GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-04-01 12:31:23 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 SAMSUNG_SP1654N rev.BV100-45 Running: gyvm2j3b.exe; Driver: C:\DOCUME~1\ADMINI~1.DOM\USTAWI~1\Temp\kwedifod.sys ---- System - GMER 1.0.15 ---- SSDT B873C4B4 ZwClose SSDT B873C46E ZwCreateKey SSDT B873C4BE ZwCreateSection SSDT B873C464 ZwCreateThread SSDT B873C473 ZwDeleteKey SSDT B873C47D ZwDeleteValueKey SSDT B873C4AF ZwDuplicateObject SSDT B873C482 ZwLoadKey SSDT B873C450 ZwOpenProcess SSDT B873C455 ZwOpenThread SSDT B873C4D7 ZwQueryValueKey SSDT B873C48C ZwReplaceKey SSDT B873C4C8 ZwRequestWaitReplyPort SSDT B873C487 ZwRestoreKey SSDT B873C4C3 ZwSetContextThread SSDT B873C4CD ZwSetSecurityObject SSDT B873C478 ZwSetValueKey SSDT B873C4D2 ZwSystemDebugControl SSDT B873C45F ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB69F03A0, 0x59FFE5, 0xE8000020] init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xB203DA80] ---- User code sections - GMER 1.0.15 ---- .text F:\Program Files\Mozilla Firefox\firefox.exe[2416] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01229720 F:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text F:\Program Files\Mozilla Firefox\firefox.exe[2416] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 0145E21B F:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text F:\Program Files\Mozilla Firefox\firefox.exe[2416] kernel32.dll!MapViewOfFile 7C80B9A5 5 Bytes JMP 0145E1F4 F:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text F:\Program Files\Mozilla Firefox\firefox.exe[2416] GDI32.dll!CreateDIBSection 77F19E19 5 Bytes JMP 0145E17E F:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3264] ntdll.dll!DbgUiRemoteBreakin 7C9520EC 1 Byte [C3] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00025b00c255 Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00025b00c255 (not active ControlSet) ---- EOF - GMER 1.0.15 ----