEx + 6A 7C80B990 7 Bytes JMP 01F66EDA C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3444] kernel32.dll!ValidateLocale + B1E8 7C8449F8 7 Bytes JMP 01730836 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3444] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01F66E5B C:\Program Files\Mozilla Firefox\xul.dll ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys AttachedDevice \FileSystem\Fastfat \Fat eamon.sys ---- EOF - GMER 2.1 ----