GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-10-31 22:22:57 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST313021A rev.3.32 Running: zxruk960.exe; Driver: C:\DOCUME~1\Jaro\USTAWI~1\Temp\pgtdypoc.sys ---- System - GMER 1.0.15 ---- SSDT F8B3006C ZwClose SSDT F8B30026 ZwCreateKey SSDT F8B30076 ZwCreateSection SSDT F8B3001C ZwCreateThread SSDT F8B3002B ZwDeleteKey SSDT F8B30035 ZwDeleteValueKey SSDT F8B30067 ZwDuplicateObject SSDT F8B3003A ZwLoadKey SSDT F8B30008 ZwOpenProcess SSDT F8B3000D ZwOpenThread SSDT F8B3008F ZwQueryValueKey SSDT F8B30044 ZwReplaceKey SSDT F8B30080 ZwRequestWaitReplyPort SSDT F8B3003F ZwRestoreKey SSDT F8B3007B ZwSetContextThread SSDT F8B30085 ZwSetSecurityObject SSDT F8B30030 ZwSetValueKey SSDT F8B3008A ZwSystemDebugControl SSDT F8B30017 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF7F1A360, 0x24BB1D, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[3404] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 01455B00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3404] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01697B58 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3404] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 1 Byte [E9] .text C:\Program Files\Mozilla Firefox\firefox.exe[3404] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01697B35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3404] kernel32.dll!ValidateLocale + B138 7C844930 7 Bytes JMP 0145EF12 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3404] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01697AB6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3424] USER32.dll!DefWindowProcA + 11A 7E37C298 7 Bytes JMP 105DAAB0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3424] USER32.dll!SetWindowLongA + 19 7E37C2B6 7 Bytes JMP 105DAA3F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3424] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 10424559 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3424] USER32.dll!GetMenuContextHelpId + 1A 7E3B5319 7 Bytes JMP 10424BB1 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0E 0x96 0xA7 0xD5 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0E 0x96 0xA7 0xD5 ... ---- EOF - GMER 1.0.15 ----