GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-08-09 22:25:24 Windows 5.1.2600 Dodatek Service Pack. 1 Running: z3wrz0st.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\pxtdapow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!KeInitializeInterrupt + B67 804DA23C 1 Byte [06] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\NOTEPAD.EXE[244] ntdll.dll!NtOpenKey 77F75E28 5 Bytes JMP 10003DEC .text C:\WINDOWS\system32\NOTEPAD.EXE[244] kernel32.dll!CreateProcessW 77E61B8E 5 Bytes JMP 10003C34 .text C:\WINDOWS\system32\NOTEPAD.EXE[244] kernel32.dll!ExitProcess 77E798FD 5 Bytes JMP 10003E70 .text C:\WINDOWS\system32\NOTEPAD.EXE[244] ws2_32.dll!WSARecv 71A519A0 5 Bytes JMP 100027F0 .text C:\WINDOWS\system32\NOTEPAD.EXE[244] ws2_32.dll!send 71A51AF4 5 Bytes JMP 1000325C .text C:\WINDOWS\system32\NOTEPAD.EXE[244] ws2_32.dll!connect 71A53E5D 5 Bytes JMP 10003AE8 .text C:\WINDOWS\system32\NOTEPAD.EXE[244] ws2_32.dll!recv 71A55690 5 Bytes JMP 10002784 .text C:\WINDOWS\system32\NOTEPAD.EXE[244] ws2_32.dll!WSASend 71A55722 5 Bytes JMP 10003A94 .text C:\WINDOWS\system32\winlogon.exe[380] ntdll.dll!NtOpenKey 77F75E28 5 Bytes JMP 10003DEC .text C:\WINDOWS\system32\winlogon.exe[380] kernel32.dll!CreateProcessW 77E61B8E 5 Bytes JMP 10003C34 .text C:\WINDOWS\system32\winlogon.exe[380] kernel32.dll!ExitProcess 77E798FD 5 Bytes JMP 10003E70 .text C:\WINDOWS\system32\winlogon.exe[380] WS2_32.dll!WSARecv 71A519A0 5 Bytes JMP 100027F0 .text C:\WINDOWS\system32\winlogon.exe[380] WS2_32.dll!send 71A51AF4 5 Bytes JMP 1000325C .text C:\WINDOWS\system32\winlogon.exe[380] WS2_32.dll!connect 71A53E5D 5 Bytes JMP 10003AE8 .text C:\WINDOWS\system32\winlogon.exe[380] WS2_32.dll!recv 71A55690 5 Bytes JMP 10002784 .text C:\WINDOWS\system32\winlogon.exe[380] WS2_32.dll!WSASend 71A55722 5 Bytes JMP 10003A94 .text C:\WINDOWS\system32\services.exe[428] ntdll.dll!NtOpenKey 77F75E28 5 Bytes JMP 10003DEC .text C:\WINDOWS\system32\services.exe[428] kernel32.dll!CreateProcessW 77E61B8E 5 Bytes JMP 10003C34 .text C:\WINDOWS\system32\services.exe[428] kernel32.dll!ExitProcess 77E798FD 5 Bytes JMP 10003E70 .text C:\WINDOWS\system32\services.exe[428] ws2_32.dll!WSARecv 71A519A0 5 Bytes JMP 100027F0 .text C:\WINDOWS\system32\services.exe[428] ws2_32.dll!send 71A51AF4 5 Bytes JMP 1000325C .text C:\WINDOWS\system32\services.exe[428] ws2_32.dll!connect 71A53E5D 5 Bytes JMP 10003AE8 .text C:\WINDOWS\system32\services.exe[428] ws2_32.dll!recv 71A55690 5 Bytes JMP 10002784 .text C:\WINDOWS\system32\services.exe[428] ws2_32.dll!WSASend 71A55722 5 Bytes JMP 10003A94 .text C:\WINDOWS\system32\lsass.exe[440] ntdll.dll!NtOpenKey 77F75E28 5 Bytes JMP 10003DEC .text C:\WINDOWS\system32\lsass.exe[440] kernel32.dll!CreateProcessW 77E61B8E 5 Bytes JMP 10003C34 .text C:\WINDOWS\system32\lsass.exe[440] kernel32.dll!ExitProcess 77E798FD 5 Bytes JMP 10003E70 .text C:\WINDOWS\system32\lsass.exe[440] WS2_32.dll!WSARecv 71A519A0 5 Bytes JMP 100027F0 .text C:\WINDOWS\system32\lsass.exe[440] WS2_32.dll!send 