GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-07-19 17:42:20 Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BPVT-00HXZT1 rev.01.01A01 Running: 63zu2qwp.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapob.sys ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[1816] ntdll.dll!LdrLoadDll 76F179B3 5 Bytes JMP 6D06FA35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1816] kernel32.dll!MapViewOfFile 770B7F30 5 Bytes JMP 6D31079E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1816] kernel32.dll!VirtualAlloc 770BB86F 5 Bytes JMP 6D3107C5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1816] USER32.dll!GetWindowInfo 76E60560 5 Bytes JMP 6D1F29CB C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1816] GDI32.dll!CreateDIBSection 75CE75C0 5 Bytes JMP 6D310728 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186652671 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186652671@00210805bf77 0x06 0x3A 0x6B 0x30 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186652671 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186652671@00210805bf77 0x06 0x3A 0x6B 0x30 ... ---- EOF - GMER 1.0.15 ----