GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-10-25 13:49:14 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-16 HDT722516DLAT80 rev.V43OA96A Running: p8f9vwzx.exe; Driver: C:\DOCUME~1\PAWE~1\USTAWI~1\Temp\uwtdqpob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xF4FB014A] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xF4FB021A] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xF4FAFD7C] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendProcess [0xF4FAFF6A] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendThread [0xF4FB0000] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xF4FAFE32] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xF4FAFECE] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xF4FB009C] ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF72AE000, 0x1C5D38, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text D:\Program Files\Mozilla Firefox\firefox.exe[2916] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0176A650 D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text D:\Program Files\Mozilla Firefox\firefox.exe[2916] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 019A7E1A D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text D:\Program Files\Mozilla Firefox\firefox.exe[2916] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 019A7DF7 D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text D:\Program Files\Mozilla Firefox\firefox.exe[2916] kernel32.dll!ValidateLocale + B138 7C844930 7 Bytes JMP 0176EDB3 D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text D:\Program Files\Mozilla Firefox\firefox.exe[2916] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 019A7D78 D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) ---- EOF - GMER 1.0.15 ----