GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-11-20 19:20:50 Windows 5.1.2600 Dodatek Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2080BH_PL rev.892C 74,53GB Running: 637phojb.exe; Driver: C:\DOCUME~1\Ania\USTAWI~1\Temp\kxxyykog.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwAssignProcessToJobObject [0xAA720610] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwDebugActiveProcess [0xAA720C10] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwDuplicateObject [0xAA720730] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwOpenProcess [0xAA7204B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwOpenThread [0xAA720570] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwProtectVirtualMemory [0xAA7206D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwQueueApcThread [0xAA720790] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetContextThread [0xAA720690] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetInformationThread [0xAA720650] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSecurityObject [0xAA7207D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSuspendProcess [0xAA720510] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSuspendThread [0xAA720590] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwTerminateProcess [0xAA7204D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwTerminateThread [0xAA7205D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwWriteVirtualMemory [0xAA720750] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1480] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 00] ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys ---- EOF - GMER 2.1 ----