GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-06-27 01:18:25 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\0000005d SAMSUNG_HD103UJ rev.1AA01118 Running: gmer.exe; Driver: C:\DOCUME~1\SysOp\USTAWI~1\Temp\kxtdqpog.sys ---- System - GMER 1.0.15 ---- SSDT d347bus.sys (PnP BIOS Extension/ ) ZwClose [0xF75BD818] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreateKey [0xF75BD7D0] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xF75B1A20] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF75B22A8] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF75BD910] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xF75BD794] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xF75B22C8] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xF75BD866] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xF75BD0B0] ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ZwYieldExecution + 12A 804E4964 2 Bytes [20, 1A] {AND [EDX], BL} ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1164] USER32.dll!SetWindowLongA 7E37C29D 5 Bytes JMP 1066003B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1164] USER32.dll!SetWindowLongW 7E37C2BB 5 Bytes JMP 1065FFCA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1164] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 1043AEF3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1164] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 1043B50D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1812] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 011AFA35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1812] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 014507C5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1812] kernel32.dll!MapViewOfFile 7C80B995 5 Bytes JMP 0145079E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1812] GDI32.dll!CreateDIBSection 77F19E19 5 Bytes JMP 01450728 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A45D150 Device \Driver\dtsoftbus01 \Device\00000061 8A1F8F00 Device \Driver\dtsoftbus01 \Device\00000062 8A1F8F00 Device \Driver\Cdrom \Device\CdRom0 8A247238 Device \FileSystem\Rdbss \Device\FsWrap 894A7468 Device \Driver\Cdrom \Device\CdRom1 8A247238 Device \Driver\Cdrom \Device\CdRom2 8A247238 Device \Driver\Cdrom \Device\CdRom3 8A247238 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl 8A1F8F00 Device \FileSystem\Srv \Device\LanmanServer 892EC4C8 Device \Driver\nvata \Device\0000005d 8A2473F8 Device \Driver\nvata \Device\0000005e 8A2473F8 Device \Driver\nvata \Device\NvAta0 8A2473F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 894A8260 Device \FileSystem\MRxSmb \Device\LanmanRedirector 894A8260 Device \FileSystem\Npfs \Device\NamedPipe 8A1FEDD0 Device \FileSystem\Msfs \Device\Mailslot 894F0220 Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 8A3CE0E8 Device \Driver\d347prt \Device\Scsi\d347prt1 8A3CE0E8 Device \FileSystem\Fs_Rec \FileSystem\ExFatRecognizer 894F9680 Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 894F9680 Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 894F9680 Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 894F9680 Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 894F9680 Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 894F9680 Device \FileSystem\Cdfs \Cdfs 8947CC78 ---- EOF - GMER 1.0.15 ----