GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-12-15 17:22:41 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 ST3160815AS rev.3.AAD Running: gmer.exe; Driver: C:\DOCUME~1\waldek\USTAWI~1\Temp\pwtdypob.sys ---- System - GMER 1.0.15 ---- SSDT BA69DE24 ZwClose SSDT BA69DDDE ZwCreateKey SSDT BA69DE2E ZwCreateSection SSDT BA69DDD4 ZwCreateThread SSDT BA69DDE3 ZwDeleteKey SSDT BA69DDED ZwDeleteValueKey SSDT BA69DE1F ZwDuplicateObject SSDT BA69DDF2 ZwLoadKey SSDT BA69DDC0 ZwOpenProcess SSDT BA69DDC5 ZwOpenThread SSDT BA69DE47 ZwQueryValueKey SSDT BA69DDFC ZwReplaceKey SSDT BA69DE38 ZwRequestWaitReplyPort SSDT BA69DDF7 ZwRestoreKey SSDT BA69DE33 ZwSetContextThread SSDT BA69DE3D ZwSetSecurityObject SSDT BA69DDE8 ZwSetValueKey SSDT BA69DE42 ZwSystemDebugControl SSDT BA69DDCF ZwTerminateProcess Code \??\C:\DOCUME~1\waldek\USTAWI~1\Temp\catchme.sys pIofCallDriver ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2FC0 8050485C 4 Bytes CALL 990AB23E init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xAD4FBA00] ? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Nie można odnaleźć określonego pliku. ! ? C:\DOCUME~1\waldek\USTAWI~1\Temp\catchme.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1532] USER32.dll!SetWindowLongA 7E37C29D 5 Bytes JMP 106AC350 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1532] USER32.dll!SetWindowLongW 7E37C2BB 5 Bytes JMP 106AC2E2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1532] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 1045E363 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1532] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 1045E91C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2872] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 012A2EC0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----