GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-08-09 20:26:10 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BB-00JHC0 rev.05.01C05 74,53GB Running: u6ty2wfd.exe; Driver: C:\DOCUME~1\Krysia\USTAWI~1\Temp\fxldqpoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[1616] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 018D3D20 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1616] ntdll.dll!NtFlushBuffersFile 7C90D32E 5 Bytes JMP 018BC661 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1616] ntdll.dll!NtQueryFullAttributesFile 7C90D7AE 5 Bytes JMP 018D3820 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1616] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 018BC750 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1616] ntdll.dll!NtReadFileScatter 7C90D9DE 5 Bytes JMP 0215E1FF C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1616] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 018D43D0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1616] ntdll.dll!NtWriteFileGather 7C90DF8E 5 Bytes JMP 0215E1AE C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1616] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10001F4C C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1616] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 020FF582 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1616] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 020FF55F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1616] kernel32.dll!ValidateLocale + B648 7C844EE0 7 Bytes JMP 018D06F3 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1616] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 020FF4E0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1616] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 0200E5A9 C:\Program Files\Mozilla Firefox\xul.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip netfilter.sys AttachedDevice \Driver\Tcpip \Device\Tcp tcpipBM.SYS AttachedDevice \Driver\Tcpip \Device\Tcp netfilter.sys AttachedDevice \Driver\Tcpip \Device\Udp netfilter.sys AttachedDevice \Driver\Tcpip \Device\RawIp netfilter.sys ---- Files - GMER 2.1 ---- File C:\System Volume Information\_restore{A3540A31-5813-47AE-A181-E91102DB202D}\RP123\A0450868.dll 7680 bytes executable File C:\System Volume Information\_restore{A3540A31-5813-47AE-A181-E91102DB202D}\RP123\A0450886.dll 753236 bytes executable File C:\System Volume Information\_restore{A3540A31-5813-47AE-A181-E91102DB202D}\RP123\A0450904.dll 274432 bytes executable File C:\System Volume Information\_restore{A3540A31-5813-47AE-A181-E91102DB202D}\RP123\A0450866.dll 167936 bytes executable File C:\System Volume Information\_restore{A3540A31-5813-47AE-A181-E91102DB202D}\RP123\A0450867.dll 4096 bytes executable ---- EOF - GMER 2.1 ----