GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-01-19 21:39:53 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST980811AS rev.3.ALC 74.53GB Running: qq4t9qv0.exe; Driver: C:\DOCUME~1\niski\USTAWI~1\Temp\awlcrkoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1420] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003DA7DC C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1420] USER32.dll!DefWindowProcA + 11A 7E37C298 7 Bytes JMP 1126BEC0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1420] USER32.dll!SetWindowLongA + 19 7E37C2B6 7 Bytes JMP 1126BF95 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1420] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 1126E0C5 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1420] USER32.dll!GetMenuContextHelpId + 1A 7E3B5319 7 Bytes JMP 1126C82F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3432] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 014AFF71 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3432] ntdll.dll!NtFlushBuffersFile 7C90D32E 5 Bytes JMP 014AFCB1 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3432] ntdll.dll!NtQueryFullAttributesFile 7C90D7AE 5 Bytes JMP 014AFE64 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3432] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 014AFCEB C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3432] ntdll.dll!NtReadFileScatter 7C90D9DE 5 Bytes JMP 0183F233 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3432] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 014B0115 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3432] ntdll.dll!NtWriteFileGather 7C90DF8E 5 Bytes JMP 0183F283 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3432] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1000A7DC C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3432] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 018292B8 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3432] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 018288D7 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3432] kernel32.dll!ValidateLocale + B648 7C844EE0 7 Bytes JMP 0159C918 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3432] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 3 Bytes JMP 01828258 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3432] GDI32.dll!SetDIBitsToDevice + 20E 77F19E18 3 Bytes [89, EB, F9] {MOV EBX, EBP; STC } .text C:\Program Files\Mozilla Firefox\firefox.exe[3432] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 022EAB31 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3432] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 096B2380 C:\Documents and Settings\niski\Ustawienia lokalne\Dane aplikacji\EnsamplesPathogen\ClumpySeculars.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3432] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 096A8260 C:\Documents and Settings\niski\Ustawienia lokalne\Dane aplikacji\EnsamplesPathogen\ClumpySeculars.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3432] WS2_32.dll!socket 71A54211 5 Bytes JMP 096A6660 C:\Documents and Settings\niski\Ustawienia lokalne\Dane aplikacji\EnsamplesPathogen\ClumpySeculars.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3432] WS2_32.dll!connect 71A54A07 5 Bytes JMP 096A85C0 C:\Documents and Settings\niski\Ustawienia lokalne\Dane aplikacji\EnsamplesPathogen\ClumpySeculars.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3432] WS2_32.dll!send 71A54C27 5 Bytes JMP 096A2040 C:\Documents and Settings\niski\Ustawienia lokalne\Dane aplikacji\EnsamplesPathogen\ClumpySeculars.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3432] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 096AE7F0 C:\Documents and Settings\niski\Ustawienia lokalne\Dane aplikacji\EnsamplesPathogen\ClumpySeculars.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3432] WS2_32.dll!recv 71A5676F 5 Bytes JMP 096AB970 C:\Documents and Settings\niski\Ustawienia lokalne\Dane aplikacji\EnsamplesPathogen\ClumpySeculars.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3432] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 096AC440 C:\Documents and Settings\niski\Ustawienia lokalne\Dane aplikacji\EnsamplesPathogen\ClumpySeculars.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3432] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 096A83F0 C:\Documents and Settings\niski\Ustawienia lokalne\Dane aplikacji\EnsamplesPathogen\ClumpySeculars.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3432] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 096B14B0 C:\Documents and Settings\niski\Ustawienia lokalne\Dane aplikacji\EnsamplesPathogen\ClumpySeculars.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys ---- EOF - GMER 2.1 ----