GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-04-24 16:04:49 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.04.0 Running: gmer.exe; Driver: C:\DOCUME~1\Kamil\USTAWI~1\Temp\uwtdypog.sys ---- System - GMER 1.0.15 ---- SSDT d347bus.sys (PnP BIOS Extension/ ) ZwClose [0xF74A4818] SSDT A6BE9E9E ZwCreateKey SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xF7498A20] SSDT A6BE9E94 ZwCreateThread SSDT A6BE9EA3 ZwDeleteKey SSDT A6BE9EAD ZwDeleteValueKey SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF74992A8] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF74A4910] SSDT A6BE9EB2 ZwLoadKey SSDT d347bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xF74A4794] SSDT A6BE9E80 ZwOpenProcess SSDT A6BE9E85 ZwOpenThread SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xF74992C8] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xF74A4866] SSDT A6BE9EBC ZwReplaceKey SSDT A6BE9EB7 ZwRestoreKey SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xF74A40B0] SSDT A6BE9EA8 ZwSetValueKey SSDT A6BE9E8F ZwTerminateProcess ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[3928] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01255B60 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4084] USER32.dll!SetWindowLongA 77D3DED3 5 Bytes JMP 106C01A3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4084] USER32.dll!SetWindowLongW 77D3DEF1 5 Bytes JMP 106C0135 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4084] USER32.dll!GetWindowInfo 77D3F122 5 Bytes JMP 10450924 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4084] USER32.dll!TrackPopupMenu 77D84F16 5 Bytes JMP 10450ECF C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 85BAB628 AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \Driver\Cdrom \Device\CdRom0 85B10008 Device \FileSystem\Rdbss \Device\FsWrap 856BD508 Device \Driver\atapi \Device\Ide\IdePort0 86573008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 86573008 Device \Driver\Cdrom \Device\CdRom1 85B10008 Device \FileSystem\Srv \Device\LanmanServer 854F4630 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85549CB0 Device \FileSystem\MRxSmb \Device\LanmanRedirector 85549CB0 Device \FileSystem\Npfs \Device\NamedPipe 85AFE030 Device \FileSystem\Msfs \Device\Mailslot 85554AF0 Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 8579DCB8 Device \Driver\d347prt \Device\Scsi\d347prt1 8579DCB8 Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 855D7B00 Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 855D7B00 Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 855D7B00 Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 855D7B00 Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 855D7B00 Device \FileSystem\Cdfs \Cdfs 85903BE0 ---- Modules - GMER 1.0.15 ---- Module _________ F7324000-F733C000 (98304 bytes) ---- EOF - GMER 1.0.15 ----