GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2016-01-20 21:23:12
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320613AS rev.SD22 298,09GB
Running: 5lp3u53f.exe; Driver: C:\Users\Marcin\AppData\Local\Temp\awrdrpoc.sys


---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwReplaceKey + 1525                                                                                            82E43B75 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                      82E7DC12 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?               c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{91043B00-5F7F-4AC2-91A1-2A827C453E63}\MpKsl0e408ce7.sys  System nie może odnaleźć określonej ścieżki. !

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\Mozilla Firefox\firefox.exe[2964] ntdll.dll!NtCreateFile                                                   774D56B0 5 Bytes  JMP 6056FF71 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2964] ntdll.dll!NtFlushBuffersFile                                             774D5A40 5 Bytes  JMP 6056FCB1 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2964] ntdll.dll!NtQueryFullAttributesFile                                      774D60D0 5 Bytes  JMP 6056FE64 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2964] ntdll.dll!NtReadFile                                                     774D63A0 5 Bytes  JMP 6056FCEB C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2964] ntdll.dll!NtReadFileScatter                                              774D63B0 5 Bytes  JMP 608FF233 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2964] ntdll.dll!NtWriteFile                                                    774D6B50 5 Bytes  JMP 60570115 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2964] ntdll.dll!NtWriteFileGather                                              774D6B60 5 Bytes  JMP 608FF283 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2964] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D                            75B1952E 7 Bytes  JMP 608E88D7 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2964] kernel32.dll!QueryPerformanceCounter + 13                                75B1C535 7 Bytes  JMP 608E92B8 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2964] kernel32.dll!LoadAppInitDlls + 355                                       75B1F5F6 7 Bytes  JMP 6065C918 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2964] USER32.dll!GetWindowInfo                                                 76304B66 5 Bytes  JMP 613AAB31 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2964] GDI32.dll!GetViewportOrgEx + 26C                                         75FF87DB 7 Bytes  JMP 608E8258 C:\Program Files\Mozilla Firefox\xul.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                    fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active                                          
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@5B131E4A                                 607

---- EOF - GMER 2.1 ----