GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-07-09 17:08:36 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Scsi\viamraid2Port3Path0Target0Lun0 ST316082 rev.3.42 149,05GB Running: ogsydww3.exe; Driver: C:\DOCUME~1\Kamil\USTAWI~1\Temp\pxtdqpow.sys ---- System - GMER 2.2 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0xB11D36F0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0xB11D3820] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0xB11D3010] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0xB11D34E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0xB11D3300] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0xB11D33F0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0xB11D3120] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0xB11D3210] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0xB11D35F0] INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys B66B416D INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys B66B3FC2 ---- Kernel code sections - GMER 2.2 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6EF83C0, 0x7FDE3A, 0xE8000020] .text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xAE437400, 0x87EE2, 0xE8000020] .protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xAE4DB620] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xAE4DB620] .protect˙˙˙˙hardlockunknown last code section [0xAE4DB400, 0x5126, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xAE4DB400, 0x5126, 0xE0000020] ---- User code sections - GMER 2.2 ---- .text C:\Program Files\CCleaner\CCleaner.exe[2016] USER32.dll!SetScrollInfo 7E369056 5 Bytes JMP 00506FAE C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2016] USER32.dll!GetScrollInfo 7E37DFE2 5 Bytes JMP 00506EF8 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2016] USER32.dll!ShowScrollBar 7E37F2F2 5 Bytes JMP 00506F31 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2016] USER32.dll!GetScrollPos 7E37F704 5 Bytes JMP 00506ECD C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2016] USER32.dll!SetScrollPos 7E37F750 5 Bytes JMP 00506E64 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2016] USER32.dll!GetScrollRange 7E37F787 5 Bytes JMP 00506E8F C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2016] USER32.dll!SetScrollRange 7E37F99B 5 Bytes JMP 00506F71 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2016] USER32.dll!EnableScrollBar 7E3B8005 5 Bytes JMP 00506FE8 C:\Program Files\CCleaner\CCleaner.exe ---- Devices - GMER 2.2 ---- AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{6752FC50-4813-4DBC-9AF6-BB9495D0DCDC}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{75992378-8188-4B12-8D4C-D019B69B3ABB}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{F2332008-9706-41A9-B7E2-82DFF56F9A6E}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x22 0x83 0x5A 0x98 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Control\Video\{6752FC50-4813-4DBC-9AF6-BB9495D0DCDC}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet002\Control\Video\{75992378-8188-4B12-8D4C-D019B69B3ABB}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet002\Control\Video\{F2332008-9706-41A9-B7E2-82DFF56F9A6E}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x22 0x83 0x5A 0x98 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ ---- EOF - GMER 2.2 ----