GMER 1.0.15.15507 - http://www.gmer.net Rootkit scan 2010-11-06 10:19:36 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-18 SAMSUNG_SV0411N UA100-08 Running: jv817ery.exe; Driver: C:\DOCUME~1\Adam\USTAWI~1\Temp\pxtdapow.sys ---- System - GMER 1.0.15 ---- SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwClose [0xF766D028] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwCreateKey [0xF766CFE0] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwCreatePagingFile [0xF7660B00] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xF76615DC] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xF766D120] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwOpenFile [0xF7660B40] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwOpenKey [0xF766CFA4] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwQueryKey [0xF76615FC] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwQueryValueKey [0xF766D076] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwSetSystemPowerState [0xF766C550] ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!_abnormal_termination + 410 804E2A6C 2 Bytes [50, C5] .text ntoskrnl.exe!_abnormal_termination + 413 804E2A6F 1 Byte [F7] .text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF707E360, 0x2456AE, 0xE8000020] ? C:\WINDOWS\system32\Drivers\RKREVEAL150.SYS Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[332] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[924] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 10405CF5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 82B84B70 Device \FileSystem\Fastfat \FatCdrom 829B8450 Device \Driver\Cdrom \Device\CdRom0 8298B4C8 Device \FileSystem\Rdbss \Device\FsWrap 829B16E0 Device \Driver\atapi \Device\Ide\IdePort0 82988918 Device \Driver\atapi \Device\Ide\IdePort1 82988918 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 82988918 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 82988918 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 82988918 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 82988918 Device \Driver\Cdrom \Device\CdRom1 8298B4C8 Device \FileSystem\Srv \Device\LanmanServer 82716F30 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 829B1B30 Device \FileSystem\MRxSmb \Device\LanmanRedirector 829B1B30 Device \FileSystem\Npfs \Device\NamedPipe 829A96D0 Device \FileSystem\Msfs \Device\Mailslot 829A7CE0 Device \FileSystem\Fastfat \Fat 829B8450 Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 829A6BE8 Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 829A6BE8 Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 829A6BE8 Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 829A6BE8 Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 829A6BE8 Device \FileSystem\Cdfs \Cdfs 826CED98 ---- Modules - GMER 1.0.15 ---- Module _________ F75C2000-F75DA000 (98304 bytes) ---- Threads - GMER 1.0.15 ---- Thread System [4:736] B89D8310 Thread System [4:1628] B89D8310 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40@ujdew 0x20 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40@ljej40 0xEE 0xF2 0x9F 0x56 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}@DisplayName Alcohol 120% (Trial Version) Reg HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6@ProductName Alcohol 120% (Trial Version) ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 62: copy of MBR ---- EOF - GMER 1.0.15 ----