GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-25 23:22:17
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-16 HDT722516DLAT80 rev.V43OA96A
Running: p8f9vwzx.exe; Driver: C:\DOCUME~1\PAWE~1\USTAWI~1\Temp\uwtdqpob.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwNotifyChangeKey [0xF71D914A]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwNotifyChangeMultipleKeys [0xF71D921A]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwOpenProcess [0xF71D8D7C]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwSuspendProcess [0xF71D8F6A]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwSuspendThread [0xF71D9000]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateProcess [0xF71D8E32]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateThread [0xF71D8ECE]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwWriteVirtualMemory [0xF71D909C]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwCallbackReturn + 2768                                                                                         80501FA0 5 Bytes  [32, 8E, 1D, F7, CE]
.text           ntkrnlpa.exe!ZwCallbackReturn + 276E                                                                                         80501FA6 2 Bytes  [1D, F7]
.text           C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                                                                     section is writeable [0xF72C0000, 0x1C5D38, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                     avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                    avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                    avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                  avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----