GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-02-07 13:20:38 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\00000060 SAMSUNG_HD322HJ rev.1AC01113 Running: cks3qmll.exe; Driver: C:\DOCUME~1\BEATA\USTAWI~1\Temp\uxtdapow.sys ---- System - GMER 1.0.15 ---- SSDT BA6D9A74 ZwClose SSDT BA6D9A2E ZwCreateKey SSDT BA6D9A7E ZwCreateSection SSDT BA6D9A24 ZwCreateThread SSDT BA6D9A33 ZwDeleteKey SSDT BA6D9A3D ZwDeleteValueKey SSDT BA6D9A6F ZwDuplicateObject SSDT BA6D9A42 ZwLoadKey SSDT BA6D9A10 ZwOpenProcess SSDT BA6D9A15 ZwOpenThread SSDT BA6D9A4C ZwReplaceKey SSDT BA6D9A47 ZwRestoreKey SSDT BA6D9A83 ZwSetContextThread SSDT BA6D9A38 ZwSetValueKey SSDT BA6D9A1F ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9564380, 0x2F2FC7, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[3524] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01221B30 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3544] USER32.dll!SetWindowLongA 7E37C29D 5 Bytes JMP 106B66DC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3544] USER32.dll!SetWindowLongW 7E37C2BB 5 Bytes JMP 106B666E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3544] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 1044A4E7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3544] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 1044AABD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----