GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-04-23 16:07:17 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.04.0 Running: gmer.exe; Driver: C:\DOCUME~1\Kamil\USTAWI~1\Temp\uwtdypog.sys ---- System - GMER 1.0.15 ---- SSDT d347bus.sys (PnP BIOS Extension/ ) ZwClose [0xF74A4818] SSDT 9CF5A15E ZwCreateKey SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xF7498A20] SSDT 9CF5A154 ZwCreateThread SSDT 9CF5A163 ZwDeleteKey SSDT 9CF5A16D ZwDeleteValueKey SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF74992A8] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF74A4910] SSDT 9CF5A172 ZwLoadKey SSDT d347bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xF74A4794] SSDT 9CF5A140 ZwOpenProcess SSDT 9CF5A145 ZwOpenThread SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xF74992C8] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xF74A4866] SSDT 9CF5A17C ZwReplaceKey SSDT 9CF5A177 ZwRestoreKey SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xF74A40B0] SSDT 9CF5A168 ZwSetValueKey SSDT 9CF5A14F ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- PAGE ntkrnlpa.exe!ZwResumeThread 805D3148 1 Byte [CC] {INT 3 } .text iaStor.sys F734EB58 1 Byte [CC] {INT 3 } ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[3296] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01255B60 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3568] USER32.dll!SetWindowLongA 77D3DED3 5 Bytes JMP 106C01A3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3568] USER32.dll!SetWindowLongW 77D3DEF1 5 Bytes JMP 106C0135 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3568] USER32.dll!GetWindowInfo 77D3F122 5 Bytes JMP 10450924 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3568] USER32.dll!TrackPopupMenu 77D84F16 5 Bytes JMP 10450ECF C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 85B98620 AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \Driver\Cdrom \Device\CdRom0 85B29008 Device \FileSystem\Rdbss \Device\FsWrap 85948E78 Device \Driver\atapi \Device\Ide\IdePort0 8581E140 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8581E140 Device \Driver\Cdrom \Device\CdRom1 85B29008 Device \FileSystem\Srv \Device\LanmanServer 856A23E0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 859486C8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 859486C8 Device \FileSystem\Npfs \Device\NamedPipe 858D4CF8 Device \FileSystem\Msfs \Device\Mailslot 85C270D8 Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 858612B8 Device \Driver\d347prt \Device\Scsi\d347prt1 858612B8 Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 85999178 Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 85999178 Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 85999178 Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 85999178 Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 85999178 Device \FileSystem\Cdfs \Cdfs 85590250 ---- Modules - GMER 1.0.15 ---- Module _________ F7324000-F733C000 (98304 bytes) ---- Threads - GMER 1.0.15 ---- Thread System [4:988] 858A10F4 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40 ---- EOF - GMER 1.0.15 ----