GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-04-06 22:48:24 Windows 5.1.2600 Dodatek Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6Y080L0 rev.YAR41BW0 76,34GB Running: j3rjpkmo.exe; Driver: C:\DOCUME~1\Rodiyna\USTAWI~1\Temp\kfqyrfob.sys ---- Kernel code sections - GMER 2.1 ---- .text atapi.sys F847E7B4 1 Byte [CC] {INT 3 } .text C:\windows\system32\DRIVERS\nv4_mini.sys section is writeable [0xF7F18360, 0x24BB1D, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[3700] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0154D2A0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3700] kernel32.dll!lstrlenW + 43 7C809A5C 7 Bytes JMP 0189E7E6 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3700] kernel32.dll!MapViewOfFileEx + 6A 7C80B910 7 Bytes JMP 0189E7C3 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3700] kernel32.dll!ValidateLocale + AFA8 7C8447E8 7 Bytes JMP 01562245 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3700] GDI32.dll!SetDIBitsToDevice + 20D 77F19A9C 7 Bytes JMP 0189E744 C:\Program Files\Mozilla Firefox\xul.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x82229ef9]<< 82229ef9 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x823ccab8] 823ccab8 Trace 3 CLASSPNP.SYS[f857705b] -> nt!IofCallDriver -> \Device\0000005f[0x8236d9e8] 8236d9e8 Trace 5 ACPI.sys[f84ec620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8236c940] 8236c940 ---- Threads - GMER 2.1 ---- Thread System [4:288] 820950F4 ---- EOF - GMER 2.1 ----