GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-07-29 20:09:56 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD12 rev.01.0 Running: 28fwqbo6.exe; Driver: E:\DOCUME~1\ToZi\USTAWI~1\Temp\uxtdipow.sys ---- User code sections - GMER 1.0.15 ---- .text E:\Program Files\Mozilla Firefox\firefox.exe[1432] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 011AB52A E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text E:\Program Files\Mozilla Firefox\firefox.exe[1432] kernel32.dll!lstrlenW + 43 7C809A5C 7 Bytes JMP 0145B6F5 E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text E:\Program Files\Mozilla Firefox\firefox.exe[1432] kernel32.dll!MapViewOfFileEx + 6A 7C80B910 7 Bytes JMP 0145B6D2 E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text E:\Program Files\Mozilla Firefox\firefox.exe[1432] GDI32.dll!SetDIBitsToDevice + 20D 77F19A9C 7 Bytes JMP 0145B653 E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text E:\Program Files\Mozilla Firefox\plugin-container.exe[1844] USER32.dll!GetWindowInfo 77D3E78C 5 Bytes JMP 1043BACC E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text E:\Program Files\Mozilla Firefox\plugin-container.exe[1844] USER32.dll!GetMenuContextHelpId + 1A 77D84ED9 7 Bytes JMP 1043C0F9 E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT E:\WINNT\Explorer.EXE[632] @ E:\WINNT\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CFE7774] E:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT E:\WINNT\Explorer.EXE[632] @ E:\WINNT\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] E:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT E:\WINNT\Explorer.EXE[632] @ E:\WINNT\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] E:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT E:\WINNT\Explorer.EXE[632] @ E:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] E:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT E:\WINNT\Explorer.EXE[632] @ E:\WINNT\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] E:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT E:\WINNT\Explorer.EXE[632] @ E:\WINNT\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] E:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT E:\WINNT\Explorer.EXE[632] @ E:\WINNT\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] E:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT E:\WINNT\Explorer.EXE[632] @ E:\WINNT\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] E:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT E:\WINNT\Explorer.EXE[632] @ E:\WINNT\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] E:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT E:\WINNT\Explorer.EXE[632] @ E:\WINNT\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] E:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT E:\WINNT\Explorer.EXE[632] @ E:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] E:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT E:\WINNT\Explorer.EXE[632] @ E:\WINNT\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] E:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT E:\WINNT\Explorer.EXE[632] @ E:\WINNT\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] E:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT E:\WINNT\Explorer.EXE[632] @ E:\WINNT\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] E:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----