GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-10-14 23:16:02 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\0000005d SAMSUNG_HD251HJ rev.1AC01113 232,89GB Running: guszwbdo.exe; Driver: C:\DOCUME~1\ANNA\USTAWI~1\Temp\fgnyrpow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0xBA4B15D0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0xBA4B1700] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0xBA4B1010] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0xBA4B1300] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0xBA4B13E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0xBA4B1120] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0xBA4B1210] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0xBA4B14D0] ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9694000, 0x1A51FA, 0xE8000020] ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Classes\Microsoft.PowerShellScript.1\shell\Uruchom za pomocą programu PowerShell Reg HKLM\SOFTWARE\Classes\Microsoft.PowerShellScript.1\shell\Uruchom za pomocą programu PowerShell\command Reg HKLM\SOFTWARE\Classes\Microsoft.PowerShellScript.1\shell\Uruchom za pomocą programu PowerShell\command@ "C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe" "-file" "%1" ---- EOF - GMER 2.1 ----