GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-01-31 12:19:12 Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Scsi\ahcix861Port0Path0Target0Lun0 Seagate rev.0002SDM1 298,09GB Running: 5hs4l7hm.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\fgriauod.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB6E9F000, 0x1CBE86, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text D:\Programy\Mozilla\firefox.exe[288] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01869AE0 D:\Programy\Mozilla\xul.dll .text D:\Programy\Mozilla\firefox.exe[288] ntdll.dll!NtFlushBuffersFile 7C90D32E 5 Bytes JMP 0184C434 D:\Programy\Mozilla\xul.dll .text D:\Programy\Mozilla\firefox.exe[288] ntdll.dll!NtQueryFullAttributesFile 7C90D7AE 5 Bytes JMP 0184C150 D:\Programy\Mozilla\xul.dll .text D:\Programy\Mozilla\firefox.exe[288] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 0184C330 D:\Programy\Mozilla\xul.dll .text D:\Programy\Mozilla\firefox.exe[288] ntdll.dll!NtReadFileScatter 7C90D9DE 5 Bytes JMP 0226F60F D:\Programy\Mozilla\xul.dll .text D:\Programy\Mozilla\firefox.exe[288] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 0186A9F0 D:\Programy\Mozilla\xul.dll .text D:\Programy\Mozilla\firefox.exe[288] ntdll.dll!NtWriteFileGather 7C90DF8E 5 Bytes JMP 0226F5BE D:\Programy\Mozilla\xul.dll .text D:\Programy\Mozilla\firefox.exe[288] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10001F42 D:\Programy\Mozilla\mozglue.dll .text D:\Programy\Mozilla\firefox.exe[288] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 02194AC3 D:\Programy\Mozilla\xul.dll .text D:\Programy\Mozilla\firefox.exe[288] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 2 Bytes JMP 02194AA0 D:\Programy\Mozilla\xul.dll .text D:\Programy\Mozilla\firefox.exe[288] kernel32.dll!MapViewOfFileEx + 6D 7C80B9A3 4 Bytes [98, 85, EB, F9] {CWDE ; TEST EBX, EBP; STC } .text D:\Programy\Mozilla\firefox.exe[288] kernel32.dll!ValidateLocale + B648 7C844EE0 7 Bytes JMP 018663D0 D:\Programy\Mozilla\xul.dll .text D:\Programy\Mozilla\firefox.exe[288] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 02194A21 D:\Programy\Mozilla\xul.dll .text D:\Programy\Mozilla\firefox.exe[288] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 0208B991 D:\Programy\Mozilla\xul.dll ÒuÛŠëÔÿÿÿÿwinlogonentry point in "ÒuÛŠëÔÿÿÿÿwinlogonentry point in "" section [0x0042F4C0] C:\Documents and Settings\Admin\Local Settings\Application Data\winlogon.exe[536] C:\Documents and Settings\Admin\Local Settings\Application Data\winlogon.exe entry point in "ÒuÛŠëÔÿÿÿÿwinlogonentry point in "" section [0x0042F4C0] ÒuÛŠëÔÿÿÿÿwinlogonunknown last code section [0x00425000, 0x19000, 0xC00000E0] C:\Documents and Settings\Admin\Local Settings\Application Data\winlogon.exe[536] C:\Documents and Settings\Admin\Local Settings\Application Data\winlogon.exe unknown last code section [0x00425000, 0x19000, 0xC00000E0] ÒuÛŠëÔÿÿÿÿservicesentry point in "ÒuÛŠëÔÿÿÿÿservicesentry point in "" section [0x0042F4C0] C:\Documents and Settings\Admin\Local Settings\Application Data\services.exe[1316] C:\Documents and Settings\Admin\Local Settings\Application Data\services.exe entry point in "ÒuÛŠëÔÿÿÿÿservicesentry point in "" section [0x0042F4C0] ÒuÛŠëÔÿÿÿÿservicesunknown last code section [0x00425000, 0x19000, 0xC00000E0] C:\Documents and Settings\Admin\Local Settings\Application Data\services.exe[1316] C:\Documents and Settings\Admin\Local Settings\Application Data\services.exe unknown last code section [0x00425000, 0x19000, 0xC00000E0] ---- Files - GMER 2.1 ---- File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\18D931BAD812D3DB15EF1DC6E62921278DE956B3 0 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\F15589E9D7BDC4CDB23347DAB9D5C65D3EA815E2 0 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\C0DB0F5762FC09568F649F53B610CC439E31DF42 900 