GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-10-07 19:18:18 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD3200AAJB-00J3A0 rev.01.03E01 298,09GB Running: oyx5m5v8.exe; Driver: C:\DOCUME~1\LEWAND~1\USTAWI~1\Temp\ugryrfod.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwClose [0xF6CEC4F4] SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwCreateKey [0xF6CEC414] SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwDeleteValueKey [0xF6CEC88E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwDuplicateObject [0xF6CEBFEC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwOpenKey [0xF6CEC48A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwOpenProcess [0xF6CEBF2C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwOpenThread [0xF6CEBF90] SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwQueryValueKey [0xF6CEC5AA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwRestoreKey [0xF6CEC56A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwSetValueKey [0xF6CEC6EA] ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!_abnormal_termination + 428 804E2A84 4 Bytes JMP B3F6CEC6 ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[804] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10001FD9 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[804] kernel32.dll!lstrlenW + 43 7C809ADC 7 Bytes JMP 022F4104 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[804] kernel32.dll!MapViewOfFileEx + 6A 7C80B990 7 Bytes JMP 022F40E1 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[804] kernel32.dll!ValidateLocale + B1E8 7C8449F8 7 Bytes JMP 019C3255 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[804] GDI32.dll!SetDIBitsToDevice + 209 77F19E04 7 Bytes JMP 022F4062 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2104] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 104F2366 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2104] USER32.dll!GetMenuContextHelpId + 1A 7E3B5319 7 Bytes JMP 104EBD82 C:\Program Files\Mozilla Firefox\xul.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[660] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[660] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS AttachedDevice \Driver\Tcpip \Device\Ip {572f484b-455f-44b0-9d6a-da3ad2071365}t.sys AttachedDevice \Driver\Tcpip \Device\Tcp {572f484b-455f-44b0-9d6a-da3ad2071365}t.sys AttachedDevice \Driver\Tcpip \Device\Udp {572f484b-455f-44b0-9d6a-da3ad2071365}t.sys AttachedDevice \Driver\Tcpip \Device\RawIp {572f484b-455f-44b0-9d6a-da3ad2071365}t.sys ---- EOF - GMER 2.1 ----