GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-26 00:31:51
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD502IJ rev.1AA01113
Running: 8y0cbe7t.exe; Driver: C:\Users\Mati\AppData\Local\Temp\kxldypod.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwOpenProcess [0xA0341F3C]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateProcess [0xA0341FE4]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateThread [0xA0342080]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwWriteVirtualMemory [0xA034211C]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 3F1                                                                                               824EEB54 4 Bytes  [3C, 1F, 34, A0] {CMP AL, 0x1f; XOR AL, 0xa0}
.text           ntkrnlpa.exe!KeSetEvent + 621                                                                                               824EED84 8 Bytes  [E4, 1F, 34, A0, 80, 20, 34, ...]
.text           ntkrnlpa.exe!KeSetEvent + 681                                                                                               824EEDE4 4 Bytes  [1C, 21, 34, A0] {SBB AL, 0x21; XOR AL, 0xa0}
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                    section is writeable [0x90C02000, 0x3BEEC5, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\atksgt.sys                                                                                      section is writeable [0xA02FE300, 0x3AF78, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                                      section is writeable [0xA66CE300, 0x1BCE, 0xE8000020]
.text           C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl                                                                     section is writeable [0xA67C8000, 0x2892, 0xE8000020]
.vmp2           C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl                                                                     entry point in ".vmp2" section [0xA67EB050]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                      AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                      InCDRec.sys (InCD File System Recognizer/Nero AG)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                            
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                         0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                      0x5A 0x22 0xC2 0xE4 ...
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                        
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                             0
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                          0x5A 0x22 0xC2 0xE4 ...

---- EOF - GMER 1.0.15 ----