GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-12-07 13:48:06 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT F7C5FA84 ZwCreateThread SSDT F7C5FA70 ZwOpenProcess SSDT F7C5FA75 ZwOpenThread SSDT F7C5FA7F ZwTerminateProcess SSDT F7C5FA7A ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.14 ---- PAGENDSM NDIS.sys!NdisMIndicateStatus F7368A5F 6 Bytes JMP EED76AC0 \SystemRoot\System32\Drivers\fwdrv.sys ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [EED76820] \SystemRoot\System32\Drivers\fwdrv.sys IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [EED7683B] \SystemRoot\System32\Drivers\fwdrv.sys IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [EED768CB] \SystemRoot\System32\Drivers\fwdrv.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [EED768CB] \SystemRoot\System32\Drivers\fwdrv.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [EED7683B] \SystemRoot\System32\Drivers\fwdrv.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [EED76820] \SystemRoot\System32\Drivers\fwdrv.sys ---- Devices - GMER 1.0.14 ---- AttachedDevice \FileSystem\Ntfs \Ntfs avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH) AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 hotcore3.sys (Hotbackup helper driver/Paragon Software Group) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 hotcore3.sys (Hotbackup helper driver/Paragon Software Group) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 hotcore3.sys (Hotbackup helper driver/Paragon Software Group) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 hotcore3.sys (Hotbackup helper driver/Paragon Software Group) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 hotcore3.sys (Hotbackup helper driver/Paragon Software Group) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 hotcore3.sys (Hotbackup helper driver/Paragon Software Group) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume7 hotcore3.sys (Hotbackup helper driver/Paragon Software Group) AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH) Device \FileSystem\Cdfs \Cdfs F77DB400 ---- Threads - GMER 1.0.14 ---- Thread 4:920 B802A30C Thread 4:3796 B802A30C ---- Disk sectors - GMER 1.0.14 ---- Disk \Device\Harddisk0\DR0 sector 62: copy of MBR ---- EOF - GMER 1.0.14 ----