GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-10-02 15:09:00 Windows 5.1.2600 Dodatek Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-10 SAMSUNG_HD103SJ rev.1AJ10001 931,51GB Running: l15n8exx.exe; Driver: H:\DOCUME~1\Patryk\USTAWI~1\Temp\pxddifob.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys ZwOpenProcess [0xBABB9738] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys ZwTerminateProcess [0xBABB97DC] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys ZwTerminateThread [0xBABB9878] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys ZwWriteVirtualMemory [0xBABB9914] ---- Kernel code sections - GMER 2.1 ---- .text H:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9F51360, 0x37319D, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text H:\Program Files\Pando Networks\Media Booster\PMB.exe[1216] kernel32.dll!SetUnhandledExceptionFilter 7C84480D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text H:\Documents and Settings\Patryk\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[4964] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0143E9A9 H:\Documents and Settings\Patryk\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text H:\Documents and Settings\Patryk\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[4964] kernel32.dll!lstrlenW + 43 7C809A6C 7 Bytes JMP 01EB0D95 H:\Documents and Settings\Patryk\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text H:\Documents and Settings\Patryk\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[4964] kernel32.dll!MapViewOfFileEx + 6A 7C80B920 7 Bytes JMP 01EB0DDD H:\Documents and Settings\Patryk\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text H:\Documents and Settings\Patryk\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[4964] kernel32.dll!ValidateLocale + B088 7C844808 7 Bytes JMP 01443D66 H:\Documents and Settings\Patryk\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text H:\Documents and Settings\Patryk\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[4964] GDI32.dll!SetDIBitsToDevice + 208 77F19214 7 Bytes JMP 01EB0E04 H:\Documents and Settings\Patryk\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text H:\Program Files\Mozilla Firefox\plugin-container.exe[5320] USER32.dll!DefWindowProcA + 11A 7E36D5F0 7 Bytes JMP 10606007 H:\Program Files\Mozilla Firefox\xul.dll .text H:\Program Files\Mozilla Firefox\plugin-container.exe[5320] USER32.dll!SetWindowLongA + 19 7E36D60E 7 Bytes JMP 10606078 H:\Program Files\Mozilla Firefox\xul.dll .text H:\Program Files\Mozilla Firefox\plugin-container.exe[5320] USER32.dll!GetWindowInfo 7E36DE7C 5 Bytes JMP 10609DDF H:\Program Files\Mozilla Firefox\xul.dll .text H:\Program Files\Mozilla Firefox\plugin-container.exe[5320] USER32.dll!GetMenuContextHelpId + 1A 7E3B5269 7 Bytes JMP 10603789 H:\Program Files\Mozilla Firefox\xul.dll .text H:\Program Files\Mozilla Firefox\firefox.exe[5504] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 016EDFF0 H:\Program Files\Mozilla Firefox\xul.dll .text H:\Program Files\Mozilla Firefox\firefox.exe[5504] kernel32.dll!lstrlenW + 43 7C809A6C 7 Bytes JMP 01E79796 H:\Program Files\Mozilla Firefox\xul.dll .text H:\Program Files\Mozilla Firefox\firefox.exe[5504] kernel32.dll!MapViewOfFileEx + 6A 7C80B920 7 Bytes JMP 01E79773 H:\Program Files\Mozilla Firefox\xul.dll .text H:\Program Files\Mozilla Firefox\firefox.exe[5504] kernel32.dll!ValidateLocale + B088 7C844808 7 Bytes JMP 016F5F1A H:\Program Files\Mozilla Firefox\xul.dll .text H:\Program Files\Mozilla Firefox\firefox.exe[5504] GDI32.dll!SetDIBitsToDevice + 208 77F19214 7 Bytes JMP 01E796F4 H:\Program Files\Mozilla Firefox\xul.dll ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAB 0x3F 0xC8 0x8B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4B 0xCB 0x3E 0x2B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCD 0xF2 0x5F 0x61 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAB 0x3F 0xC8 0x8B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4B 0xCB 0x3E 0x2B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCD 0xF2 0x5F 0x61 ... ---- EOF - GMER 2.1 ----