GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-07-17 00:42:50 Windows 5.1.2600 Dodatek Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HDT722525DLA380 rev.V44OA9BA 232.89GB Running: nsbvtx9u.exe; Driver: C:\DOCUME~1\Tadeusz\USTAWI~1\Temp\kwniypow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF436F610] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xF43700E6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF43B3B36] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF437BF18] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF437BF64] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF437C0FE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF43B34EA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF437BE86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF437BFA8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF437BECE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xF43705E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF437C0B8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xF4370E9C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF436F676] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF43B41FC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF43B44B2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF4374596] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF43B4067] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF43B3ED2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF436F25E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF436F6DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF437498C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF437192C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF437BF42] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF437BF86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF437C122] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF43B3846] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF437BEAC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF4373E78] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF437C036] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF437BEF6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF437426E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF437C0DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF43B3D4D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF43717F8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF43B3B9F] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xF437134E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF4430744] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF43B2B30] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF436F742] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF436F7A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xF4370D16] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF436F2F8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF436F4CE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF43B4303] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF436F45C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xF4371066] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xF43711C8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF436F556] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xF4370B54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xF4370CF6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF436F80E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xF4370142] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF443CE00] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2C3C 80503A10 4 Bytes JMP D8F43B34 .text ntkrnlpa.exe!ZwCallbackReturn + 2EE4 80503CB8 12 Bytes [42, F7, 36, F4, A8, F7, 36, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2F8C 80503D60 12 Bytes [66, 10, 37, F4, C8, 11, 37, ...] {ADC [EDI], DH; HLT ; ENTER 0x3711, 0xf4; PUSH ESI; CMC ; HLT } PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A4F7E 4 Bytes CALL F4371FD9 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BAF9A 5 Bytes JMP F4439C9A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805C18D0 5 Bytes JMP F443B7B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805CFA2E 7 Bytes JMP F443CE04 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF6AB2360, 0x24BB1D, 0xE8000020] init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xF6847A80] .text win32k.sys!EngFreeUserMem + 674 BF809B45 5 Bytes JMP F4376284 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 35D0 BF80CAA1 5 Bytes JMP F4376162 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF80FBC0 5 Bytes JMP F4376116 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11F0 BF81C962 5 Bytes JMP F43756EC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPaint + 4EF BF8255ED 5 Bytes JMP F4374D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 1E5F BF8341A1 5 Bytes JMP F43763FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 237D BF8346BF 5 Bytes JMP F437600A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 4564 BF8368A6 5 Bytes JMP F4376614 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + EE3F BF841181 5 Bytes JMP F4374DF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!FONTOBJ_pxoGetXform + DE42 BF85AD4E 5 Bytes JMP F4374BF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMulDiv + B5F2 BF8670A0 5 Bytes JMP F43756CE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 3474 BF87111B 5 Bytes JMP F437522C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 34FF BF8711A6 5 Bytes JMP F4375508 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBlt + 35C1 BF87593B 5 Bytes JMP F43761B2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 35FB BF894195 5 Bytes JMP F43752F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 411E BF894CB8 5 Bytes JMP F43754C2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetLastError + 1606 BF8B1EF6 5 Bytes JMP F43757E2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 3AA1 BF8B6854 5 Bytes JMP F437633C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 33F7 BF8BA1A0 5 Bytes JMP F43757C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 34B7 BF8BA260 5 Bytes JMP F4374AD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 8A22 BF8BF7CB 5 Bytes JMP F437656C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAlphaBlend + 3E8 BF8C333C 5 Bytes JMP F4374F24 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1517 BF8EB97D 5 Bytes JMP F4375008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1797 BF8EBBFD 5 Bytes JMP F4375150 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + B223 BF8F5689 5 Bytes JMP F437570A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8F9A43 5 Bytes JMP F43749C2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 19C1 BF913245 5 Bytes JMP F4374CDC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1C6D BF9134F1 5 Bytes JMP F437588C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2595 BF913E19 5 Bytes JMP F4374EBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4EF4 BF916778 5 Bytes JMP F4375628 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 18EC BF94468A 5 Bytes JMP F43764BE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\Explorer.EXE[232] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[232] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[280] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[280] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[312] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[312] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[316] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[316] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\Vidalia Bundle\Tor\tor.exe[360] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\Vidalia Bundle\Tor\tor.exe[360] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\System32\nvsvc32.exe[376] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\System32\nvsvc32.exe[376] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\vVX1000.exe[468] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\vVX1000.exe[468] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[472] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[472] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\etMon.exe[496] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\etMon.exe[496] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[508] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[508] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[512] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[512] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[608] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[776] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[776] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[824] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[824] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[828] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[828] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[852] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[852] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[896] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\system32\services.exe[896] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[908] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1128] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1168] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1288] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1316] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Documents and Settings\Tadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[1336] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Documents and Settings\Tadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[1336] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1532] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1532] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1716] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1716] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1760] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1760] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1828] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2204] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2204] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Documents and Settings\Tadeusz\Pulpit\nsbvtx9u.exe[2236] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Documents and Settings\Tadeusz\Pulpit\nsbvtx9u.exe[2236] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2364] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2364] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\SAGEM WiFi manager\WLANUTL.exe[2512] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\SAGEM WiFi manager\WLANUTL.exe[2512] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2936] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2936] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[3408] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[3408] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[3672] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0171EEB0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3672] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[3672] kernel32.dll!lstrlenW + 43 7C809A5C 7 Bytes JMP 01D2979B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3672] kernel32.dll!MapViewOfFileEx + 6A 7C80B910 7 Bytes JMP 01D29778 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3672] kernel32.dll!ValidateLocale + AFA8 7C8447E8 7 Bytes JMP 01724CE9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3672] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[3672] GDI32.dll!SetDIBitsToDevice + 20D 77F19A9C 7 Bytes JMP 01D296F9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3876] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3876] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3876] USER32.dll!SetPropW + 11B 77D3DECE 7 Bytes JMP 1099D8D4 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3876] USER32.dll!SetWindowLongA + 19 77D3DEEC 7 Bytes JMP 1099D863 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3876] USER32.dll!GetWindowInfo 77D3F122 5 Bytes JMP 107F2A67 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3876] USER32.dll!GetMenuContextHelpId + 1A 77D84F11 7 Bytes JMP 107F306A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Common Files\Teleca Shared\Generic.exe[3940] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\Common Files\Teleca Shared\Generic.exe[3940] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[472] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C90790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\WINDOWS\system32\services.exe[896] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[896] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1532] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C90790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 2.1 ---- Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.url@ {FBF23B40-E3F0-101B-8488-00AA003E56F8} Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.url@DisableProcessIsolation 1 ---- EOF - GMER 2.1 ----