GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-08-26 15:32:35 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD1600BEVT-60ZCT1 rev.13.01A13 Running: zk3oxui4.exe; Driver: C:\Users\Corinna\AppData\Local\Temp\axliafod.sys ---- System - GMER 1.0.15 ---- SSDT 89B1DE8E ZwCreateSection SSDT 89B1DE98 ZwRequestWaitReplyPort SSDT 89B1DE93 ZwSetContextThread SSDT 89B1DE9D ZwSetSecurityObject SSDT 89B1DEA2 ZwSystemDebugControl SSDT 89B1DE2F ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 215 81EB08D8 4 Bytes [8E, DE, B1, 89] {MOV DS, SI; MOV CL, 0x89} .text ntkrnlpa.exe!KeSetEvent + 539 81EB0BFC 4 Bytes [98, DE, B1, 89] .text ntkrnlpa.exe!KeSetEvent + 56D 81EB0C30 4 Bytes [93, DE, B1, 89] .text ntkrnlpa.exe!KeSetEvent + 5D1 81EB0C94 4 Bytes [9D, DE, B1, 89] .text ntkrnlpa.exe!KeSetEvent + 619 81EB0CDC 4 Bytes [A2, DE, B1, 89] .text ... ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[3296] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 6756FA35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3296] kernel32.dll!MapViewOfFile 76036B10 5 Bytes JMP 6781079E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3296] kernel32.dll!VirtualAlloc 7603AF75 5 Bytes JMP 678107C5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3296] USER32.dll!GetWindowInfo 772A428E 5 Bytes JMP 676F29CB C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3296] GDI32.dll!CreateDIBSection 76C27461 5 Bytes JMP 67810728 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----