GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-06-12 14:48:29 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17 ST380811AS rev.3.AAE Running: pupggppx.exe; Driver: C:\DOCUME~1\0wocowka\USTAWI~1\Temp\kxriiaow.sys ---- System - GMER 1.0.15 ---- SSDT F7E9BFDC ZwClose SSDT F7E9BF96 ZwCreateKey SSDT F7E9BFE6 ZwCreateSection SSDT F7E9BF8C ZwCreateThread SSDT F7E9BF9B ZwDeleteKey SSDT F7E9BFA5 ZwDeleteValueKey SSDT F7E9BFD7 ZwDuplicateObject SSDT F7E9BFAA ZwLoadKey SSDT F7E9BF78 ZwOpenProcess SSDT F7E9BF7D ZwOpenThread SSDT F7E9BFB4 ZwReplaceKey SSDT F7E9BFAF ZwRestoreKey SSDT F7E9BFEB ZwSetContextThread SSDT F7E9BFA0 ZwSetValueKey SSDT F7E9BF87 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6BD3360, 0x24526E, 0xE8000020] init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xF4711A80] init C:\WINDOWS\System32\atkosdmini.dll entry point in "init" section [0xBF04E480] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[2356] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 011A696F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2356] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 01450240 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2356] kernel32.dll!MapViewOfFile 7C80B9A5 5 Bytes JMP 01450219 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2356] GDI32.dll!CreateDIBSection 77F19E19 5 Bytes JMP 014501A3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2796] USER32.dll!SetWindowLongA 7E37C29D 5 Bytes JMP 1065FB5F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2796] USER32.dll!SetWindowLongW 7E37C2BB 5 Bytes JMP 1065FAEE C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2796] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 1043A76C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2796] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 1043AD79 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Processes - GMER 1.0.15 ---- Library c:\windows\system32\n (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [548] 0x45670000 Library c:\windows\system32\n (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1116] 0x45670000 Library c:\windows\system32\n (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\plugin-container.exe [2796] 0x45670000 ---- EOF - GMER 1.0.15 ----