GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-03-19 10:59:18 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD2500BEVS-22UST0 rev.01.01A01 Running: ng195g65.exe; Driver: C:\DOCUME~1\Dariusz\USTAWI~1\Temp\pwtdqpoc.sys ---- System - GMER 1.0.15 ---- SSDT ABCFD0CE ZwCreateKey SSDT ABCFD0C4 ZwCreateThread SSDT ABCFD0D3 ZwDeleteKey SSDT ABCFD0DD ZwDeleteValueKey SSDT ABCFD0E2 ZwLoadKey SSDT ABCFD0B0 ZwOpenProcess SSDT ABCFD0B5 ZwOpenThread SSDT ABCFD0EC ZwReplaceKey SSDT ABCFD0E7 ZwRestoreKey SSDT ABCFD0D8 ZwSetValueKey ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[3024] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 89CCE27F Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 89CCE27F Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 89CCE27F Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 89CCE27F Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP2T0L0-12 89CCE27F AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD2500BEVS-22UST0___________________01.01A01#5&f975f34&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior; Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; ---- EOF - GMER 1.0.15 ----