GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-12-04 23:57:33 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600JS-22MHB0 rev.02.01C03 Running: gmer.exe; Driver: C:\DOCUME~1\Ja\USTAWI~1\Temp\uftdypod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB8391738] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB83917DC] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB8391878] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB8391914] ---- Kernel code sections - GMER 1.0.15 ---- ? Combo-Fix.sys Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6F453A0, 0x8A1A15, 0xE8000020] ? C:\ComboFix\catchme.sys System nie może odnaleźć określonej ścieżki. ! ? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[1888] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 012A3690 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[3848] USER32.dll!GetSysColor 7E368E78 5 Bytes JMP 00452430 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[3848] USER32.dll!GetSysColorBrush 7E368EAB 5 Bytes JMP 00452490 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[3848] USER32.dll!SetScrollInfo 7E369056 7 Bytes JMP 00452320 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[3848] USER32.dll!GetScrollInfo 7E37DFE2 7 Bytes JMP 00452270 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[3848] USER32.dll!ShowScrollBar 7E37F2F2 5 Bytes JMP 004523F0 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[3848] USER32.dll!GetScrollPos 7E37F704 5 Bytes JMP 004522B0 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[3848] USER32.dll!SetScrollPos 7E37F750 5 Bytes JMP 00452360 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[3848] USER32.dll!GetScrollRange 7E37F787 5 Bytes JMP 004522E0 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[3848] USER32.dll!SetScrollRange 7E37F99B 5 Bytes JMP 004523A0 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[3848] USER32.dll!EnableScrollBar 7E3B8005 7 Bytes JMP 00452230 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3908] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 1045E78C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3908] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 1045ED49 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. ) AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. ) ---- EOF - GMER 1.0.15 ----