GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-04-30 19:12:16 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 0,00MB Running: gmer.exe; Driver: C:\DOCUME~1\AMP\USTAWI~1\Temp\pxtdypog.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0xBA4596E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0xBA459800] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0xBA459010] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0xBA4594D0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0xBA459300] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0xBA4593E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0xBA459120] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0xBA459210] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0xBA4595E0] INT 0x63 ? 8ADCBCB8 INT 0x63 ? 8ADCBCB8 INT 0x63 ? 8ADCBCB8 INT 0x63 ? 8ADCBCB8 INT 0x63 ? 8ADCBCB8 INT 0x73 ? 8AC20CB8 INT 0x94 ? 8AC20CB8 INT 0x94 ? 8AC20CB8 INT 0x94 ? 8AC20CB8 INT 0x94 ? 8AC20CB8 INT 0x94 ? 8AC20CB8 INT 0xA4 ? 8AC20CB8 INT 0xB4 ? 8AC20CB8 ---- Kernel code sections - GMER 2.1 ---- .sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xB9F82FEE] ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 8ADCA1F8 AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{DBC10D13-2A22-40FD-93CD-4AD4951C472A} 89BB01F8 Device \Driver\usbehci \Device\USBPDO-0 8AC111F8 Device \Driver\usbuhci \Device\USBPDO-1 8AB631F8 Device \Driver\usbuhci \Device\USBPDO-2 8AB631F8 Device \Driver\usbuhci \Device\USBPDO-3 8AB631F8 Device \Driver\usbuhci \Device\USBPDO-4 8AB631F8 AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys Device \Driver\usbuhci \Device\USBPDO-5 8AB631F8 Device \Driver\usbuhci \Device\USBPDO-6 8AB631F8 Device \Driver\usbehci \Device\USBPDO-7 8AC111F8 Device \Driver\Cdrom \Device\CdRom0 8ABD51F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9E40B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 [B9E40B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B9E40B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [B9E40B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [B9E40B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B9E40B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBt_Wins_Export 89BB01F8 Device \Driver\usbstor \Device\00000083 89C64440 Device \Driver\usbstor \Device\00000085 89C64440 Device \Driver\NetBT \Device\NetbiosSmb 89BB01F8 AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys Device \Driver\usbuhci \Device\USBFDO-0 8AB631F8 Device \Driver\usbuhci \Device\USBFDO-1 8AB631F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8AAEE440 Device \Driver\usbuhci \Device\USBFDO-2 8AB631F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8AAEE440 Device \Driver\usbehci \Device\USBFDO-3 8AC111F8 Device \Driver\usbuhci \Device\USBFDO-4 8AB631F8 Device \Driver\usbuhci \Device\USBFDO-5 8AB631F8 Device \Driver\usbuhci \Device\USBFDO-6 8AB631F8 Device \Driver\usbehci \Device\USBFDO-7 8AC111F8 Device \FileSystem\Cdfs \Cdfs 8AC32440 ---- Registry - GMER 2.1 ---- Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AAAF95D1-E931-E0AE-7F91-193F46ACB748} ---- Files - GMER 2.1 ---- File C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 930 bytes File C:\WINDOWS\Tasks\desktop.ini 65 bytes File C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 1032 bytes File C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 1036 bytes File C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job 212 bytes File C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 218 bytes File C:\WINDOWS\Tasks\ROC_REG_JAN_DELETE.job 370 bytes File C:\WINDOWS\Tasks\SA.DAT 0 bytes ---- EOF - GMER 2.1 ----