GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-09-24 12:24:09 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0 SAMSUNG_ rev.JF10 149,05GB Running: z7e9p8nq.exe; Driver: C:\DOCUME~1\WIERSZ~1\USTAWI~1\Temp\pgxoapoc.sys ---- System - GMER 2.1 ---- SSDT \??\C:\WINDOWS\system32\drivers\avgtpx86.sys ZwEnumerateKey [0xAE119342] SSDT \??\C:\WINDOWS\system32\drivers\avgtpx86.sys ZwEnumerateValueKey [0xAE1193F2] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0xB83D96E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0xB83D9800] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0xB83D9010] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0xB83D94D0] SSDT \??\C:\WINDOWS\system32\drivers\avgtpx86.sys ZwQueryValueKey [0xAE11922A] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0xB83D9300] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0xB83D93E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0xB83D9120] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0xB83D9210] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0xB83D95E0] ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB4D8A3C0, 0x83D7BA, 0xE8000020] ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{E5A1C8D2-AB9D-4237-BD85-0977705DE968}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet003\Control\Video\{E5A1C8D2-AB9D-4237-BD85-0977705DE968}\0000@D3D_\x3332\x3331 2089309684 ---- EOF - GMER 2.1 ----