GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-10-28 13:50:52 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 WDC_WD800JB-00JJA0 rev.05.01C05 Running: mgjjlji5.exe; Driver: C:\DOCUME~1\kuba\USTAWI~1\Temp\pwtdipod.sys ---- System - GMER 1.0.15 ---- SSDT F7E9F47C ZwClose SSDT F7E9F436 ZwCreateKey SSDT F7E9F486 ZwCreateSection SSDT F7E9F42C ZwCreateThread SSDT F7E9F43B ZwDeleteKey SSDT F7E9F445 ZwDeleteValueKey SSDT F7E9F477 ZwDuplicateObject SSDT F7E9F44A ZwLoadKey SSDT F7E9F418 ZwOpenProcess SSDT F7E9F41D ZwOpenThread SSDT F7E9F454 ZwReplaceKey SSDT F7E9F44F ZwRestoreKey SSDT F7E9F48B ZwSetContextThread SSDT F7E9F440 ZwSetValueKey SSDT F7E9F427 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF722A000, 0x1C5D38, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[1608] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 01455B00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1608] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01697B58 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1608] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 1 Byte [E9] .text C:\Program Files\Mozilla Firefox\firefox.exe[1608] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01697B35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1608] kernel32.dll!ValidateLocale + B138 7C844930 7 Bytes JMP 0145EF12 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1608] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01697AB6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- EOF - GMER 1.0.15 ----