GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-26 16:00:05
Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD3200AAKS-00L9A0 rev.01.03E01
Running: Gmer.exe; Driver: C:\DOCUME~1\Pawel\USTAWI~1\Temp\kweiifow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text   C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                               section is writeable [0xB51A13A0, 0x88C445, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.rsrc   C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\svchost.exe   section is executable [0x01005000, 0x7600, 0xE0000060]
.rsrc   C:\WINDOWS\system32\svchost.exe[908] C:\WINDOWS\system32\svchost.exe   section is executable [0x01005000, 0x7600, 0xE0000060]
.rsrc   C:\WINDOWS\System32\svchost.exe[948] C:\WINDOWS\System32\svchost.exe   section is executable [0x01005000, 0x7600, 0xE0000060]
.rsrc   C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\system32\svchost.exe   section is executable [0x01005000, 0x7600, 0xE0000060]
.rsrc   C:\WINDOWS\system32\svchost.exe[1088] C:\WINDOWS\system32\svchost.exe  section is executable [0x01005000, 0x7600, 0xE0000060]
.reloc  C:\WINDOWS\Explorer.EXE[1384] C:\WINDOWS\Explorer.EXE                  section is executable [0x010FB000, 0xA800, 0xE0000060]
.rsrc   C:\WINDOWS\system32\svchost.exe[1456] C:\WINDOWS\system32\svchost.exe  section is executable [0x01005000, 0x7600, 0xE0000060]
.text   D:\programy\Mozilla 5.0\firefox.exe[1832] ntdll.dll!LdrLoadDll         7C9161CA 5 Bytes  JMP 00401410 D:\programy\Mozilla 5.0\firefox.exe (Firefox/Mozilla Corporation)