GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-11-23 21:05:20 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 Crucial_CT256M550SSD1 rev.MU01 238,47GB Running: l1nxh9dn.exe; Driver: D:\Programy\System\Pawel\Temp\fwddypoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[3348] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect 000007feff4a4ed0 9 bytes JMP 000007fffc100148 .text C:\Program Files\Internet Explorer\iexplore.exe[3348] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW 000007fefc155c54 4 bytes JMP 000007fffc1000d8 .text C:\Program Files\Internet Explorer\iexplore.exe[3348] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW + 5 000007fefc155c59 2 bytes [CC, CC] .text C:\Program Files\Internet Explorer\iexplore.exe[3348] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet 000007fefc155c64 9 bytes JMP 000007fffc100110 .text C:\Program Files\Internet Explorer\iexplore.exe[3348] C:\Windows\system32\comdlg32.dll!PageSetupDlgW 000007fefdfc17a0 9 bytes JMP 000007fffc100180 .text C:\Program Files\Internet Explorer\iexplore.exe[3540] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefddc7490 11 bytes JMP 000007fffc1001b8 .text C:\Program Files\Internet Explorer\iexplore.exe[3540] C:\Windows\system32\ole32.dll!OleLoadFromStream 000007fefdef75f0 5 bytes JMP 000007fffc1001f0 .text C:\Program Files\Internet Explorer\iexplore.exe[3540] C:\Windows\system32\OLEAUT32.dll!VariantClear 000007feff441180 5 bytes JMP 000007fffc1002d0 .text C:\Program Files\Internet Explorer\iexplore.exe[3540] C:\Windows\system32\OLEAUT32.dll!SysFreeString 000007feff441320 7 bytes JMP 000007fffc100260 .text C:\Program Files\Internet Explorer\iexplore.exe[3540] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen 000007feff444450 6 bytes JMP 000007fffc100228 .text C:\Program Files\Internet Explorer\iexplore.exe[3540] C:\Windows\system32\OLEAUT32.dll!VariantChangeType 000007feff446720 10 bytes JMP 000007fffc100298 .text C:\Program Files\Internet Explorer\iexplore.exe[3540] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect 000007feff4a4ed0 9 bytes JMP 000007fffc100148 .text C:\Program Files\Internet Explorer\iexplore.exe[3540] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW 000007fefc155c54 4 bytes JMP 000007fffc1000d8 .text C:\Program Files\Internet Explorer\iexplore.exe[3540] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW + 5 000007fefc155c59 2 bytes [CC, CC] .text C:\Program Files\Internet Explorer\iexplore.exe[3540] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet 000007fefc155c64 9 bytes JMP 000007fffc100110 .text C:\Program Files\Internet Explorer\iexplore.exe[3540] C:\Windows\system32\comdlg32.dll!PageSetupDlgW 000007fefdfc17a0 9 bytes JMP 000007fffc100180 .text C:\Program Files\Internet Explorer\iexplore.exe[1960] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefddc7490 11 bytes JMP 000007fffc1001b8 .text C:\Program Files\Internet Explorer\iexplore.exe[1960] C:\Windows\system32\ole32.dll!OleLoadFromStream 000007fefdef75f0 5 bytes JMP 000007fffc1001f0 .text C:\Program Files\Internet Explorer\iexplore.exe[1960] C:\Windows\system32\OLEAUT32.dll!VariantClear 000007feff441180 5 bytes JMP 000007fffc1002d0 .text C:\Program Files\Internet Explorer\iexplore.exe[1960] C:\Windows\system32\OLEAUT32.dll!SysFreeString 000007feff441320 7 bytes JMP 000007fffc100260 .text C:\Program Files\Internet Explorer\iexplore.exe[1960] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen 000007feff444450 6 bytes JMP 000007fffc100228 .text C:\Program Files\Internet Explorer\iexplore.exe[1960] C:\Windows\system32\OLEAUT32.dll!VariantChangeType 000007feff446720 10 bytes JMP 000007fffc100298 .text C:\Program Files\Internet Explorer\iexplore.exe[1960] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect 000007feff4a4ed0 9 bytes JMP 000007fffc100148 .text C:\Program Files\Internet Explorer\iexplore.exe[1960] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW 000007fefc155c54 4 bytes JMP 000007fffc1000d8 .text C:\Program Files\Internet Explorer\iexplore.exe[1960] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW + 5 000007fefc155c59 2 bytes [CC, CC] .text C:\Program Files\Internet Explorer\iexplore.exe[1960] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet 000007fefc155c64 9 bytes JMP 000007fffc100110 .text C:\Program Files\Internet Explorer\iexplore.exe[1960] C:\Windows\system32\comdlg32.dll!PageSetupDlgW 000007fefdfc17a0 9 bytes JMP 000007fffc100180 .text C:\Program Files\Internet Explorer\iexplore.exe[3544] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefddc7490 11 bytes JMP 000007fffc1001b8 .text C:\Program Files\Internet Explorer\iexplore.exe[3544] C:\Windows\system32\ole32.dll!OleLoadFromStream 000007fefdef75f0 5 bytes JMP 000007fffc1001f0 .text C:\Program Files\Internet Explorer\iexplore.exe[3544] C:\Windows\system32\OLEAUT32.dll!VariantClear 000007feff441180 5 bytes JMP 000007fffc1002d0 .text C:\Program Files\Internet Explorer\iexplore.exe[3544] C:\Windows\system32\OLEAUT32.dll!SysFreeString 000007feff441320 7 bytes JMP 000007fffc100260 .text C:\Program Files\Internet Explorer\iexplore.exe[3544] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen 000007feff444450 6 bytes JMP 000007fffc100228 .text C:\Program Files\Internet Explorer\iexplore.exe[3544] C:\Windows\system32\OLEAUT32.dll!VariantChangeType 000007feff446720 10 bytes JMP 000007fffc100298 .text C:\Program Files\Internet Explorer\iexplore.exe[3544] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect 000007feff4a4ed0 9 bytes JMP 000007fffc100148 .text C:\Program Files\Internet Explorer\iexplore.exe[3544] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW 000007fefc155c54 4 bytes JMP 000007fffc1000d8 .text C:\Program Files\Internet Explorer\iexplore.exe[3544] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW + 5 000007fefc155c59 2 bytes [CC, CC] .text C:\Program Files\Internet Explorer\iexplore.exe[3544] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet 000007fefc155c64 9 bytes JMP 000007fffc100110 .text C:\Program Files\Internet Explorer\iexplore.exe[3544] C:\Windows\system32\comdlg32.dll!PageSetupDlgW 000007fefdfc17a0 9 bytes JMP 000007fffc100180 .text D:\Pawel\ProcessExplorer\procexp.exe[2892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000778f1465 2 bytes [8F, 77] .text D:\Pawel\ProcessExplorer\procexp.exe[2892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778f14bb 2 bytes [8F, 77] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [2172:2060] 000007fef1689688 ---- EOF - GMER 2.1 ----