GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-06 15:46:18 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS725025A9A364 rev.PC2OC72E 232,89GB Running: oor0e90e.exe; Driver: C:\DOCUME~1\irena\USTAWI~1\Temp\kxlcrpog.sys ---- System - GMER 2.1 ---- SSDT BA7536AC ZwClose SSDT BA753666 ZwCreateKey SSDT BA7536B6 ZwCreateSection SSDT BA75365C ZwCreateThread SSDT BA75366B ZwDeleteKey SSDT BA753675 ZwDeleteValueKey SSDT BA7536A7 ZwDuplicateObject SSDT BA75367A ZwLoadKey SSDT BA753648 ZwOpenProcess SSDT BA75364D ZwOpenThread SSDT BA753684 ZwReplaceKey SSDT BA75367F ZwRestoreKey SSDT BA7536BB ZwSetContextThread SSDT BA753670 ZwSetValueKey SSDT BA753657 ZwTerminateProcess ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xA989D000, 0x238717, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[2012] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 01829AE0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2012] ntdll.dll!NtFlushBuffersFile 7C90D310 5 Bytes JMP 0180C434 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2012] ntdll.dll!NtQueryFullAttributesFile 7C90D790 5 Bytes JMP 0180C150 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2012] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 0180C330 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2012] ntdll.dll!NtReadFileScatter 7C90D9C0 5 Bytes JMP 0222F60F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2012] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 0182A9F0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2012] ntdll.dll!NtWriteFileGather 7C90DF70 5 Bytes JMP 0222F5BE C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2012] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10001F42 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2012] kernel32.dll!lstrlenW + 43 7C809ADC 7 Bytes JMP 02154AC3 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2012] kernel32.dll!MapViewOfFileEx + 6A 7C80B990 7 Bytes JMP 02154AA0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2012] kernel32.dll!ValidateLocale + B1E8 7C8449F8 7 Bytes JMP 018263D0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2012] GDI32.dll!SetDIBitsToDevice + 209 77F19E04 7 Bytes JMP 02154A21 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2012] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 0204B991 C:\Program Files\Mozilla Firefox\xul.dll ---- EOF - GMER 2.1 ----