GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-12-13 16:49:55 Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 Hitachi_HTS541680J9SA00 rev.SB2OC70P Running: wsyww476.exe; Driver: C:\Users\PAWE~1\AppData\Local\Temp\ugloapow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x814D1F3C] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x814D1FE4] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x814D2080] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x814D211C] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetTimerEx + 624 81D04C48 3 Bytes [3C, 1F, 4D] {CMP AL, 0x1f; DEC EBP} .text ntkrnlpa.exe!KeSetTimerEx + 854 81D04E78 3 Bytes [E4, 1F, 4D] {IN AL, 0x1f; DEC EBP} .text ntkrnlpa.exe!KeSetTimerEx + 858 81D04E7C 3 Bytes [80, 20, 4D] {AND BYTE [EAX], 0x4d} .text ntkrnlpa.exe!KeSetTimerEx + 8B4 81D04ED8 3 Bytes [1C, 21, 4D] {SBB AL, 0x21; DEC EBP} ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) ---- EOF - GMER 1.0.15 ----