71A51AF4 5 Bytes JMP 1000325C .text C:\WINDOWS\system32\lsass.exe[440] WS2_32.dll!connect 71A53E5D 5 Bytes JMP 10003AE8 .text C:\WINDOWS\system32\lsass.exe[440] WS2_32.dll!recv 71A55690 5 Bytes JMP 10002784 .text C:\WINDOWS\system32\lsass.exe[440] WS2_32.dll!WSASend 71A55722 5 Bytes JMP 10003A94 .text C:\WINDOWS\system32\svchost.exe[620] ntdll.dll!NtOpenKey 77F75E28 5 Bytes JMP 10003DEC .text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!CreateProcessW 77E61B8E 5 Bytes JMP 10003C34 .text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!ExitProcess 77E798FD 5 Bytes JMP 10003E70 .text C:\WINDOWS\system32\svchost.exe[620] WS2_32.dll!WSARecv 71A519A0 5 Bytes JMP 100027F0 .text C:\WINDOWS\system32\svchost.exe[620] WS2_32.dll!send 71A51AF4 5 Bytes JMP 1000325C .text C:\WINDOWS\system32\svchost.exe[620] WS2_32.dll!connect 71A53E5D 5 Bytes JMP 10003AE8 .text C:\WINDOWS\system32\svchost.exe[620] WS2_32.dll!recv 71A55690 5 Bytes JMP 10002784 .text C:\WINDOWS\system32\svchost.exe[620] WS2_32.dll!WSASend 71A55722 5 Bytes JMP 10003A94 .text C:\WINDOWS\System32\svchost.exe[648] ntdll.dll!NtOpenKey 77F75E28 5 Bytes JMP 10003DEC .text C:\WINDOWS\System32\svchost.exe[648] kernel32.dll!CreateProcessW 77E61B8E 5 Bytes JMP 10003C34 .text C:\WINDOWS\System32\svchost.exe[648] kernel32.dll!ExitProcess 77E798FD 5 Bytes JMP 10003E70 .text C:\WINDOWS\System32\svchost.exe[648] ws2_32.dll!WSARecv 71A519A0 5 Bytes JMP 100027F0 .text C:\WINDOWS\System32\svchost.exe[648] ws2_32.dll!send 71A51AF4 5 Bytes JMP 1000325C .text C:\WINDOWS\System32\svchost.exe[648] ws2_32.dll!connect 71A53E5D 5 Bytes JMP 10003AE8 .text C:\WINDOWS\System32\svchost.exe[648] ws2_32.dll!recv 71A55690 5 Bytes JMP 10002784 .text C:\WINDOWS\System32\svchost.exe[648] ws2_32.dll!WSASend 71A55722 5 Bytes JMP 10003A94 .text C:\WINDOWS\System32\svchost.exe[720] ntdll.dll!NtOpenKey 77F75E28 5 Bytes JMP 10003DEC .text C:\WINDOWS\System32\svchost.exe[720] kernel32.dll!CreateProcessW 77E61B8E 5 Bytes JMP 10003C34 .text C:\WINDOWS\System32\svchost.exe[720] kernel32.dll!ExitProcess 77E798FD 5 Bytes JMP 10003E70 .text C:\WINDOWS\System32\svchost.exe[720] WS2_32.dll!WSARecv 71A519A0 5 Bytes JMP 100027F0 .text C:\WINDOWS\System32\svchost.exe[720] WS2_32.dll!send 71A51AF4 5 Bytes JMP 1000325C .text C:\WINDOWS\System32\svchost.exe[720] WS2_32.dll!connect 71A53E5D 5 Bytes JMP 10003AE8 .text C:\WINDOWS\System32\svchost.exe[720] WS2_32.dll!recv 71A55690 5 Bytes JMP 10002784 .text C:\WINDOWS\System32\svchost.exe[720] WS2_32.dll!WSASend 71A55722 5 Bytes JMP 10003A94 .text C:\WINDOWS\system32\svchost.exe[748] ntdll.dll!NtOpenKey 77F75E28 5 Bytes JMP 10003DEC .text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!CreateProcessW 77E61B8E 5 Bytes JMP 10003C34 .text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!ExitProcess 77E798FD 5 Bytes JMP 10003E70 .text C:\WINDOWS\system32\svchost.exe[748] ws2_32.dll!WSARecv 71A519A0 5 Bytes JMP 100027F0 .text C:\WINDOWS\system32\svchost.exe[748] ws2_32.dll!send 