GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-27 02:04:17 Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1 465,76GB Running: 5l00bw4d.exe; Driver: C:\Users\NOWAK-LP\AppData\Local\Temp\ugliikow.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E810000, 0x2C7FC2, 0xE8000020] ? C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A39BF855-FF62-47C3-9664-1696E5D26819}\MpKsleeea4502.sys System nie może odnaleźć określonej ścieżki. ! ? C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A39BF855-FF62-47C3-9664-1696E5D26819}\MpKslee3c09ff.sys System nie może odnaleźć określonej ścieżki. ! ? C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A39BF855-FF62-47C3-9664-1696E5D26819}\MpKsl4a29a79b.sys System nie może odnaleźć określonej ścieżki. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[4768] ntdll.dll!LdrLoadDll 778879B3 5 Bytes JMP 6FDB1F42 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4768] ntdll.dll!NtCreateFile 778B7C78 5 Bytes JMP 5A279AE0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4768] ntdll.dll!NtFlushBuffersFile 778B8178 5 Bytes JMP 5A25C434 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4768] ntdll.dll!NtQueryFullAttributesFile 778B86A8 5 Bytes JMP 5A25C150 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4768] ntdll.dll!NtReadFile 778B88D8 5 Bytes JMP 5A25C330 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4768] ntdll.dll!NtReadFileScatter 778B88E8 5 Bytes JMP 5AC7F60F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4768] ntdll.dll!NtWriteFile 778B8EE8 5 Bytes JMP 5A27A9F0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4768] ntdll.dll!NtWriteFileGather 778B8EF8 5 Bytes JMP 5AC7F5BE C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4768] kernel32.dll!HeapSetInformation + 26 76216E28 7 Bytes JMP 5A2763D0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4768] kernel32.dll!LockResource + C 76237F2B 7 Bytes JMP 5ABA4AA0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4768] kernel32.dll!VirtualAllocEx + 54 7623B86A 7 Bytes JMP 5ABA4AC3 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4768] USER32.dll!GetWindowInfo 767B0560 5 Bytes JMP 5AA9B991 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4768] GDI32.dll!StretchDIBits + 179 764B75BB 7 Bytes JMP 5ABA4A21 C:\Program Files\Mozilla Firefox\xul.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys AttachedDevice \Driver\tdx \Device\Tcp {dcd044e6-adb7-46c3-8ece-3d3a0a33bf3a}Gt.sys AttachedDevice \Driver\tdx \Device\Tcp iSafeNetFilter.sys AttachedDevice \Driver\tdx \Device\Tcp SbFw.sys Device \Driver\BTHUSB \Device\00000078 bthport.sys AttachedDevice \Driver\tdx \Device\Udp {dcd044e6-adb7-46c3-8ece-3d3a0a33bf3a}Gt.sys AttachedDevice \Driver\tdx \Device\Udp iSafeNetFilter.sys AttachedDevice \Driver\tdx \Device\Udp SbFw.sys AttachedDevice \Driver\tdx \Device\RawIp SbFw.sys Device \Driver\BTHUSB \Device\0000007a bthport.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Processes - GMER 2.1 ---- Process (*** hidden *** ) [4] 84640D90 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet003\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\BD3B718A-0680-4D9D-8AB2-E1D2B4AC806D\DefaultPowerSchemeValues\a1841308-3541-4fab-bc91-f71556f20b4a@ACSettingIndex 1 Reg HKLM\SYSTEM\ControlSet003\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\BD3B718A-0680-4D9D-8AB2-E1D2B4AC806D\DefaultPowerSchemeValues\a1841308-3541-4fab-bc91-f71556f20b4a@DCSettingIndex 1 Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00242cf91c0c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00242cf92ec8 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00242cf93306 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00265eb03406 (not active ControlSet) ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----