GMER 1.0.15.15315 - http://www.gmer.net Rootkit scan 2010-10-14 13:31:50 Windows 5.1.2600 Dodatek Service Pack. 1 Running: bg3xiy5y.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\pxtdapow.sys ---- System - GMER 1.0.15 ---- SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF2FBB620] ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!KeInitializeInterrupt + B67 804DA23C 1 Byte [06] .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 510 8050298C 4 Bytes [20, B6, FB, F2] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.) Device \Driver\Tcpip \Device\Ip avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.) Device \Driver\Tcpip \Device\Tcp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 YzIdiot.sys AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 ntoskrnl.exe (Jądro i system NT/Microsoft Corporation) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 YzIdiot.sys AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 ntoskrnl.exe (Jądro i system NT/Microsoft Corporation) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 YzIdiot.sys AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 ntoskrnl.exe (Jądro i system NT/Microsoft Corporation) Device \Driver\Tcpip \Device\Udp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.) Device \Driver\Tcpip \Device\RawIp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.) Device \Driver\Tcpip \Device\IPMULTICAST avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.) AttachedDevice \FileSystem\Fastfat \Fat avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.) ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 08: copy of MBR Disk \Device\Harddisk0\DR0 sector 11: copy of MBR Disk \Device\Harddisk0\DR0 sector 12: copy of MBR ---- EOF - GMER 1.0.15 ----