GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-02 22:08:50 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c SAMSUNG_SP0812C rev.SU100-30 74,56GB Running: k7ln0d9i.exe; Driver: C:\DOCUME~1\ASIA~1.KOM\USTAWI~1\Temp\pxtdqpow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0xA71126E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0xA7112800] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0xA7112010] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0xA71124D0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0xA7112300] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0xA71123E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0xA7112120] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0xA7112210] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0xA71125E0] ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF3B2D000, 0x2A1564, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[1512] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 018E9AE0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1512] ntdll.dll!NtFlushBuffersFile 7C90D32E 5 Bytes JMP 018CC434 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1512] ntdll.dll!NtQueryFullAttributesFile 7C90D7AE 5 Bytes JMP 018CC150 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1512] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 018CC330 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1512] ntdll.dll!NtReadFileScatter 7C90D9DE 5 Bytes JMP 022EF60F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1512] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 018EA9F0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1512] ntdll.dll!NtWriteFileGather 7C90DF8E 5 Bytes JMP 022EF5BE C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1512] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10001F42 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1512] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 02214AC3 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1512] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 2 Bytes JMP 02214AA0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1512] kernel32.dll!MapViewOfFileEx + 6D 7C80B9A3 4 Bytes [A0, 85, EB, F9] .text C:\Program Files\Mozilla Firefox\firefox.exe[1512] kernel32.dll!ValidateLocale + B648 7C844EE0 7 Bytes JMP 018E63D0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1512] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 0210B991 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1512] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 02214A21 C:\Program Files\Mozilla Firefox\xul.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys ---- Files - GMER 2.1 ---- File C:\Documents and Settings\Asia.KOMP\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\fz4yvmkj.default\cache2\entries\E6BCA265A54BF4E1C58C76DFC5FD587AB0237823 272 bytes File C:\Documents and Settings\Asia.KOMP\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\fz4yvmkj.default\cache2\entries\A8BED745F465DCD3E9CBB19AB47120C28C25BC8F 3505 bytes File C:\Documents and Settings\Asia.KOMP\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\fz4yvmkj.default\cache2\entries\03A34805D69D852E6B8E69917F36A2BBA4727678 3573 bytes ---- EOF - GMER 2.1 ----