GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-03-04 18:47:07 Windows 6.0.6001 Service Pack 1 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-5 SAMSUNG_HD103UJ rev.1AA01118 Running: 3hui73x5.exe; Driver: C:\Users\ALEKSA~1\AppData\Local\Temp\awddauob.sys ---- Kernel code sections - GMER 1.0.15 ---- .text C:\Windows\system32\DRIVERS\atipmdag.sys section is writeable [0x8F807000, 0x2D1F8A, 0xE8000020] .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x9FCD4300, 0x3AE88, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9FD8B300, 0x1B7E, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2208] USER32.dll!TrackPopupMenu 75B21417 3 Bytes JMP 673DC35B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2208] USER32.dll!TrackPopupMenu + 4 75B2141B 1 Byte [F1] {INT1 } .text C:\Program Files\Mozilla Firefox\firefox.exe[2728] ntdll.dll!LdrLoadDll 774879B3 5 Bytes JMP 009D13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2728] WS2_32.dll!select 776915F4 7 Bytes JMP 068B2F50 C:\Users\Aleksander\AppData\Roaming\Mozilla\Firefox\Profiles\3zpbu8lr.default\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}\platform\WINNT_x86-msvc\components\FFThrottle.dll (Bandwidth Utilization Throttling Plug-In for Firefox/UselessApplications.com) .text C:\Program Files\Mozilla Firefox\firefox.exe[2728] WS2_32.dll!recv 7769343A 5 Bytes JMP 068B3160 C:\Users\Aleksander\AppData\Roaming\Mozilla\Firefox\Profiles\3zpbu8lr.default\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}\platform\WINNT_x86-msvc\components\FFThrottle.dll (Bandwidth Utilization Throttling Plug-In for Firefox/UselessApplications.com) .text C:\Program Files\Mozilla Firefox\firefox.exe[2728] WS2_32.dll!getaddrinfo 7769418A 5 Bytes JMP 068B3AC0 C:\Users\Aleksander\AppData\Roaming\Mozilla\Firefox\Profiles\3zpbu8lr.default\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}\platform\WINNT_x86-msvc\components\FFThrottle.dll (Bandwidth Utilization Throttling Plug-In for Firefox/UselessApplications.com) .text C:\Program Files\Mozilla Firefox\firefox.exe[2728] WS2_32.dll!WSASend 77694496 5 Bytes JMP 068B3560 C:\Users\Aleksander\AppData\Roaming\Mozilla\Firefox\Profiles\3zpbu8lr.default\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}\platform\WINNT_x86-msvc\components\FFThrottle.dll (Bandwidth Utilization Throttling Plug-In for Firefox/UselessApplications.com) .text C:\Program Files\Mozilla Firefox\firefox.exe[2728] WS2_32.dll!send 7769659B 5 Bytes JMP 068B3460 C:\Users\Aleksander\AppData\Roaming\Mozilla\Firefox\Profiles\3zpbu8lr.default\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}\platform\WINNT_x86-msvc\components\FFThrottle.dll (Bandwidth Utilization Throttling Plug-In for Firefox/UselessApplications.com) .text C:\Program Files\Mozilla Firefox\firefox.exe[2728] WS2_32.dll!WSARecv 77698400 5 Bytes JMP 068B3290 C:\Users\Aleksander\AppData\Roaming\Mozilla\Firefox\Profiles\3zpbu8lr.default\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}\platform\WINNT_x86-msvc\components\FFThrottle.dll (Bandwidth Utilization Throttling Plug-In for Firefox/UselessApplications.com) .text C:\Program Files\Mozilla Firefox\firefox.exe[2728] WS2_32.dll!gethostbyname 776A62D4 5 Bytes JMP 068B39B0 C:\Users\Aleksander\AppData\Roaming\Mozilla\Firefox\Profiles\3zpbu8lr.default\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}\platform\WINNT_x86-msvc\components\FFThrottle.dll (Bandwidth Utilization Throttling Plug-In for Firefox/UselessApplications.com) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 VMkbd.sys Device \Driver\usbuhci \Device\USBPDO-0 hcmon.sys Device \Driver\usbuhci \Device\USBPDO-1 hcmon.sys Device \Driver\usbuhci \Device\USBPDO-2 hcmon.sys Device \Driver\usbehci \Device\USBPDO-3 hcmon.sys Device \Driver\usbuhci \Device\USBPDO-4 hcmon.sys Device \Driver\usbuhci \Device\USBPDO-5 hcmon.sys Device \Driver\usbuhci \Device\USBPDO-6 hcmon.sys Device \Driver\usbhub \Device\00000070 hcmon.sys Device \Driver\usbehci \Device\USBPDO-7 hcmon.sys Device \Driver\usbhub \Device\00000071 hcmon.sys Device \Driver\usbhub \Device\USBPDO-8 hcmon.sys Device \Driver\usbhub \Device\00000072 hcmon.sys Device \Driver\usbhub \Device\USBPDO-9 hcmon.sys Device \Driver\usbhub \Device\USBPDO-10 hcmon.sys Device \Driver\usbhub \Device\USBPDO-12 hcmon.sys Device \Driver\usbhub \Device\USBPDO-13 hcmon.sys Device \Driver\usbhub \Device\0000006b hcmon.sys Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys Device \Driver\usbhub \Device\0000006c hcmon.sys Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys Device \Driver\usbhub \Device\0000006d hcmon.sys Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys Device \Driver\usbhub \Device\0000006e hcmon.sys Device \Driver\usbehci \Device\USBFDO-3 hcmon.sys Device \Driver\usbhub \Device\0000007c hcmon.sys Device \Driver\usbhub \Device\0000006f hcmon.sys Device \Driver\usbuhci \Device\USBFDO-4 hcmon.sys Device \Driver\usbuhci \Device\USBFDO-5 hcmon.sys Device \Driver\usbuhci \Device\USBFDO-6 hcmon.sys Device \Driver\usbehci \Device\USBFDO-7 hcmon.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Mened?er filtrow systemu plikow firmy Microsoft/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4A 0x3D 0xC6 0x59 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x86 0x0A 0xF3 0xC8 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC5 0x87 0x92 0x0A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x48 0x0F 0xEC 0x8F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x86 0x0A 0xF3 0xC8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x94 0x4B 0x66 0x06 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x48 0x0F 0xEC 0x8F ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x86 0x0A 0xF3 0xC8 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x94 0x4B 0x66 0x06 ... ---- EOF - GMER 1.0.15 ----