GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-07-29 12:11:36 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600AAJS-00PSA0 rev.05.06H05 Running: s5ngbuc8.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\pwriypoc.sys ---- Kernel code sections - GMER 1.0.15 ---- .xreloc C:\WINDOWS\system32\drivers\sfsync04.sys unknown last section [0xF750E000, 0xC0A, 0x40000040] .sfrelocÿÿÿÿsfsync03unknown last section [0xF767D000, 0xA20, 0x40000040] C:\WINDOWS\system32\drivers\sfsync03.sys unknown last section [0xF767D000, 0xA20, 0x40000040] .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6BB5360, 0x3E57A5, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Real\RealPlayer\update\realsched.exe[1992] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\Mozilla Firefox\firefox.exe[3196] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0117B52A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3196] kernel32.dll!lstrlenW + 43 7C809ADC 7 Bytes JMP 0142B6F5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3196] kernel32.dll!MapViewOfFileEx + 6A 7C80B990 7 Bytes JMP 0142B6D2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3196] GDI32.dll!SetDIBitsToDevice + 209 77F19E04 7 Bytes JMP 0142B653 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Devices - GMER 1.0.15 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort2 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort3 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\usbstor \Device\00000068 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\usbstor \Device\0000006b sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\usbstor \Device\0000006c sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\usbstor \Device\0000006d sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\usbstor \Device\0000006e sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology) ---- EOF - GMER 1.0.15 ----