GMER 2.1.19155 - http://www.gmer.net Rootkit scan 2013-03-06 00:06:33 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e SAMSUNG_HD502HI rev.1AG01118 465,76GB Running: u0f3v9yv.exe; Driver: C:\DOCUME~1\PAWE~1\USTAWI~1\Temp\pxtdapow.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8D17000, 0x1A40B6, 0xE8000020] init C:\WINDOWS\system32\drivers\monfilt.sys entry point in "init" section [0xAC904280] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1704] USER32.dll!DefWindowProcA + 11A 7E37C298 7 Bytes JMP 10831678 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1704] USER32.dll!SetWindowLongA + 19 7E37C2B6 7 Bytes JMP 10831607 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1704] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 1045FBF7 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1704] USER32.dll!GetMenuContextHelpId + 1A 7E3B5319 7 Bytes JMP 10460118 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2428] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 018D8BF0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2428] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01C27FF0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2428] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01C27FCD C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2428] kernel32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 018EF1AD C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2428] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 00AD9B64 .text C:\Program Files\Mozilla Firefox\firefox.exe[2428] USER32.dll!DrawTextExW 7E37B415 5 Bytes JMP 00ADB110 .text C:\Program Files\Mozilla Firefox\firefox.exe[2428] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 01AA77D6 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2428] USER32.dll!DrawTextW 7E37D7E2 5 Bytes JMP 00ADAF4E .text C:\Program Files\Mozilla Firefox\firefox.exe[2428] USER32.dll!SetClipboardData 7E380F9E 5 Bytes JMP 00ADABC4 .text C:\Program Files\Mozilla Firefox\firefox.exe[2428] USER32.dll!DrawTextA 7E38C702 5 Bytes JMP 00ADAE73 .text C:\Program Files\Mozilla Firefox\firefox.exe[2428] USER32.dll!DrawTextExA 7E38C739 5 Bytes JMP 00ADB029 .text C:\Program Files\Mozilla Firefox\firefox.exe[2428] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 00ADADA7 .text C:\Program Files\Mozilla Firefox\firefox.exe[2428] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 00ADB2DB .text C:\Program Files\Mozilla Firefox\firefox.exe[2428] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01C27F4E C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2428] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 00ADACDB .text C:\Program Files\Mozilla Firefox\firefox.exe[2428] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 00ADB1F7 .text C:\Program Files\Mozilla Firefox\firefox.exe[2428] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 00ADB69B .text C:\Program Files\Mozilla Firefox\firefox.exe[2428] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 00ADB768 .text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 00AD9688 .text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 00ADAB0A .text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!send 71A54C27 5 Bytes JMP 00ADA63E .text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 00ADA88D .text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!gethostbyname 71A55355 5 Bytes JMP 00AD95C7 .text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!recv 71A5676F 5 Bytes JMP 00ADA6F7 .text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 00ADA7B9 .text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!WSAAsyncGetHostByName 71A5E99D 5 Bytes JMP 00AD9A85 .text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WININET.dll!InternetCrackUrlW 3FCF40C0 5 Bytes JMP 00ADBA2E .text C:\Program Files\Microsoft Office\OFFICE11\MSACCESS.EXE[3184] ole32.dll!OleLoadFromStream 7751983B 5 Bytes JMP 30F52DF0 C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll .text C:\Program Files\Gadu-Gadu 10\gg.exe[3536] USER32.dll!BeginPaint 7E378FE9 5 Bytes JMP 10539EA0 C:\Program Files\Gadu-Gadu 10\QtWebKit4.dll .text C:\Program Files\Gadu-Gadu 10\gg.exe[3536] USER32.dll!EndPaint 7E378FFD 5 Bytes JMP 10539F10 C:\Program Files\Gadu-Gadu 10\QtWebKit4.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00025b227bf5 Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00025b227bf5 (not active ControlSet) ---- EOF - GMER 2.1 ----