GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-03-28 20:02:11 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 FUJITSU_MHV2060AT_PL rev.008300A1 55,89GB Running: 1in31wz5.exe; Driver: C:\DOCUME~1\Marek\USTAWI~1\Temp\awrdypod.sys ---- Kernel code sections - GMER 2.1 ---- .xreloc C:\WINDOWS\system32\drivers\sfsync04.sys unknown last section [0xF834E000, 0xC0A, 0x40000040] ? System nie może odnaleźć określonej ścieżki. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[3940] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 018DA210 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3940] ntdll.dll!NtFlushBuffersFile 7C90D32E 5 Bytes JMP 018BEB90 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3940] ntdll.dll!NtQueryFullAttributesFile 7C90D7AE 5 Bytes JMP 018D9C70 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3940] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 018BEC80 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3940] ntdll.dll!NtReadFileScatter 7C90D9DE 5 Bytes JMP 021D4CE1 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3940] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 018DACB0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3940] ntdll.dll!NtWriteFileGather 7C90DF8E 5 Bytes JMP 021D4C90 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3940] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10001F42 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3940] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 02141D0E C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3940] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 02141CEB C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3940] kernel32.dll!ValidateLocale + B648 7C844EE0 7 Bytes JMP 018D6A9C C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3940] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 02141C6C C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3940] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 020478E5 C:\Program Files\Mozilla Firefox\xul.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 82BED1AC AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys Device \Driver\Cdrom \Device\CdRom0 828888D0 Device \FileSystem\Rdbss \Device\FsWrap 827BD364 Device \Driver\Cdrom \Device\CdRom1 828888D0 Device \Driver\atapi \Device\Ide\IdePort0 8288EB38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 8288EB38 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 8288EB38 Device \Driver\Cdrom \Device\CdRom2 828888D0 Device \FileSystem\Srv \Device\LanmanServer 828ABCF4 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 828878DC Device \FileSystem\MRxSmb \Device\LanmanRedirector 828878DC Device \FileSystem\Npfs \Device\NamedPipe 827CFD04 Device \FileSystem\Msfs \Device\Mailslot 82884A4C Device \Driver\d343port \Device\Scsi\d343port1 827CFBB0 Device \Driver\d343port \Device\Scsi\d343port1Port1Path0Target1Lun0 827CFBB0 Device \Driver\d343port \Device\Scsi\d343port1Port1Path0Target0Lun0 827CFBB0 Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 827BB434 Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 827BB434 Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 827BB434 Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 827BB434 Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 827BB434 Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys Device \FileSystem\Cdfs \Cdfs 82A06F44 Device \FileSystem\Cdfs \Cdfs tfsnifs.sys ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8288eb38]<< 8288eb38 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82b4d6f0] 82b4d6f0 Trace 3 CLASSPNP.SYS[f8512fd7] -> nt!IofCallDriver -> \Device\00000088[0x82b28450] 82b28450 Trace 5 ACPI.sys[f8366620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82aae030] 82aae030 Trace \Driver\atapi[0x82b28d20] -> IRP_MJ_CREATE -> 0x8288eb38 8288eb38 ---- Modules - GMER 2.1 ---- Module _________ (FILE NOT FOUND) F82E8000-F8300000 (98304 bytes) ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----