GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-09-11 10:02:19 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS541040G9AT00 rev.MB2IA60A Running: xh2tdx5m.exe; Driver: C:\DOCUME~1\jj\USTAWI~1\Temp\kftdakoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF262D536] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF26D67BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xF262DF52] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF266DC31] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF2638D7A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF2638DC6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF2638F48] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF266D5E5] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF2638CE8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF2638E0A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF2638D30] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xF262E146] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF2638F02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xF262E8CA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF262D584] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF266E2F7] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF266E5AD] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF2631F36] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF266E162] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF266DFCD] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF26D689E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF262D1EC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF262D5D2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF26322A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF262F292] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF2638DA4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF2638DE8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF2638F6C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF266D941] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF2638D0E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF2631AAC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF2638E8C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF2638D58] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF2631CDE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF2638F26] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF26D6A1E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF266DE48] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF262F15E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF266DC9A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xF262ED08] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF26E2338] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF266CC58] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF262D620] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF262D66E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xF262E74A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF262D276] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF262D426] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF266E3FE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF262D3CC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xF262EA2C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xF262EB88] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF262D496] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xF262E468] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xF262E5CA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF262D6BC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xF262DF96] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2428 80501C38 4 Bytes [E8, 8C, 63, F2] .text ntkrnlpa.exe!ZwCallbackReturn + 2460 80501C70 4 Bytes [CA, E8, 62, F2] .text ntkrnlpa.exe!ZwCallbackReturn + 26C8 80501ED8 12 Bytes [20, D6, 62, F2, 6E, D6, 62, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2770 80501F80 12 Bytes JMP EB88F262 PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059B8D6 4 Bytes CALL F262F943 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\Explorer.EXE[232] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[232] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[284] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[284] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[920] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[948] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[948] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[992] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[992] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1004] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1004] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\ibmpmsvc.exe[1156] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ibmpmsvc.exe[1156] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1188] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1188] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\sm56hlpr.exe[1240] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\sm56hlpr.exe[1240] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1324] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe[1348] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe[1348] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1356] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1356] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Google\Update\GoogleUpdate.exe[1360] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Update\GoogleUpdate.exe[1360] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe[1380] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe[1380] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\TpShocks.exe[1408] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\TpShocks.exe[1408] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\iTunes\iTunesHelper.exe[1468] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\iTunes\iTunesHelper.exe[1468] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1528] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1528] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[1556] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[1556] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Lenovo\Zoom\TpScrex.exe[1560] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Lenovo\Zoom\TpScrex.exe[1560] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1584] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1624] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1624] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[1652] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[1652] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[1716] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[1716] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[1716] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Mozilla Firefox\firefox.exe[1716] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[1716] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 006F1014 .text C:\Program Files\Mozilla Firefox\firefox.exe[1716] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 006F0804 .text C:\Program Files\Mozilla Firefox\firefox.exe[1716] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 006F0A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[1716] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 006F0C0C .text C:\Program Files\Mozilla Firefox\firefox.exe[1716] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 006F0E10 .text C:\Program Files\Mozilla Firefox\firefox.exe[1716] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 006F01F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[1716] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 006F03FC .text C:\Program Files\Mozilla Firefox\firefox.exe[1716] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 006F0600 .text C:\Program Files\Mozilla Firefox\firefox.exe[1716] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00700804 .text C:\Program Files\Mozilla Firefox\firefox.exe[1716] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00700A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[1716] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00700600 .text C:\Program Files\Mozilla Firefox\firefox.exe[1716] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 007001F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[1716] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 007003FC .text C:\WINDOWS\system32\ctfmon.exe[1772] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[1772] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1968] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1968] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1968] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\jj\Pulpit\Ukash\xh2tdx5m.exe[2044] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\jj\Pulpit\Ukash\xh2tdx5m.exe[2044] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2204] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2204] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2460] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2460] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[2544] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[2544] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2588] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[2608] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[2608] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[2692] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[2692] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2804] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2804] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\TPHDEXLG.exe[2852] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\TPHDEXLG.exe[2852] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\iPod\bin\iPodService.exe[3296] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\iPod\bin\iPodService.exe[3296] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3520] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3520] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3836] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3836] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[992] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[992] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[1652] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1968] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) ---- EOF - GMER 1.0.15 ----