GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-07-07 22:49:03 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541612J9SA00 rev.SBDOC70P Running: uqgt82df.exe; Driver: C:\DOCUME~1\MJ\USTAWI~1\Temp\kwniafoc.sys ---- System - GMER 1.0.15 ---- SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwClose [0xF7829028] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwCreateKey [0xF7828FE0] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwCreatePagingFile [0xF781CB00] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xF781D5DC] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xF7829120] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwOpenFile [0xF781CB40] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwOpenKey [0xF7828FA4] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwQueryKey [0xF781D5FC] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwQueryValueKey [0xF7829076] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwSetSystemPowerState [0xF7828550] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\plugin-container.exe[544] USER32.dll!SetWindowLongA 77D3DED3 5 Bytes JMP 1066003B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[544] USER32.dll!SetWindowLongW 77D3DEF1 5 Bytes JMP 1065FFCA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[544] USER32.dll!GetWindowInfo 77D3F122 5 Bytes JMP 1043AEF3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[544] USER32.dll!TrackPopupMenu 77D84F16 5 Bytes JMP 1043B50D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1552] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 011AFA35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1552] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 014507C5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1552] kernel32.dll!MapViewOfFile 7C80B915 5 Bytes JMP 0145079E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1552] GDI32.dll!CreateDIBSection 77F19AA1 5 Bytes JMP 01450728 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8737A260 Device \FileSystem\Fastfat \FatCdrom 868D5FB0 AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI Redirect Driver/AVAST Software) Device \Driver\Cdrom \Device\CdRom0 872BEC40 Device \FileSystem\Rdbss \Device\FsWrap 86932420 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 872BF370 Device \Driver\atapi \Device\Ide\IdePort0 872BF370 Device \Driver\atapi \Device\Ide\IdePort1 872BF370 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 872BF370 Device \Driver\Cdrom \Device\CdRom1 872BEC40 Device \FileSystem\Srv \Device\LanmanServer 867A3830 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86A3D4F0 Device \FileSystem\MRxSmb \Device\LanmanRedirector 86A3D4F0 Device \FileSystem\Npfs \Device\NamedPipe 86933B80 Device \FileSystem\Msfs \Device\Mailslot 86933E40 Device \Driver\a347scsi \Device\Scsi\a347scsi1 871CC0D8 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 871CC0D8 Device \FileSystem\Fastfat \Fat 868D5FB0 Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 86A37A08 Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 86A37A08 Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 86A37A08 Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 86A37A08 Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 86A37A08 Device \FileSystem\Cdfs \Cdfs 868A1748 ---- Modules - GMER 1.0.15 ---- Module _________ F7760000-F7778000 (98304 bytes) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40@ujdew 0x20 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40@ljej40 0x31 0xFA 0xBA 0xFD ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}@DisplayName Alcohol 120% (Trial Version) Reg HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6@ProductName Alcohol 120% (Trial Version) ---- EOF - GMER 1.0.15 ----