GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-12-06 18:55:24 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS543232L9A300 rev.FB4OC40C Running: k4vqeu8w.exe; Driver: C:\DOCUME~1\Kinga_PN\USTAWI~1\Temp\uxtdrpoc.sys ---- System - GMER 1.0.15 ---- SSDT B871E874 ZwClose SSDT B871E82E ZwCreateKey SSDT B871E87E ZwCreateSection SSDT B871E824 ZwCreateThread SSDT B871E833 ZwDeleteKey SSDT B871E83D ZwDeleteValueKey SSDT B871E86F ZwDuplicateObject SSDT B871E842 ZwLoadKey SSDT B871E810 ZwOpenProcess SSDT B871E815 ZwOpenThread SSDT B871E897 ZwQueryValueKey SSDT B871E84C ZwReplaceKey SSDT B871E888 ZwRequestWaitReplyPort SSDT B871E847 ZwRestoreKey SSDT B871E883 ZwSetContextThread SSDT B871E88D ZwSetSecurityObject SSDT B871E838 ZwSetValueKey SSDT B871E892 ZwSystemDebugControl SSDT B871E81F ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2C48 805044E4 4 Bytes CALL D1CEFD5A .text ntkrnlpa.exe!ZwCallbackReturn + 2C88 80504524 4 Bytes [2E, E8, 71, B8] .text ntkrnlpa.exe!ZwCallbackReturn + 2CAC 80504548 4 Bytes CALL D09EFDBE .text ntkrnlpa.exe!ZwCallbackReturn + 2CB8 80504554 4 Bytes CALL EFBEFDCA .text ntkrnlpa.exe!ZwCallbackReturn + 2CE0 8050457C 4 Bytes CALL D2DAFDF2 .text ... .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB73E7360, 0x33A1AD, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[2376] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 012A3690 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----