GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-05 17:49:04
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST3160023AS rev.3.43
Running: 6keb4rg1.exe; Driver: C:\DOCUME~1\Jola\USTAWI~1\Temp\fgairpog.sys


---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Mozilla Firefox\firefox.exe[1736] ntdll.dll!LdrLoadDll                                                             7C91632D 5 Bytes  JMP 0126B750 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\WINDOWS\Explorer.EXE[1848] SHELL32.dll!StrStrW                                                                                   7C9CEE90 8 Bytes  [E0, 10, 60, 19, 00, 11, 60, ...] {LOOPNZ 0x12; PUSHA ; SBB [EAX], EAX; ADC [EAX+0x19], ESP}

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\WINDOWS\system32\winlogon.exe[912] @ C:\WINDOWS\system32\winlogon.exe [ntdll.dll!NtLockProductActivationKeys]                    [0500073E] C:\WINDOWS\system32\antiwpa.dll
IAT             C:\WINDOWS\system32\winlogon.exe[912] @ C:\WINDOWS\system32\winlogon.exe [USER32.dll!GetSystemMetrics]                              [05000756] C:\WINDOWS\system32\antiwpa.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                           idmtdi.sys (Internet Download Manager TDI Driver/Tonec Inc.)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                            fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SOFTWARE\Classes\CLSID\{3c7c9389-aa3c-412f-b5fe-a625f0ea787c}@Model                                                            344
Reg             HKLM\SOFTWARE\Classes\CLSID\{3c7c9389-aa3c-412f-b5fe-a625f0ea787c}@Therad                                                           1
Reg             HKLM\SOFTWARE\Classes\CLSID\{3c7c9389-aa3c-412f-b5fe-a625f0ea787c}@MData                                                            0x73 0xD5 0xCF 0xB8 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk                                                           0x81 0x9E 0x79 0xF5 ...
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4F1413C9-E539-D583-EBEE-87A172CAE4CC}                     
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4F1413C9-E539-D583-EBEE-87A172CAE4CC}@iaegconajigggfclap  0x6B 0x61 0x6E 0x69 ...
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4F1413C9-E539-D583-EBEE-87A172CAE4CC}@hagbhijidfkiepdg    0x6B 0x61 0x6E 0x69 ...
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4F1413C9-E539-D583-EBEE-87A172CAE4CC}@iaahjhngipacaedhba  0x63 0x61 0x64 0x6A ...

---- EOF - GMER 1.0.15 ----