GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-05-04 02:12:34 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e SAMSUNG_HD250HJ rev.FH100-05 232,88GB Running: 2sn3q5z1.exe; Driver: C:\DOCUME~1\Serwer\USTAWI~1\Temp\ufddypob.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwAssignProcessToJobObject [0xB36B6610] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwDebugActiveProcess [0xB36B6C10] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwDuplicateObject [0xB36B6730] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwOpenProcess [0xB36B64B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwOpenThread [0xB36B6570] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwProtectVirtualMemory [0xB36B66D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwQueueApcThread [0xB36B6790] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetContextThread [0xB36B6690] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetInformationThread [0xB36B6650] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSecurityObject [0xB36B67D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSuspendProcess [0xB36B6510] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSuspendThread [0xB36B6590] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwTerminateProcess [0xB36B64D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwTerminateThread [0xB36B65D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwWriteVirtualMemory [0xB36B6750] SSDT \WINDOWS\system32\ntkrnlpa.exe ZwCreateKey [0x804D70CC] SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D70CC] ZwCreateKey [0x804D70CC] SSDT \WINDOWS\system32\ntkrnlpa.exe ZwOpenKey [0x804D70D1] SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D70D1] ZwOpenKey [0x804D70D1] INT 0x03 \WINDOWS\system32\ntkrnlpa.exe[unknown section] 804D70D6 INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys B1DB516D INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys B1DB4FC2 ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 307D 80504965 7 Bytes [65, 6B, B3, 90, 65, 6B, B3] .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB68433C0, 0x84E2FA, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\aksfridge.sys section is writeable [0xB1AE5000, 0x4BE00, 0xE0000020] .init C:\WINDOWS\system32\DRIVERS\aksfridge.sys entry point in ".init" section [0xB1B3E224] .init C:\WINDOWS\system32\DRIVERS\aksfridge.sys unknown last code section [0xB1B3E000, 0x4000, 0xE20000E0] .text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xB181F400, 0x6CBD0, 0xE8000020] .init C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".init" section [0xB18A3424] .init C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xB18A3200, 0xEC00, 0xE20000E0] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1924] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 4 Bytes [C2, 04, 00, 00] ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS AttachedDevice \FileSystem\Fastfat \Fat eamon.sys ---- EOF - GMER 2.1 ----