Prosim o pomoc. AVG mi nachazi rootkit, kdyz ho odstranim, objevi se znovu. Zasilam zde vypisy z logu.
Rootkit Revealer bohuzel se pokazde pri ukladani logu zatuhne.
Blacklight
02/08/10 20:49:10 [Info]: BlackLight Engine 2.2.1092 initialized
02/08/10 20:49:10 [Info]: OS: 5.1 build 2600 (Service Pack 3)
02/08/10 20:49:10 [Note]: 7019 4
02/08/10 20:49:10 [Note]: 7005 0
02/08/10 20:49:26 [Note]: 7006 0
02/08/10 20:49:26 [Note]: 7011 512
02/08/10 20:49:26 [Note]: 7035 0
02/08/10 20:49:26 [Note]: 7026 0
02/08/10 20:49:27 [Note]: 7026 0
02/08/10 20:49:32 [Note]: FSRAW library version 1.7.1024
02/08/10 20:52:06 [Note]: 2000 1012
02/08/10 20:52:06 [Note]: 2000 1012
02/08/10 20:52:06 [Note]: 2000 1012
02/08/10 20:53:29 [Note]: 7007 0
Gmer
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-08 22:19:46
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\pgldqpoc.sys
---- System - GMER 1.0.15 ----
SSDT spwl.sys ZwCreateKey [0xF73D50E0]
SSDT spwl.sys ZwEnumerateKey [0xF73EDDA4]
SSDT spwl.sys ZwEnumerateValueKey [0xF73EE132]
SSDT spwl.sys ZwOpenKey [0xF73D50C0]
SSDT spwl.sys ZwQueryKey [0xF73EE20A]
SSDT spwl.sys ZwQueryValueKey [0xF73EE08A]
SSDT spwl.sys ZwSetValueKey [0xF73EE29C]
INT 0x62 ? 843E2BF8
INT 0x63 ? 83FE2BF8
INT 0x63 ? 83FE2BF8
INT 0x63 ? 83FE2BF8
INT 0x63 ? 83FE2BF8
INT 0x63 ? 83FE2BF8
INT 0x82 ? 843E2BF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 169 804E27C5 3 Bytes [DD, 3E, F7]
? spwl.sys Systém nemůže nalézt uvedený soubor. !
? RecAgent.sys Systém nemůže nalézt uvedený soubor. !
.text USBPORT.SYS!DllUnload F68BA8AC 5 Bytes JMP 83FE21D8
.text akyui6wl.SYS F63E8386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text akyui6wl.SYS F63E83AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text akyui6wl.SYS F63E83C4 3 Bytes [00, 80, 02]
.text akyui6wl.SYS F63E83C9 1 Byte [30]
.text akyui6wl.SYS F63E83C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
? C:\WINDOWS\system32\Drivers\RKREVEAL150.SYS Systém nemůže nalézt uvedený soubor. !
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 843785E0
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7400DDC] spwl.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7400E30] spwl.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73D6042] spwl.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73D613E] spwl.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73D60C0] spwl.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73D6800] spwl.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73D66D6] spwl.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 83FE22D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73E5B90] spwl.sys
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!swprintf] 001CBA86
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8986
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C8B
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!MmFreeMappingAddress] 96868801
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CB286
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!MmUnmapIoSpace] 88968B00
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IofCompleteRequest] 001CA496
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IofCallDriver] 001CC186
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] C286880C
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CC386
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!sprintf] 968D5140
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C98
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!ObfDereferenceObject] 22F6E852
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!ZwClose] 1CB48E8D
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 000022E4
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoCreateDevice] 00001CA0
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 22D2E850
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!ZwOpenKey] 1CBC968D
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoStartTimer] 000022C0
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoInitializeTimer] 001CC38E
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CC58688
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!ZwCreateKey] C6000000
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CC386
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C98
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2292E851
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoStartPacket] 538B0000
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CB4868D
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoFreeMdl] E8500000
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!MmUnlockPages] 00002280
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CC38E
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CC58688
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CC396
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!KeSetTimer] [F6317300] \SystemRoot\system32\DRIVERS\update.sys (Update Driver/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!_allmul] 74070647
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!_except_handler3] 05578A0B
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CC5
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!_aulldiv] 03087408
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!strstr] 72F93B3F
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!_strupr] 8A09EBDA
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CC5
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!KeTickCount] 88084B8A
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CC68E
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC886
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoAllocateIrp] 11E85000
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000022
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CC08E
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!MmLockPagableDataSection] C4968B00
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CCC8E
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!ExFreePoolWithTag] D0968900
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!InitSafeBootMode] D4C68150
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!PoCallDriver] 0021E7E8
