GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-12-20 09:28:11
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HITACHI_HTS545025B9A300 rev.PB2ZC61H 232,89GB
Running: 41e8rznq.exe; Driver: C:\Users\Goska\AppData\Local\Temp\fwddqkow.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwNotifyChangeKey [0x8E31F690]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwNotifyChangeMultipleKeys [0x8E31F7B0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwOpenProcess [0x8E31F010]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwOpenThread [0x8E31F490]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwSuspendProcess [0x8E31F2D0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwSuspendThread [0x8E31F3B0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwTerminateProcess [0x8E31F110]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwTerminateThread [0x8E31F1F0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwWriteVirtualMemory [0x8E31F590]

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 142D      82840A15 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2        8287A212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1357           828816EC 8 Bytes  [90, F6, 31, 8E, B0, F7, 31, ...]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 139F           82881734 4 Bytes  [10, F0, 31, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 13BF           82881754 4 Bytes  [90, F4, 31, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 165F           828819F4 8 Bytes  [D0, F2, 31, 8E, B0, F3, 31, ...] {SAL DL, 0x1; XOR [ESI-0x71ce0c50], ECX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 166F           82881A04 8 Bytes  [10, F1, 31, 8E, F0, F1, 31, ...] {ADC CL, DH; XOR [ESI-0x71ce0e10], ECX}
.text           ...                                           

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\tdx \Device\Tcp                       avgtdix.sys
AttachedDevice  \Driver\tdx \Device\Udp                       avgtdix.sys
AttachedDevice  \Driver\tdx \Device\RawIp                     avgtdix.sys
AttachedDevice  \FileSystem\fastfat \Fat                      fltmgr.sys

---- EOF - GMER 2.1 ----