GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2017-04-24 13:09:02
Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS424040M9AT00 rev.MA2OA71A 37,26GB
Running: zt0sdcnc.exe; Driver: C:\DOCUME~1\Tomek\USTAWI~1\Temp\uglciuog.sys


---- System - GMER 2.2 ----

INT 0x62  ?                                                                         86FDACB8
INT 0x63  ?                                                                         86E08CB8
INT 0x82  ?                                                                         86FDACB8
INT 0xA4  ?                                                                         86E08CB8
INT 0xB4  ?                                                                         86E08CB8
INT 0xB4  ?                                                                         86E08CB8

---- Kernel code sections - GMER 2.2 ----

.sptd1    C:\WINDOWS\system32\drivers\sptd.sys                                      entry point in ".sptd1" section [0xF775F774]
?         C:\WINDOWS\System32\Drivers\aodu0ew9.SYS                                  suspicious PE modification
.text     C:\Program Files\Alcohol Soft\Alcohol 120\Alcoholx.dll                    section is writeable [0x10001000, 0x152A2, 0xE0000020]

---- Devices - GMER 2.2 ----

Device    \FileSystem\Ntfs \Ntfs                                                    86FD91F8
Device    \Driver\usbuhci \Device\USBPDO-0                                          86B191F8
Device    \Driver\usbuhci \Device\USBPDO-1                                          86B191F8
Device    \Driver\usbuhci \Device\USBPDO-2                                          86B191F8
Device    \Driver\usbehci \Device\USBPDO-3                                          86B181F8
Device    \Driver\PCI_PNP6198 \Device\00000055                                      sptd.sys
Device    \Driver\Cdrom \Device\CdRom0                                              86A181F8
Device    \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                               [F761EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort0                                        [F761EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort1                                        [F761EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e                               [F761EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\NetBT \Device\NetBT_Tcpip_{3911E4E5-1DB5-4F8B-88EA-401934FFA1D0}  86B5A440
Device    \Driver\NetBT \Device\NetBt_Wins_Export                                   86B5A440
Device    \Driver\NetBT \Device\NetbiosSmb                                          86B5A440
Device    \Driver\usbuhci \Device\USBFDO-0                                          86B191F8
Device    \Driver\usbuhci \Device\USBFDO-1                                          86B191F8
Device    \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                         86B78440
Device    \Driver\usbuhci \Device\USBFDO-2                                          86B191F8
Device    \Driver\NetBT \Device\NetBT_Tcpip_{3C595B3A-61B4-4501-B952-0458B5E44BA4}  86B5A440
Device    \FileSystem\MRxSmb \Device\LanmanRedirector                               86B78440
Device    \Driver\usbehci \Device\USBFDO-3                                          86B181F8
Device    \Driver\aodu0ew9 \Device\Scsi\aodu0ew91                                   86D821F8
Device    \FileSystem\Cdfs \Cdfs                                                    86C2D440