GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-10-12 19:29:49 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\0000006f ST932032 rev.0303 298,09GB Running: gtd35n2v.exe; Driver: C:\Users\OLAKOS~1\AppData\Local\Temp\uwriipoc.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82C82A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CBC212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1708] kernel32.dll!SetUnhandledExceptionFilter 75AAF4EB 4 Bytes [C2, 04, 00, 00] .text C:\Users\Ola Koszyk\AppData\Local\GG\Application\ggapp.exe[3564] ntdll.dll!LdrGetProcedureAddress + 26 771922A9 7 Bytes JMP 6943E9A9 C:\Users\Ola Koszyk\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\Ola Koszyk\AppData\Local\GG\Application\ggapp.exe[3564] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 75AA941E 7 Bytes JMP 69EB0DDD C:\Users\Ola Koszyk\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\Ola Koszyk\AppData\Local\GG\Application\ggapp.exe[3564] kernel32.dll!QueryPerformanceCounter + 13 75AAC425 7 Bytes JMP 69EB0D95 C:\Users\Ola Koszyk\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\Ola Koszyk\AppData\Local\GG\Application\ggapp.exe[3564] kernel32.dll!LoadAppInitDlls + 355 75AAF4E6 7 Bytes JMP 69443D66 C:\Users\Ola Koszyk\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\Ola Koszyk\AppData\Local\GG\Application\ggapp.exe[3564] GDI32.dll!GetViewportOrgEx + 26C 75B4884B 7 Bytes JMP 69EB0E04 C:\Users\Ola Koszyk\AppData\Local\GG\Application\xulrunner\xul.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[2384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [730324CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7301562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [730156EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73032546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [730285AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73024D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73025105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [730251DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73026707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73028301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73028850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [730290B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7302E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73024C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 NBVol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 NBVolUp.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 NBVol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 NBVolUp.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 NBVol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 NBVolUp.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 NBVol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 NBVolUp.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 NBVol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 NBVolUp.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat eamon.sys ---- EOF - GMER 2.1 ----