GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-11-16 15:00:27
Windows 6.1.7600  \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD16 rev.01.0 149,05GB
Running: hof8kspf.exe; Driver: C:\Users\krystyna\AppData\Local\Temp\fxddqpoc.sys


---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackTransaction + 13F9                                                        8308E829 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           830B3132 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 2.1 ----

?               C:\Windows\system32\svchost.exe[524] C:\Windows\system32\smss.exe                                image checksum mismatch; time/date stamp mismatch; unknown module: OLEAUT32.dllunknown module: urlmon.dllunknown module: VERSION.dll
.text           C:\Windows\system32\svchost.exe[524] USER32.dll!DialogBoxIndirectParamAorW                       75D9551D 5 Bytes  [33, C0, C2, 18, 00] {XOR EAX, EAX; RET 0x18}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3180] ntdll.dll!LdrLoadDll                          7703F425 5 Bytes  JMP 62A8C930 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3180] kernel32.dll!MapViewOfFile                    757DC0AC 5 Bytes  JMP 62CBE083 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3180] kernel32.dll!VirtualAlloc                     757E05D4 5 Bytes  JMP 62CBE0AA C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3180] GDI32.dll!CreateDIBSection                    75AF85F0 5 Bytes  JMP 62CBE00D C:\Program Files\Mozilla Firefox\xul.dll

---- Devices - GMER 2.1 ----

Device          \Driver\BTHUSB \Device\00000071                                                                  bthport.sys
Device          \Driver\BTHUSB \Device\0000006f                                                                  bthport.sys

AttachedDevice  \FileSystem\fastfat \Fat                                                                         fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\5cac4cfb759d (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet001\services\ (not active ControlSet)                                      
Reg             HKLM\SYSTEM\ControlSet001\services\@Parameters\0\x202e\x2764                                     408
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\5cac4cfb759d                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\                                                          
Reg             HKLM\SYSTEM\CurrentControlSet\services\@Parameters\0\x202e\x2764                                 408
Reg             HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\5cac4cfb759d (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\services\ (not active ControlSet)                                      
Reg             HKLM\SYSTEM\ControlSet003\services\@Parameters\0\x202e\x2764                                     408

---- Files - GMER 2.1 ----

File            C:\Program Files\Windows Defender\pl-PL\MpAsDesc.dll.mui                                         41472 bytes executable
File            C:\Program Files\Windows Defender\pl-PL\MpEvMsg.dll.mui                                          17920 bytes executable
File            C:\Program Files\Windows Defender\pl-PL\MsMpRes.dll.mui                                          53248 bytes executable

---- EOF - GMER 2.1 ----