GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-05-17 19:56:58 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD103SJ rev.1AJ10001 Running: yfguow1n.exe; Driver: F:\DOCUME~1\kkkk\USTAWI~1\Temp\pxtdqpow.sys ---- System - GMER 1.0.15 ---- SSDT F7A954DC ZwClose SSDT F7A95496 ZwCreateKey SSDT F7A954E6 ZwCreateSection SSDT F7A9548C ZwCreateThread SSDT F7A9549B ZwDeleteKey SSDT F7A954A5 ZwDeleteValueKey SSDT F7A954D7 ZwDuplicateObject SSDT F7A954AA ZwLoadKey SSDT F7A95478 ZwOpenProcess SSDT F7A9547D ZwOpenThread SSDT F7A954B4 ZwReplaceKey SSDT F7A954AF ZwRestoreKey SSDT F7A954EB ZwSetContextThread SSDT F7A954A0 ZwSetValueKey SSDT F7A95487 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- ? Combo-Fix.sys Nie można odnaleźć określonego pliku. ! .text F:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF44D6000, 0x223937, 0xE8000020] ? F:\ComboFix\catchme.sys Nie można odnaleźć określonego pliku. ! ? F:\WINDOWS\system32\Drivers\PROCEXP113.SYS Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text F:\Program Files\Mozilla Firefox\firefox.exe[3908] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0126C930 F:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text F:\Program Files\Mozilla Firefox\firefox.exe[3908] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 0149E0AA F:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text F:\Program Files\Mozilla Firefox\firefox.exe[3908] kernel32.dll!MapViewOfFile 7C80B9A5 5 Bytes JMP 0149E083 F:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text F:\Program Files\Mozilla Firefox\firefox.exe[3908] GDI32.dll!CreateDIBSection 77F19E19 5 Bytes JMP 0149E00D F:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Devices - GMER 1.0.15 ---- Device \Driver\USB_RNDIS \Device\{14349AFF-8444-4425-AA34-FB22A989B6BF} RNDISMP.SYS (Remote NDIS Miniport/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----