GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-20 21:00:40
Windows 6.0.6000  Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LB01
Running: gmer.exe; Driver: C:\Users\cziken\AppData\Local\Temp\kglyrpoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\DRIVERS\tos_sps32.sys                                                                                      section is writeable [0x89E12000, 0x4036D, 0xE8000020]
.dsrt           C:\Windows\system32\DRIVERS\tos_sps32.sys                                                                                      unknown last section [0x89E5B000, 0x510, 0x40000040]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Mozilla Firefox\firefox.exe[1604] ntdll.dll!LdrLoadDll                                                        77BCEB00 5 Bytes  JMP 6F72B52A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1604] kernel32.dll!ActivateActCtx + 2C                                            76537379 7 Bytes  JMP 6F9DB6D2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1604] kernel32.dll!VirtualAllocEx + 54                                            76559BC5 7 Bytes  JMP 6F9DB6F5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1604] USER32.dll!GetWindowInfo                                                    766000DB 5 Bytes  JMP 6F8B2BD4 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1604] GDI32.dll!SetTextAlign + E6                                                 77987EEF 7 Bytes  JMP 6F9DB653 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                        Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                        Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                        Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                        Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                                      Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5F25BF62-6CDE-4F7B-A15A-BF7D850AE0A0}@LeaseObtainedTime    1342806532
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5F25BF62-6CDE-4F7B-A15A-BF7D850AE0A0}@T1                   1342808332
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5F25BF62-6CDE-4F7B-A15A-BF7D850AE0A0}@T2                   1342809682
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5F25BF62-6CDE-4F7B-A15A-BF7D850AE0A0}@LeaseTerminatesTime  1342810132

---- EOF - GMER 1.0.15 ----