GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-09-25 21:28:24 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 GOODRAM_C40 rev.S8FM08.0 223,57GB Running: km5v74yd.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\pxldypog.sys ---- System - GMER 2.2 ---- SSDT \SystemRoot\system32\DRIVERS\PSINReg.sys ZwCreateKey [0xB6A746AE] SSDT \SystemRoot\system32\DRIVERS\PSINReg.sys ZwOpenKey [0xB6A74592] SSDT \SystemRoot\system32\DRIVERS\PSINProc.sys ZwTerminateProcess [0xB6A907CC] ---- User code sections - GMER 2.2 ---- .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2984] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10007940 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2984] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 01CF62E2 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2984] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 00F046B4 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2984] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 01392730 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2984] USER32.dll!GetMenuContextHelpId + 1A 7E3B5319 7 Bytes JMP 01CF4848 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3524] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10007940 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3524] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01AAEA1A C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3524] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01AADBE7 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3524] kernel32.dll!ValidateLocale + B648 7C844EE0 7 Bytes JMP 017F1B09 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3524] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01AAD4F6 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3524] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 026D4840 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3524] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 017A46B4 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3524] USER32.dll!CreateWindowExA 7E37E4A9 3 Bytes JMP 01C32730 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3524] USER32.dll!CreateWindowExA + 4 7E37E4AD 1 Byte [83] ---- Devices - GMER 2.2 ---- AttachedDevice \Driver\Tcpip \Device\Ip NNSPihs.sys AttachedDevice \Driver\Tcpip \Device\Tcp NNSPihs.sys AttachedDevice \Driver\Tcpip \Device\Udp NNSPihs.sys AttachedDevice \Driver\Tcpip \Device\RawIp NNSPihs.sys AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{65549CE2-2190-4026-AB59-E298DAA7B811}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{71B9B2D0-4A7B-4121-97F7-023F0BC97403}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet002\Control\Video\{65549CE2-2190-4026-AB59-E298DAA7B811}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet002\Control\Video\{71B9B2D0-4A7B-4121-97F7-023F0BC97403}\0000@D3D_\x3332\x3331 2089309684 ---- EOF - GMER 2.2 ----