GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-18 18:41:22
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 SAMSUNG_SV0221N rev.UA100-07
Running: q4qp409e.exe; Driver: C:\DOCUME~1\Tomek\USTAWI~1\Temp\awadifoc.sys


---- System - GMER 1.0.15 ----

SSDT            F8BE5B64                                                                              ZwClose
SSDT            F8BE5B1E                                                                              ZwCreateKey
SSDT            F8BE5B6E                                                                              ZwCreateSection
SSDT            F8BE5B14                                                                              ZwCreateThread
SSDT            F8BE5B23                                                                              ZwDeleteKey
SSDT            F8BE5B2D                                                                              ZwDeleteValueKey
SSDT            F8BE5B5F                                                                              ZwDuplicateObject
SSDT            F8BE5B32                                                                              ZwLoadKey
SSDT            F8BE5B00                                                                              ZwOpenProcess
SSDT            F8BE5B05                                                                              ZwOpenThread
SSDT            F8BE5B87                                                                              ZwQueryValueKey
SSDT            F8BE5B3C                                                                              ZwReplaceKey
SSDT            F8BE5B78                                                                              ZwRequestWaitReplyPort
SSDT            F8BE5B37                                                                              ZwRestoreKey
SSDT            F8BE5B73                                                                              ZwSetContextThread
SSDT            F8BE5B7D                                                                              ZwSetSecurityObject
SSDT            F8BE5B28                                                                              ZwSetValueKey
SSDT            F8BE5B82                                                                              ZwSystemDebugControl
SSDT            F8BE5B0F                                                                              ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\System32\DRIVERS\nv4_mini.sys                                              section is writeable [0xF7FD8360, 0x1DEE5D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[380] USER32.dll!SetWindowLongA  7E37C29D 5 Bytes  JMP 106AC350 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[380] USER32.dll!SetWindowLongW  7E37C2BB 5 Bytes  JMP 106AC2E2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[380] USER32.dll!GetWindowInfo   7E37C49C 5 Bytes  JMP 1045E363 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[380] USER32.dll!TrackPopupMenu  7E3B531E 5 Bytes  JMP 1045E91C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1372] ntdll.dll!LdrLoadDll               7C9163A3 5 Bytes  JMP 01262EC0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Fastfat \Fat                                                              fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----