GMER 2.1.19155 - http://www.gmer.net Rootkit scan 2013-03-09 21:54:57 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Scsi\m52871Port2Path0Target0Lun0 ST316081 rev.3.AA 149,05GB Running: gjfylp83.exe; Driver: C:\DOCUME~1\Stepien\USTAWI~1\Temp\afndykod.sys ---- Kernel code sections - GMER 2.1 ---- ? C:\WINDOWS\system32\drivers\plnul.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Mozilla Firefox\plugin-container.exe[388] USER32.dll!DefWindowProcA + 11A 7E37C298 7 Bytes JMP 1082FE5B C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[388] USER32.dll!SetWindowLongA + 19 7E37C2B6 7 Bytes JMP 1082FDEA C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[388] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 1045E982 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[388] USER32.dll!GetMenuContextHelpId + 1A 7E3B5319 7 Bytes JMP 1045EE7F C:\Program Files\Mozilla Firefox\xul.dll .text C:\WINDOWS\System32\svchost.exe[1084] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes JMP 016B9DC4 .text C:\WINDOWS\System32\svchost.exe[1084] NETAPI32.dll!NetpwPathCanonicalize 6FF4A3A9 5 Bytes JMP 016B9D64 .text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes JMP 008A9DC4 .text C:\Program Files\Mozilla Firefox\firefox.exe[3352] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0158D180 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3352] kernel32.dll!lstrlenW + 43 7C809ADC 7 Bytes JMP 018D6B9C C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3352] kernel32.dll!MapViewOfFileEx + 6A 7C80B990 7 Bytes JMP 018D6B79 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3352] kernel32.dll!ValidateLocale + B1E8 7C8449F8 7 Bytes JMP 0159F84B C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3352] GDI32.dll!SetDIBitsToDevice + 209 77F19E04 7 Bytes JMP 018D6AFA C:\Program Files\Mozilla Firefox\xul.dll ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet002\Services\ddhmobf@DisplayName Update Image Reg HKLM\SYSTEM\ControlSet002\Services\ddhmobf@Type 32 Reg HKLM\SYSTEM\ControlSet002\Services\ddhmobf@Start 2 Reg HKLM\SYSTEM\ControlSet002\Services\ddhmobf@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\Services\ddhmobf@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet002\Services\ddhmobf@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\Services\ddhmobf@Description Utrzymuje aktualn? list? komputer?w w sieci i dostarcza j? do komputer?w wyznaczonych jako przegl?darki. Je?li ta us?uga zostanie zatrzymana, lista nie b?dzie aktualizowana ani zachowywana. Je?li ta us?uga zostanie wy??czona, wszelkie us?ugi jawnie od niej zale?ne przestan? si? uruchamia?. Reg HKLM\SYSTEM\ControlSet002\Services\ddhmobf\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\ddhmobf\Parameters@ServiceDll C:\WINDOWS\system32\jvrlkzi.dll ---- EOF - GMER 2.1 ----