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!memmove] 18C48300
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\akyui6wl.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 843E11F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{279134BF-046F-4237-AFB2-CB9B13759E00} 84128500
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\usbuhci \Device\USBPDO-0 841771F8
Device \Driver\usbuhci \Device\USBPDO-1 841771F8
Device \Driver\usbuhci \Device\USBPDO-2 841771F8
Device \Driver\usbehci \Device\USBPDO-3 83FD31F8
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\PCI_PNP9848 \Device\00000049 spwl.sys
Device \Driver\PCI_PNP9848 \Device\00000049 spwl.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{72B9D9DC-49D8-4C19-8AA0-88BC0612E808} 84128500
Device \Driver\USBSTOR \Device\00000070 840FF500
Device \Driver\Ftdisk \Device\HarddiskVolume1 843761F8
Device \Driver\Cdrom \Device\CdRom0 83FB91F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 843761F8
Device \Driver\Cdrom \Device\CdRom1 83FB91F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F734FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F734FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F734FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F734FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom2 83FB91F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 84128500
Device \Driver\NetBT \Device\NetbiosSmb 84128500
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\sptd \Device\4240934848 spwl.sys
Device \Driver\usbuhci \Device\USBFDO-0 841771F8
Device \Driver\usbuhci \Device\USBFDO-1 841771F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 83F7B500
Device \Driver\usbuhci \Device\USBFDO-2 841771F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 83F7B500
Device \Driver\USBSTOR \Device\0000006f 840FF500
Device \Driver\usbehci \Device\USBFDO-3 83FD31F8
Device \Driver\Ftdisk \Device\FtControl 843761F8
Device \Driver\akyui6wl \Device\Scsi\akyui6wl1Port2Path0Target0Lun0 8404A1F8
Device \Driver\akyui6wl \Device\Scsi\akyui6wl1 8404A1F8
Device \Driver\akyui6wl \Device\Scsi\akyui6wl1Port2Path0Target1Lun0 8404A1F8
Device \FileSystem\Cdfs \Cdfs 83F47500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC1 0x86 0x92 0x24 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB2 0x12 0x99 0xA5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA1 0x3C 0x09 0x7D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xA1 0x3C 0x09 0x7D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC1 0x86 0x92 0x24 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB2 0x12 0x99 0xA5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA1 0x3C 0x09 0x7D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xA1 0x3C 0x09 0x7D ...
---- EOF - GMER 1.0.15 ----
Icesword
Process:
System Idle Process
System
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\smss.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\drivers\STDSB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTTrayp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Kultura\IceSword122en\IceSword122en\IceSword.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\alg.exe
Kernel Module:
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
spij.sys
\WINDOWS\System32\Drivers\WMILIB.SYS
\WINDOWS\System32\Drivers\SCSIPORT.SYS
ACPI.sys
pci.sys
isapnp.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
viaidexp.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
videX32.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
uagp35.sys
viaagp1.sys
RecAgent.sys
Mup.sys
avgrkx86.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\vtmini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\ar5211.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\STDSB.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\ALCXWDM.SYS
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\SLDRV\slntamr.sys
\SystemRoot\system32\DRIVERS\SLDRV\SlWdmSup.sys
\SystemRoot\system32\DRIVERS\SLDRV\Mtlmnt5.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\fetnd5bv.sys
\SystemRoot\System32\Drivers\au42ugph.SYS
\SystemRoot\system32\DRIVERS\avgfwdx.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\avgtdix.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\avgmfx86.sys
\SystemRoot\System32\Drivers\avgldx86.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
Dekuji predem za pomoc.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
AVG mi nachazi rootkit, kdyz ho odstranim, objevi se znovu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Nightingale
- Návštěvník
- Příspěvky: 3
- Registrován: 21 kvě 2008 13:45
-
Nightingale
- Návštěvník
- Příspěvky: 3
- Registrován: 21 kvě 2008 13:45
Re: AVG mi nachazi rootkit, kdyz ho odstranim, objevi se znovu
Defogger
defogger_disable by jpshortstuff (29.01.10.1)
Log created at 15:23 on 09/02/2010 (Martin Leták)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Already disabled
-=E.O.F=-
Gmer
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-09 16:39:09
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\pgldqpoc.sys
---- Kernel code sections - GMER 1.0.15 ----
? RecAgent.sys Systém nemůže nalézt uvedený soubor. !
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC1 0x86 0x92 0x24 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC1 0x86 0x92 0x24 ...
---- EOF - GMER 1.0.15 ----
AVG tentokrat nic nenaslo.
defogger_disable by jpshortstuff (29.01.10.1)
Log created at 15:23 on 09/02/2010 (Martin Leták)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Already disabled
-=E.O.F=-
Gmer
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-09 16:39:09
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\pgldqpoc.sys
---- Kernel code sections - GMER 1.0.15 ----
? RecAgent.sys Systém nemůže nalézt uvedený soubor. !
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC1 0x86 0x92 0x24 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC1 0x86 0x92 0x24 ...
---- EOF - GMER 1.0.15 ----
AVG tentokrat nic nenaslo.
-
Nightingale
- Návštěvník
- Příspěvky: 3
- Registrován: 21 kvě 2008 13:45
Re: AVG mi nachazi rootkit, kdyz ho odstranim, objevi se znovu
No vida, to by me nenapadlo. Tak dekuju mockrat.
Přispějete na provoz fóra?