71A51AF4 5 Bytes JMP 1000325C .text C:\WINDOWS\system32\svchost.exe[748] ws2_32.dll!connect 71A53E5D 5 Bytes JMP 10003AE8 .text C:\WINDOWS\system32\svchost.exe[748] ws2_32.dll!recv 71A55690 5 Bytes JMP 10002784 .text C:\WINDOWS\system32\svchost.exe[748] ws2_32.dll!WSASend 71A55722 5 Bytes JMP 10003A94 .text C:\WINDOWS\system32\spoolsv.exe[876] ntdll.dll!NtOpenKey 77F75E28 5 Bytes JMP 10003DEC .text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!CreateProcessW 77E61B8E 5 Bytes JMP 10003C34 .text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!ExitProcess 77E798FD 5 Bytes JMP 10003E70 .text C:\WINDOWS\system32\spoolsv.exe[876] ws2_32.dll!WSARecv 71A519A0 5 Bytes JMP 100027F0 .text C:\WINDOWS\system32\spoolsv.exe[876] ws2_32.dll!send 71A51AF4 5 Bytes JMP 1000325C .text C:\WINDOWS\system32\spoolsv.exe[876] ws2_32.dll!connect 71A53E5D 5 Bytes JMP 10003AE8 .text C:\WINDOWS\system32\spoolsv.exe[876] ws2_32.dll!recv 71A55690 5 Bytes JMP 10002784 .text C:\WINDOWS\system32\spoolsv.exe[876] ws2_32.dll!WSASend 71A55722 5 Bytes JMP 10003A94 .text C:\WINDOWS\Explorer.EXE[1092] ntdll.dll!NtOpenKey 77F75E28 5 Bytes JMP 10003DEC .text C:\WINDOWS\Explorer.EXE[1092] kernel32.dll!CreateProcessW 77E61B8E 5 Bytes JMP 10003C34 .text C:\WINDOWS\Explorer.EXE[1092] kernel32.dll!ExitProcess 77E798FD 5 Bytes JMP 10003E70 .text C:\WINDOWS\Explorer.EXE[1092] ws2_32.dll!WSARecv 71A519A0 5 Bytes JMP 100027F0 .text C:\WINDOWS\Explorer.EXE[1092] ws2_32.dll!send 71A51AF4 5 Bytes JMP 1000325C .text C:\WINDOWS\Explorer.EXE[1092] ws2_32.dll!connect 71A53E5D 5 Bytes JMP 10003AE8 .text C:\WINDOWS\Explorer.EXE[1092] ws2_32.dll!recv 71A55690 5 Bytes JMP 10002784 .text C:\WINDOWS\Explorer.EXE[1092] ws2_32.dll!WSASend 71A55722 5 Bytes JMP 10003A94 .text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[1272] ntdll.dll!NtOpenKey 77F75E28 5 Bytes JMP 10003DEC .text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[1272] kernel32.dll!CreateProcessW 77E61B8E 5 Bytes JMP 10003C34 .text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[1272] kernel32.dll!ExitProcess 77E798FD 5 Bytes JMP 10003E70 .text C:\WINDOWS\System32\alg.exe[1348] ntdll.dll!NtOpenKey 77F75E28 5 Bytes JMP 10003DEC .text C:\WINDOWS\System32\alg.exe[1348] kernel32.dll!CreateProcessW 77E61B8E 5 Bytes JMP 10003C34 .text C:\WINDOWS\System32\alg.exe[1348] kernel32.dll!ExitProcess 77E798FD 5 Bytes JMP 10003E70 .text C:\WINDOWS\System32\alg.exe[1348] WS2_32.dll!WSARecv 71A519A0 5 Bytes JMP 100027F0 .text C:\WINDOWS\System32\alg.exe[1348] WS2_32.dll!send 71A51AF4 5 Bytes JMP 1000325C .text C:\WINDOWS\System32\alg.exe[1348] WS2_32.dll!connect 71A53E5D 5 Bytes JMP 10003AE8 .text C:\WINDOWS\System32\alg.exe[1348] WS2_32.dll!recv 71A55690 5 Bytes JMP 10002784 .text C:\WINDOWS\System32\alg.exe[1348] WS2_32.dll!WSASend 71A55722 5 Bytes JMP 10003A94 .text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1368] ntdll.dll!NtOpenKey 77F75E28 5 Bytes JMP 10003DEC .text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1368] kernel32.dll!CreateProcessW 