GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-02-28 01:18:36 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.PBBO Running: gmer.exe; Driver: C:\Users\Kata\AppData\Local\Temp\kwtdqpow.sys ---- System - GMER 1.0.15 ---- SSDT 8D802EE8 ZwAlertResumeThread SSDT 8D802300 ZwAlertThread SSDT 8D2FF460 ZwAllocateVirtualMemory SSDT 8D2C6DA0 ZwConnectPort SSDT 8D802C38 ZwCreateMutant SSDT 8D2FAE30 ZwCreateThread SSDT 8D2FFA60 ZwFreeVirtualMemory SSDT 8D802D28 ZwImpersonateAnonymousToken SSDT 8D802E08 ZwImpersonateThread SSDT 8D2FF960 ZwMapViewOfSection SSDT 8D802B58 ZwOpenEvent SSDT 8D2FF530 ZwOpenProcessToken SSDT 8D89D4A8 ZwOpenThreadToken SSDT 8D809C28 ZwResumeThread SSDT 8D802698 ZwSetContextThread SSDT 8D89D598 ZwSetInformationProcess SSDT 8D8025C8 ZwSetInformationThread SSDT 8D802A78 ZwSuspendProcess SSDT 8D802408 ZwSuspendThread SSDT 87DFD2C8 ZwTerminateProcess SSDT 8D8024E8 ZwTerminateThread SSDT 8D89D688 ZwUnmapViewOfSection SSDT 8D2FFB30 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 11D 820FA8A0 8 Bytes CALL 829D28D3 .text ntkrnlpa.exe!KeSetEvent + 131 820FA8B4 4 Bytes [60, F4, 2F, 8D] .text ntkrnlpa.exe!KeSetEvent + 1C1 820FA944 4 Bytes [A0, 6D, 2C, 8D] .text ntkrnlpa.exe!KeSetEvent + 1F5 820FA978 4 Bytes [38, 2C, 80, 8D] .text ntkrnlpa.exe!KeSetEvent + 221 820FA9A4 4 Bytes [30, AE, 2F, 8D] .text ... ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[772] ntdll.dll!LdrLoadDll 776D9378 5 Bytes JMP 67F15B60 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2008] USER32.dll!SetWindowLongA 7705E7CD 5 Bytes JMP 683001A3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2008] USER32.dll!SetWindowLongW 770613B4 5 Bytes JMP 68300135 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2008] USER32.dll!GetWindowInfo 7706428E 5 Bytes JMP 68090924 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2008] USER32.dll!TrackPopupMenu 770714F3 5 Bytes JMP 68090ECF C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) ---- EOF - GMER 1.0.15 ----