GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2016-03-10 22:17:00
Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-1b WDC_WD1600JB-32EVA0 rev.15.05R15 149,05GB
Running: l3uk0s91.exe; Driver: G:\DOCUME~1\Pc\USTAWI~1\Temp\awliqpod.sys


---- Kernel code sections - GMER 2.1 ----

.text           G:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                                          section is writeable [0xB7087000, 0x235F87, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text           G:\Program Files\Mozilla Firefox\plugin-container.exe[488] ntdll.dll!LdrLoadDll                   7C91632D 5 Bytes  JMP 003DA784 G:\Program Files\Mozilla Firefox\mozglue.dll
.text           G:\Program Files\Mozilla Firefox\plugin-container.exe[488] USER32.dll!DefWindowProcA + 11A        7E37C298 7 Bytes  JMP 112BF0B9 G:\Program Files\Mozilla Firefox\xul.dll
.text           G:\Program Files\Mozilla Firefox\plugin-container.exe[488] USER32.dll!SetWindowLongA + 19         7E37C2B6 7 Bytes  JMP 112BF18E G:\Program Files\Mozilla Firefox\xul.dll
.text           G:\Program Files\Mozilla Firefox\plugin-container.exe[488] USER32.dll!GetWindowInfo               7E37C49C 5 Bytes  JMP 112C1162 G:\Program Files\Mozilla Firefox\xul.dll
.text           G:\Program Files\Mozilla Firefox\plugin-container.exe[488] USER32.dll!CreateWindowExW             7E37D0A3 5 Bytes  JMP 106332C7 G:\Program Files\Mozilla Firefox\xul.dll
.text           G:\Program Files\Mozilla Firefox\plugin-container.exe[488] USER32.dll!CreateWindowExA             7E37E4A9 5 Bytes  JMP 109CB40F G:\Program Files\Mozilla Firefox\xul.dll
.text           G:\Program Files\Mozilla Firefox\plugin-container.exe[488] USER32.dll!GetMenuContextHelpId + 1A   7E3B5319 7 Bytes  JMP 112BF883 G:\Program Files\Mozilla Firefox\xul.dll
.text           G:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2684] USER32.dll!DefWindowProcA + 11A     7E37C298 7 Bytes  JMP 1003B780 G:\Program Files\Sony\Sony PC Companion\NewUI.dll
.text           G:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2684] USER32.dll!SetWindowRgn + 2BD       7E37E7E5 7 Bytes  JMP 1003B3D0 G:\Program Files\Sony\Sony PC Companion\NewUI.dll
.text           G:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2684] USER32.dll!SetClipboardData + 19D   7E38113B 7 Bytes  JMP 1003B340 G:\Program Files\Sony\Sony PC Companion\NewUI.dll
.text           G:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2684] USER32.dll!MessageBoxA + 49         7E3A0833 7 Bytes  JMP 1003B680 G:\Program Files\Sony\Sony PC Companion\NewUI.dll
.text           G:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2684] USER32.dll!MessageBoxExW + 1F       7E3A0857 7 Bytes  JMP 1003B570 G:\Program Files\Sony\Sony PC Companion\NewUI.dll
.text           G:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2684] USER32.dll!MessageBoxTimeoutA + CA  7E3B64D0 7 Bytes  JMP 1003B6D0 G:\Program Files\Sony\Sony PC Companion\NewUI.dll
.text           G:\Program Files\Mozilla Firefox\firefox.exe[3788] ntdll.dll!LdrLoadDll                           7C91632D 5 Bytes  JMP 1000A784 G:\Program Files\Mozilla Firefox\mozglue.dll
.text           G:\Program Files\Mozilla Firefox\firefox.exe[3788] kernel32.dll!lstrlenW + 43                     7C809AEC 7 Bytes  JMP 01835ABC G:\Program Files\Mozilla Firefox\xul.dll
.text           G:\Program Files\Mozilla Firefox\firefox.exe[3788] kernel32.dll!MapViewOfFileEx + 6A              7C80B9A0 7 Bytes  JMP 018350C2 G:\Program Files\Mozilla Firefox\xul.dll
.text           G:\Program Files\Mozilla Firefox\firefox.exe[3788] kernel32.dll!ValidateLocale + B648             7C844EE0 7 Bytes  JMP 015A5747 G:\Program Files\Mozilla Firefox\xul.dll
.text           G:\Program Files\Mozilla Firefox\firefox.exe[3788] GDI32.dll!SetDIBitsToDevice + 20A              77F19E14 7 Bytes  JMP 018349EB G:\Program Files\Mozilla Firefox\xul.dll
.text           G:\Program Files\Mozilla Firefox\firefox.exe[3788] USER32.dll!GetWindowInfo                       7E37C49C 5 Bytes  JMP 02343F44 G:\Program Files\Mozilla Firefox\xul.dll
.text           G:\Program Files\Mozilla Firefox\firefox.exe[3788] USER32.dll!CreateWindowExW                     7E37D0A3 5 Bytes  JMP 015832C7 G:\Program Files\Mozilla Firefox\xul.dll
.text           G:\Program Files\Mozilla Firefox\firefox.exe[3788] USER32.dll!CreateWindowExA                     7E37E4A9 5 Bytes  JMP 0191B40F G:\Program Files\Mozilla Firefox\xul.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\Fastfat \Fat                                                                          fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\pdf@a                G:\ASTRONOMIA\CelestialWonders-2015.pdf
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\pdf@MRUList          jighcfedba
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList@MRUList        baced

---- EOF - GMER 2.1 ----