GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-07-05 14:40:55 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\0000005c SAMSUNG_HD103UJ rev.1AA01118 Running: gmer.exe; Driver: C:\DOCUME~1\SysOp\USTAWI~1\Temp\kxtdqpog.sys ---- System - GMER 1.0.15 ---- SSDT d347bus.sys (PnP BIOS Extension/ ) ZwClose [0xF75BD818] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreateKey [0xF75BD7D0] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xF75B1A20] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF75B22A8] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF75BD910] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xF75BD794] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xF75B22C8] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xF75BD866] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xF75BD0B0] ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ZwYieldExecution + 12A 804E4984 2 Bytes [20, 1A] {AND [EDX], BL} ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[516] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 011AFA35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[516] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 014507C5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[516] kernel32.dll!MapViewOfFile 7C80B9A5 5 Bytes JMP 0145079E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[516] GDI32.dll!CreateDIBSection 77F19E19 5 Bytes JMP 01450728 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1484] USER32.dll!SetWindowLongA 7E37C29D 5 Bytes JMP 1066003B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1484] USER32.dll!SetWindowLongW 7E37C2BB 5 Bytes JMP 1065FFCA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1484] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 1043AEF3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1484] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 1043B50D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A3E0710 Device \Driver\dtsoftbus01 \Device\00000060 8A222268 Device \Driver\dtsoftbus01 \Device\00000061 8A222268 Device \Driver\Cdrom \Device\CdRom0 8A2334A8 Device \FileSystem\Rdbss \Device\FsWrap 894AD458 Device \Driver\Cdrom \Device\CdRom1 8A2334A8 Device \Driver\Cdrom \Device\CdRom2 8A2334A8 Device \Driver\Cdrom \Device\CdRom3 8A2334A8 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl 8A222268 Device \Driver\nvata \Device\0000005c 8A233DF0 Device \FileSystem\Srv \Device\LanmanServer 894B3FB0 Device \Driver\nvata \Device\0000005d 8A233DF0 Device \Driver\nvata \Device\NvAta0 8A233DF0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89497EA8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 89497EA8 Device \FileSystem\Npfs \Device\NamedPipe 8A311158 Device \FileSystem\Msfs \Device\Mailslot 8A22DC28 Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 8A3A5818 Device \Driver\d347prt \Device\Scsi\d347prt1 8A3A5818 Device \FileSystem\Fs_Rec \FileSystem\ExFatRecognizer 894F4798 Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 894F4798 Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 894F4798 Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 894F4798 Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 894F4798 Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 894F4798 Device \FileSystem\Cdfs \Cdfs 89497030 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40 ---- EOF - GMER 1.0.15 ----