GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-02-20 20:43:42 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_SP0802N rev.TK100-24 Running: gmer.exe; Driver: C:\DOCUME~1\Ewa\USTAWI~1\Temp\kxncifoc.sys ---- System - GMER 1.0.15 ---- SSDT F8A85276 ZwCreateKey SSDT F8A8526C ZwCreateThread SSDT F8A8527B ZwDeleteKey SSDT F8A85285 ZwDeleteValueKey SSDT F8A8528A ZwLoadKey SSDT F8A85258 ZwOpenProcess SSDT F8A8525D ZwOpenThread SSDT F8A85294 ZwReplaceKey SSDT F8A8528F ZwRestoreKey SSDT F8A85280 ZwSetValueKey SSDT F8A85267 ZwTerminateProcess ---- User code sections - GMER 1.0.15 ---- .text D:\Program Files\Mozilla Firefox\plugin-container.exe[324] USER32.dll!SetWindowLongA 77D3DED3 5 Bytes JMP 106C01A3 D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text D:\Program Files\Mozilla Firefox\plugin-container.exe[324] USER32.dll!SetWindowLongW 77D3DEF1 5 Bytes JMP 106C0135 D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text D:\Program Files\Mozilla Firefox\plugin-container.exe[324] USER32.dll!GetWindowInfo 77D3F122 5 Bytes JMP 10450924 D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text D:\Program Files\Mozilla Firefox\plugin-container.exe[324] USER32.dll!TrackPopupMenu 77D84F16 5 Bytes JMP 10450ECF D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text D:\Program Files\Mozilla Firefox\firefox.exe[528] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01215B60 D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00025b0abd85 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00025b0abd85@f49f54cb09ec 0x0E 0x11 0x2E 0x75 ... ---- EOF - GMER 1.0.15 ----