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\D19C2CC040DF5EA0C8CCAAEF6B56A51F8EEAB751 714 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\9015667A410EAD1AEE7761202ECCFCD2F9EE6255 37555 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\0C621228BD8154AC7BABB7402C72B5CFAEED9E7A 3101 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\154D875CF288B79E9E4535ECFD7FF8766B57F24D 3880 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\9D48F092F78088629661D72B623928C675B5E698 3087 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\E85BB07464182E7EF16A80C197B9663963D130CE 3527 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\EAD0989E26F20FBB95FEC11BD00685BACE79A6FC 3080 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\45BF61486707C61D424B857742868A2D0C9B2CFF 900 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\32B545F4321DDBA11F258BAAF842BAC4B60D37A1 3720 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\1EE7D2CB83223962BD5B9293C8F47EF5E46CDF4D 34911 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\F881871ABB6BE3281C45B2C569A04F586C135228 4154 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\3D5487174195F07A8751D3D7C20CCA4BA4A88DCF 88411 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\645F8B5900BA70D4146F6161EEC1C2EC8992D689 4618 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\DCE38CBB9A505B86FFE8C8252F997772DCAE66E5 3368 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\B3064ED4D797C566C7FF6C4FACE22A13FABF4A98 3627 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\478E03C159A35354B8C46FD53BDC67AC9BF7A247 3804 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\8E531596AC03C9A02F8A577242D2915E8D74C78F 3589 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\4BDD5C51024CEED6013A6A1EB94E49A1E3219C68 3099 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\6E3F0C120F48A096D7ED01B80694E1941546DC21 6356 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\A2EBB5AD435A0CE365CA5CF74540F4848D333415 3112 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\22C57F6D2219FA50ED71069346C8DD3E21EAC661 11529 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\30FE5E4EF22B9511327C1F793DE5EAB113BAF619 3513 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\9A3FD292520B758473C094D2D97B42C11A35312F 272729 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\4D18E18DA604F4F885AB06A5F29D366F1CF1FD6D 900 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\A52757453A45F9956F7170EE0F4DD9B80BF39C93 258467 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\83CA7980419B57D8B47DB40360EDD062E9161DDE 3097 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\EFE84BF6E853E16A42A5F778E4C87EA49E86408A 900 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\B8DC6E877244131849697E7ACAA547906F834BEF 3445 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\858F7346B4EDC3D345F45490F1E4865AF9DB00D6 900 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\75E4F9120D364DED4B628E79975E782DB840289A 4305 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\902F1430DCCAA0E33D4B6B81048FCBF39DA7CC62 4276 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\3C97FFBA0479750C262EA7A8D47C03F0420F65A2 12642 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\2EFB1E9807B2B790146EE6177F74D2BF1209B7D5 69877 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\8D62B6E0F2D5ED14BC449DD94C62A6DACD720FB1 101959 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\81A303E6D067BB7431C6DC8A0946B019200EE75C 3554 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\4EF8563FE089741119D116A03528955D8AA37902 1709 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\BB99115B25CD74A294A96814B01F7276FB4FCD72 900 bytes File C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciwwcsrg.default-1409050617281\cache2\entries\7FC9BC46BF83505A2B9CE5E6B269D7A3870C2199 900 bytes ---- EOF - GMER 2.1 ----