GMER 2.1.19155 - http://www.gmer.net Rootkit scan 2013-03-23 14:05:24 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3 ST360015A rev.3.33 55,90GB Running: 9j9c8p7m.exe; Driver: H:\DOCUME~1\Greg\USTAWI~1\Temp\kgrdipod.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0xB1F1814A] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0xB1F1821A] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0xB1F17D7C] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0xB1F17F6A] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0xB1F18000] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0xB1F17E32] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0xB1F17ECE] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0xB1F1809C] ---- Kernel code sections - GMER 2.1 ---- .text H:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6725380, 0x2F2537, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text H:\Program Files\Mozilla Firefox\plugin-container.exe[1052] USER32.dll!DefWindowProcA + 11A 7E37C298 7 Bytes JMP 1082FE5B H:\Program Files\Mozilla Firefox\xul.dll .text H:\Program Files\Mozilla Firefox\plugin-container.exe[1052] USER32.dll!SetWindowLongA + 19 7E37C2B6 7 Bytes JMP 1082FDEA H:\Program Files\Mozilla Firefox\xul.dll .text H:\Program Files\Mozilla Firefox\plugin-container.exe[1052] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 1045E982 H:\Program Files\Mozilla Firefox\xul.dll .text H:\Program Files\Mozilla Firefox\plugin-container.exe[1052] USER32.dll!GetMenuContextHelpId + 1A 7E3B5319 7 Bytes JMP 1045EE7F H:\Program Files\Mozilla Firefox\xul.dll .text H:\Program Files\Mozilla Firefox\firefox.exe[2188] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0158D180 H:\Program Files\Mozilla Firefox\xul.dll .text H:\Program Files\Mozilla Firefox\firefox.exe[2188] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 018D6B9C H:\Program Files\Mozilla Firefox\xul.dll .text H:\Program Files\Mozilla Firefox\firefox.exe[2188] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 018D6B79 H:\Program Files\Mozilla Firefox\xul.dll .text H:\Program Files\Mozilla Firefox\firefox.exe[2188] kernel32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 0159F84B H:\Program Files\Mozilla Firefox\xul.dll .text H:\Program Files\Mozilla Firefox\firefox.exe[2188] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 018D6AFA H:\Program Files\Mozilla Firefox\xul.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x98 0x36 0x3F 0x66 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x98 0x36 0x3F 0x66 ... ---- EOF - GMER 2.1 ----