GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-09 13:23:01
Windows 5.1.2600 Dodatek Service Pack 2
Running: wfc1lyih.exe; Driver: C:\DOCUME~1\Admin\USTAWI~1\Temp\pxtdapow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text  C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                               section is writeable [0xF6F10380, 0x2468FD, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text  C:\Program Files\Mozilla Firefox\plugin-container.exe[1212] USER32.dll!TrackPopupMenu  7E3B50EE 5 Bytes  JMP 103FDDE0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text  C:\Program Files\Mozilla Firefox\firefox.exe[3292] ntdll.dll!LdrLoadDll                7C915CBB 5 Bytes  JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Registry - GMER 1.0.15 ----

Reg    HKLM\SYSTEM\ControlSet002\Services\hydsz@DisplayName                                   Center Boot
Reg    HKLM\SYSTEM\ControlSet002\Services\hydsz@Type                                          32
Reg    HKLM\SYSTEM\ControlSet002\Services\hydsz@Start                                         2
Reg    HKLM\SYSTEM\ControlSet002\Services\hydsz@ErrorControl                                  0
Reg    HKLM\SYSTEM\ControlSet002\Services\hydsz@ImagePath                                     %SystemRoot%\system32\svchost.exe -k netsvcs
Reg    HKLM\SYSTEM\ControlSet002\Services\hydsz@ObjectName                                    LocalSystem
Reg    HKLM\SYSTEM\ControlSet002\Services\hydsz@Description                                   Zarz?dza zasadami zabezpiecze? IP i uruchamia sterownik ISAKMP/Oakley (IKE) i sterownik zabezpiecze? IP.
Reg    HKLM\SYSTEM\ControlSet002\Services\hydsz\Parameters (not active ControlSet)            
Reg    HKLM\SYSTEM\ControlSet002\Services\hydsz\Parameters@ServiceDll                         C:\WINDOWS\system32\bjchgmxs.dll

---- EOF - GMER 1.0.15 ----