GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-04-23 23:57:18
Windows 6.2.9200  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 SAMSUNG_SP2504C rev.VT100-50 232,89GB
Running: 59cz6vqx.exe; Driver: C:\Users\Piotrek\AppData\Local\Temp\kwddyfow.sys


---- System - GMER 2.1 ----

SSDT            8D9F1E87                                                                                                                ZwTerminateProcess
SSDT            8D9F1EFA                                                                                                                ZwSystemDebugControl
SSDT            8D9F1EF5                                                                                                                ZwSetSecurityObject
SSDT            8D9F1EEB                                                                                                                ZwSetContextThread
SSDT            8D9F1EF0                                                                                                                ZwRequestWaitReplyPort
SSDT            8D9F1EE6                                                                                                                ZwCreateSection

---- Kernel code sections - GMER 2.1 ----

.text           ntoskrnl.exe!ZwReplacePartitionUnit + 2697                                                                              813AF339 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 66A                                                                                  813B3D3A 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 2.1 ----

.text           C:\ProgramData\eSafe\eGdpSvc.exe[1376] ntdll.dll!DbgBreakPoint                                                          77D6125C 1 Byte  [C3]
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2472] ntdll.dll!RtlInitializeGenericTable + 39                             77D99F3A 7 Bytes  JMP 61D76D70 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2472] KERNEL32.DLL!GetCurrentThread + 6                                    7599158B 7 Bytes  JMP 620CD736 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2472] KERNEL32.DLL!TermsrvGetWindowsDirectoryW + 16                        7599280D 7 Bytes  JMP 620CD713 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2472] KERNEL32.DLL!BaseIsAppcompatInfrastructureDisabledWorker + 9C        7599589C 7 Bytes  JMP 61D91C62 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2472] GDI32.dll!SetWindowOrgEx + 3B2                                       76158E18 7 Bytes  JMP 620CD694 C:\Program Files\Mozilla Firefox\xul.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                       -954664148
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{A97DB40D-99D8-11E2-AF9C-806E6F6E6963}  476622304

---- EOF - GMER 2.1 ----