GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-10-22 21:02:43 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 WDC_WD5000AADS-00S9B0 rev.01.00A01 465,76GB Running: s9u8d1dg.exe; Driver: C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\ufqyiaow.sys ---- System - GMER 2.1 ---- SSDT 89619630 ZwAssignProcessToJobObject SSDT 89618A60 ZwOpenProcess SSDT 89618E80 ZwOpenThread SSDT 89619460 ZwSuspendProcess SSDT 89619280 ZwSuspendThread SSDT 89618C90 ZwTerminateProcess SSDT 896190B0 ZwTerminateThread ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB6E93360, 0x3E57A5, 0xE8000020] ? System32\Drivers\SCDEmu.SYS System nie może odnaleźć określonej ścieżki. ! ? C:\WINDOWS\system32\drivers\fmomol.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[116] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 019DA210 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[116] ntdll.dll!NtFlushBuffersFile 7C90D32E 5 Bytes JMP 019BEB90 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[116] ntdll.dll!NtQueryFullAttributesFile 7C90D7AE 5 Bytes JMP 019D9C70 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[116] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 019BEC80 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[116] ntdll.dll!NtReadFileScatter 7C90D9DE 5 Bytes JMP 022D4CE1 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[116] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 019DACB0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[116] ntdll.dll!NtWriteFileGather 7C90DF8E 5 Bytes JMP 022D4C90 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[116] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10001F42 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[116] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 02241D0E C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[116] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 02241CEB C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[116] kernel32.dll!ValidateLocale + B648 7C844EE0 7 Bytes JMP 019D6A9C C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[116] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 02241C6C C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[116] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 021478E5 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3484] USER32.dll!DefWindowProcA + 11A 7E37C298 7 Bytes JMP 105432BE C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3484] USER32.dll!SetWindowLongA + 19 7E37C2B6 7 Bytes JMP 1054332F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3484] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 105470A8 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3484] USER32.dll!GetMenuContextHelpId + 1A 7E3B5319 7 Bytes JMP 105408F6 C:\Program Files\Mozilla Firefox\xul.dll ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys ---- Threads - GMER 2.1 ---- Thread System [4:912] 89617790 ---- Files - GMER 2.1 ---- File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\hu27q7da.default\cache2\entries\990A9ADD46A4DAB1C644A9B34D300902B4316C6C 14570 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\hu27q7da.default\cache2\entries\E4A4974E0ECE209B3558A20B193C7C9722B48CC3 3332 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\hu27q7da.default\cache2\entries\E0B18A7AB856E5354B6B01763C810A667E489F41 263 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\hu27q7da.default\cache2\entries\81FE7AF4AF3AA21DE9234766C2642D175FFAA50D 18389 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\hu27q7da.default\cache2\entries\DACC00DD8EC16CD381CEF834718D92FF7A20DC33 3492 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\hu27q7da.default\cache2\entries\76643E7C96D7EBB757463ED56F1A46B246178149 3929 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\hu27q7da.default\cache2\entries\4A64AE2CC7532FDD10F9666D53681D3E4188B039 25090 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\hu27q7da.default\cache2\entries\3773F230E8B935FED50991B808B0506046E73975 3433 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\hu27q7da.default\cache2\entries\275995EB93395E36987CA9F67AC38DD75E296158 4067 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\hu27q7da.default\cache2\entries\86694B322C6B6DEE7FA6E1D06C9475D576475684 3263 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\hu27q7da.default\cache2\entries\AE927221A4371C5297B1017A039633022EC8F200 19847 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\hu27q7da.default\cache2\entries\9BCBABBA9B4826F6F53F10BE16A717CA4E377210 262144 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\hu27q7da.default\cache2\entries\89751C06EE12D0797954D0634EC6E38E7BB1A5E3 17993 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\hu27q7da.default\cache2\entries\DFFFE8FF6B21F28121F54E2E75C601B6D6B5E4CD 3428 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\hu27q7da.default\cache2\entries\545F65C63444471F6DA892698D674330186BC21F 3949 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\hu27q7da.default\cache2\entries\1BC3BD1E43EB1882BF64A769B9C0B138EC16D180 3432 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\hu27q7da.default\cache2\entries\5F8558C2F32F633A7062026847D75EADB87FEB52 3830 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\hu27q7da.default\cache2\entries\D8D5986C69EB3D93174E731B1252AC08A38262C9 3673 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\hu27q7da.default\cache2\entries\E284BBD74E596EDC90AE9CE719BD67206424EB01 3342 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\hu27q7da.default\cache2\entries\98509D9B552DB5CB85FCF5FB9669CBAD1D6838DE 5776 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\hu27q7da.default\cache2\entries\2FCEFC1572DB15CBA253B4C4B17975D37625827C 17782 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\hu27q7da.default\cache2\entries\4CBFF0C74CADA9D0B203DF84A543FA6AA5972BA5 11574 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\hu27q7da.default\cache2\entries\44504809092F81264522AF35D45035FCCB4C7A11 29179 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\hu27q7da.default\cache2\entries\A7B12FC75FBD67A99A177C4DE4B7DB5F2DC8297D 576444 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\hu27q7da.default\cache2\entries\11740C19B8D55893508E13DFF2F77A0E02FC6360 3490 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\hu27q7da.default\cache2\entries\41EC552B6BF6BEFED3DA4682263B70BD75ADB5A4 7056 bytes ---- EOF - GMER 2.1 ----