77E61B8E 5 Bytes JMP 10003C34 .text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1368] kernel32.dll!ExitProcess 77E798FD 5 Bytes JMP 10003E70 .text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1368] ws2_32.dll!WSARecv 71A519A0 5 Bytes JMP 100027F0 .text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1368] ws2_32.dll!send 71A51AF4 5 Bytes JMP 1000325C .text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1368] ws2_32.dll!connect 71A53E5D 5 Bytes JMP 10003AE8 .text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1368] ws2_32.dll!recv 71A55690 5 Bytes JMP 10002784 .text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1368] ws2_32.dll!WSASend 71A55722 5 Bytes JMP 10003A94 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1436] ntdll.dll!NtOpenKey 77F75E28 5 Bytes JMP 10003DEC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1436] kernel32.dll!CreateProcessW 77E61B8E 5 Bytes JMP 10003C34 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1436] kernel32.dll!ExitProcess 77E798FD 5 Bytes JMP 10003E70 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1436] ws2_32.dll!WSARecv 71A519A0 5 Bytes JMP 100027F0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1436] ws2_32.dll!send 71A51AF4 5 Bytes JMP 1000325C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1436] ws2_32.dll!connect 71A53E5D 5 Bytes JMP 10003AE8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1436] ws2_32.dll!recv 71A55690 5 Bytes JMP 10002784 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1436] ws2_32.dll!WSASend 71A55722 5 Bytes JMP 10003A94 .text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1472] ntdll.dll!NtOpenKey 77F75E28 5 Bytes JMP 10003DEC .text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1472] kernel32.dll!CreateProcessW 77E61B8E 5 Bytes JMP 10003C34 .text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1472] kernel32.dll!ExitProcess 77E798FD 5 Bytes JMP 10003E70 .text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1472] WS2_32.dll!WSARecv 71A519A0 5 Bytes JMP 100027F0 .text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1472] WS2_32.dll!send 71A51AF4 5 Bytes JMP 1000325C .text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1472] WS2_32.dll!connect 71A53E5D 5 Bytes JMP 10003AE8 .text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1472] WS2_32.dll!recv 71A55690 5 Bytes JMP 10002784 .text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1472] WS2_32.dll!WSASend 71A55722 5 Bytes JMP 10003A94 .text C:\Program Files\Common Files\GoldenSoft\ChannelRg.exe[1504] ntdll.dll!NtOpenKey 77F75E28 5 Bytes JMP 10003DEC .text C:\Program Files\Common Files\GoldenSoft\ChannelRg.exe[1504] kernel32.dll!CreateProcessW 77E61B8E 5 Bytes JMP 10003C34 .text C:\Program Files\Common Files\GoldenSoft\ChannelRg.exe[1504] kernel32.dll!ExitProcess 77E798FD 5 Bytes JMP 10003E70 .text C:\Program Files\Common Files\GoldenSoft\ChannelRg.exe[1504] ws2_32.dll!WSARecv 71A519A0 5 Bytes JMP 100027F0 .text C:\Program Files\Common Files\GoldenSoft\ChannelRg.exe[1504] ws2_32.dll!send 71A51AF4 5 Bytes JMP 1000325C .text C:\Program Files\Common Files\GoldenSoft\ChannelRg.exe[1504] ws2_32.dll!connect 71A53E5D 5 Bytes JMP 10003AE8 .text C:\Program Files\Common Files\GoldenSoft\ChannelRg.exe[1504] ws2_32.dll!recv 71A55690 5 Bytes JMP 10002784 .text C:\Program Files\Common Files\GoldenSoft\ChannelRg.exe[1504] ws2_32.dll!WSASend 71A55722 5 Bytes JMP 10003A94 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[1552] ntdll.dll!NtOpenKey 77F75E28 5 Bytes JMP 10003DEC .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[1552] kernel32.dll!CreateProcessW 77E61B8E 5 Bytes JMP 10003C34 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[1552] kernel32.dll!ExitProcess 77E798FD 5 Bytes JMP 10003E70 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[1552] ws2_32.dll!WSARecv 71A519A0 5 Bytes JMP 100027F0 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[1552] ws2_32.dll!send 71A51AF4 5 Bytes JMP 1000325C .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[1552] ws2_32.dll!connect 71A53E5D 5 Bytes JMP 10003AE8 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[1552] ws2_32.dll!recv 71A55690 5 Bytes JMP 10002784 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[1552] ws2_32.dll!WSASend 71A55722 5 Bytes JMP 10003A94 .text C:\Program Files\Java\jre6\bin\jqs.exe[1612] ntdll.dll!NtOpenKey 77F75E28 5 Bytes JMP 10003DEC .text C:\Program Files\Java\jre6\bin\jqs.exe[1612] kernel32.dll!CreateProcessW 77E61B8E 5 Bytes JMP 10003C34 .text C:\Program Files\Java\jre6\bin\jqs.exe[1612] kernel32.dll!ExitProcess 77E798FD 5 Bytes JMP 10003E70 .text C:\Program Files\Java\jre6\bin\jqs.exe[1612] WS2_32.dll!WSARecv 71A519A0 5 Bytes JMP 100027F0 .text C:\Program Files\Java\jre6\bin\jqs.exe[1612] WS2_32.dll!send 71A51AF4 5 Bytes JMP 1000325C .text C:\Program Files\Java\jre6\bin\jqs.exe[1612] WS2_32.dll!connect 71A53E5D 5 Bytes JMP 10003AE8 .text C:\Program Files\Java\jre6\bin\jqs.exe[1612] WS2_32.dll!recv 71A55690 5 Bytes JMP 10002784 .text C:\Program Files\Java\jre6\bin\jqs.exe[1612] WS2_32.dll!WSASend 71A55722 5 Bytes JMP 10003A94 .text C:\Program Files\Google\Update\GoogleUpdate.exe[1616] ntdll.dll!NtOpenKey 77F75E28 5 Bytes JMP 10003DEC .text C:\Program Files\Google\Update\GoogleUpdate.exe[1616] kernel32.dll!CreateProcessW 77E61B8E 5 Bytes JMP 10003C34 .text C:\Program Files\Google\Update\GoogleUpdate.exe[1616] kernel32.dll!ExitProcess 77E798FD 5 Bytes JMP 10003E70 .text C:\Program Files\Google\Update\GoogleUpdate.exe[1616] ws2_32.dll!WSARecv 71A519A0 5 Bytes JMP 100027F0 .text C:\Program Files\Google\Update\GoogleUpdate.exe[1616] ws2_32.dll!send 71A51AF4 5 Bytes JMP 1000325C .text C:\Program Files\Google\Update\GoogleUpdate.exe[1616] ws2_32.dll!connect 71A53E5D 5 Bytes JMP 10003AE8 .text C:\Program Files\Google\Update\GoogleUpdate.exe[1616] ws2_32.dll!recv 71A55690 5 Bytes JMP 10002784 .text C:\Program Files\Google\Update\GoogleUpdate.exe[1616] ws2_32.dll!WSASend 