GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-11-08 08:35:19 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-19 ST3808110AS rev.3.AAD 74,53GB Running: gmer.exe; Driver: C:\DOCUME~1\Kadr\USTAWI~1\Temp\fxtdqpob.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0xF79916E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0xF7991800] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0xF7991010] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0xF79914D0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0xF7991300] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0xF79913E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0xF7991120] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0xF7991210] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0xF79915E0] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[2524] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes JMP 0191C420 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2524] ntdll.dll!NtCreateFile + 4 7C90D0B2 1 Byte [85] .text C:\Program Files\Mozilla Firefox\firefox.exe[2524] ntdll.dll!NtFlushBuffersFile 7C90D32E 5 Bytes JMP 018F1594 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2524] ntdll.dll!NtQueryFullAttributesFile 7C90D7AE 5 Bytes JMP 018F12B0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2524] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 018F1490 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2524] ntdll.dll!NtReadFileScatter 7C90D9DE 5 Bytes JMP 022497EB C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2524] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes JMP 0191D2F0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2524] ntdll.dll!NtWriteFile + 4 7C90DF82 1 Byte [85] .text C:\Program Files\Mozilla Firefox\firefox.exe[2524] ntdll.dll!NtWriteFileGather 7C90DF8E 5 Bytes JMP 0224979A C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2524] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10001F43 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2524] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 021B0122 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2524] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 021B00FF C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2524] kernel32.dll!ValidateLocale + B648 7C844EE0 7 Bytes JMP 01918F84 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2524] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 020B68B0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2524] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 021B0080 C:\Program Files\Mozilla Firefox\xul.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20@ProfileLoadTimeLow -29086668 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20@ProfileLoadTimeHigh 30407307 ---- EOF - GMER 2.1 ----