GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-08-06 14:36:50 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600JS-60MHB1 rev.10.02E02 149.05GB Running: y6w9e7d0.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\pftdypow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0xB53FB14A] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0xB53FB21A] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0xB53FAD7C] SSDT \??\C:\WINDOWS\system32\drivers\avgtpx86.sys ZwQueryValueKey [0xF76D81AE] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0xB53FAF6A] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0xB53FB000] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0xB53FAE32] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0xB53FAECE] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0xB53FB09C] ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9C8D380, 0x346307, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[3420] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0171EEB0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3420] kernel32.dll!lstrlenW + 43 7C809ADC 7 Bytes JMP 01D2979B C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3420] kernel32.dll!MapViewOfFileEx + 6A 7C80B990 7 Bytes JMP 01D29778 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3420] kernel32.dll!ValidateLocale + B1E8 7C8449F8 7 Bytes JMP 01724CE9 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3420] GDI32.dll!SetDIBitsToDevice + 209 77F19E04 7 Bytes JMP 01D296F9 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4036] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 107F2A67 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4036] USER32.dll!GetMenuContextHelpId + 1A 7E3B5319 7 Bytes JMP 107F306A C:\Program Files\Mozilla Firefox\xul.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\ Reg HKLM\SYSTEM\CurrentControlSet\Services\@Parameters\0\x202e\x2764 140 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION E77A25D084DB069ED23B33A72FC6AA9A56A681D2AE09CA6C128EF195F68DEDAE9A7C982EE30A0062AC9584FA3799207C6A51157B238EFCCF350ADC1B663446C188CC204E723FAA4AF486D301A8A9E4CB187D364D26CC59B73B92F78F1B55C90169E46FBAB7820DE1ADB0638EA53662F14B0DD90A12D4CB07977107BFC8F803ECD913BD6E60F072E63B057BECF18E43094FB87868644C0056A0C3537147B841BA5677C4D8BCB9694C6649E757F79A78E0568CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808C038D530D6EB3452C038D530D6EB3452FEBC9E127BECC74CB591BEC54FC0C46D5719908BF2934558BBBCF14B371D6C483ED6103B4417F156BACAD56EF5AE08CAD92DE1E32C9A1552DFC59170A67A0F061D5520E2F59156C7D9364C8E7746ADE6E54C9316677BBA98A7B6FE8E7AAE984748E87D6F13F2F89EE6FD48CFF830D700DFE9E77D2B3EC03326F3B559BC3E1B7424047907C8DD9349B63E97ED674D89A930F0C38DC41E12F7F5D1D017BA630E4C9B068D6603A6480A2484A8B9F0ADAB4AC2BD2E49448B0212B19A152284894A5D9C49535CF3D819760F57101788198A1E86A156CA7DA9C582FB8D65687051100E17960ACC93B06D77D92E05FDE50A56316D610C3E084F751CF8DACE6B968EFE1681AE942D992