71A55722 5 Bytes JMP 10003A94 .text C:\Program Files\totalcmd\TOTALCMD.EXE[1744] ntdll.dll!NtOpenKey 77F75E28 5 Bytes JMP 10003DEC .text C:\Program Files\totalcmd\TOTALCMD.EXE[1744] kernel32.dll!CreateProcessW 77E61B8E 5 Bytes JMP 10003C34 .text C:\Program Files\totalcmd\TOTALCMD.EXE[1744] kernel32.dll!ExitProcess 77E798FD 5 Bytes JMP 10003E70 .text C:\Program Files\totalcmd\TOTALCMD.EXE[1744] ws2_32.dll!WSARecv 71A519A0 5 Bytes JMP 100027F0 .text C:\Program Files\totalcmd\TOTALCMD.EXE[1744] ws2_32.dll!send 71A51AF4 5 Bytes JMP 1000325C .text C:\Program Files\totalcmd\TOTALCMD.EXE[1744] ws2_32.dll!connect 71A53E5D 5 Bytes JMP 10003AE8 .text C:\Program Files\totalcmd\TOTALCMD.EXE[1744] ws2_32.dll!recv 71A55690 5 Bytes JMP 10002784 .text C:\Program Files\totalcmd\TOTALCMD.EXE[1744] ws2_32.dll!WSASend 71A55722 5 Bytes JMP 10003A94 .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1792] ntdll.dll!NtOpenKey 77F75E28 5 Bytes JMP 10003DEC .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1792] kernel32.dll!CreateProcessW 77E61B8E 5 Bytes JMP 10003C34 .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1792] kernel32.dll!ExitProcess 77E798FD 5 Bytes JMP 10003E70 .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1792] ws2_32.dll!WSARecv 71A519A0 5 Bytes JMP 100027F0 .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1792] ws2_32.dll!send 71A51AF4 5 Bytes JMP 1000325C .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1792] ws2_32.dll!connect 71A53E5D 5 Bytes JMP 10003AE8 .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1792] ws2_32.dll!recv 71A55690 5 Bytes JMP 10002784 .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1792] ws2_32.dll!WSASend 71A55722 5 Bytes JMP 10003A94 ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.) Device \Driver\Tcpip \Device\Ip avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.) Device \Driver\Tcpip \Device\Tcp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 YzIdiot.sys AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 ntoskrnl.exe (Jądro i system NT/Microsoft Corporation) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 YzIdiot.sys AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 ntoskrnl.exe (Jądro i system NT/Microsoft Corporation) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 YzIdiot.sys AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 ntoskrnl.exe (Jądro i system NT/Microsoft Corporation) Device \Driver\Tcpip \Device\Udp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.) Device \Driver\Tcpip \Device\RawIp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.) Device \Driver\Tcpip \Device\IPMULTICAST avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.) AttachedDevice \FileSystem\Fastfat \Fat avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.) ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 08: copy of MBR Disk \Device\Harddisk0\DR0 sector 11: copy of MBR Disk \Device\Harddisk0\DR0 sector 12: copy of MBR ---- EOF - GMER 1.0.15 ----