GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-09-19 13:55:35 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST2000DM001-1CH164 rev.CC43 1863,02GB Running: i3dxstcx.exe; Driver: C:\Users\pc\AppData\Local\Temp\uglcraoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\System32\svchost.exe[820] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1032] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740ef8d 1 byte [62] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1812] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000772da2fd 1 byte [62] .text C:\Program Files (x86)\Mega Browse\updateMegaBrowse.exe[2476] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000772da2fd 1 byte [62] .text C:\Program Files (x86)\Mega Browse\bin\utilMegaBrowse.exe[2544] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000772da2fd 1 byte [62] .text C:\Program Files (x86)\Mega Browse\bin\utilMegaBrowse.exe[2544] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076b01465 2 bytes [B0, 76] .text C:\Program Files (x86)\Mega Browse\bin\utilMegaBrowse.exe[2544] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076b014bb 2 bytes [B0, 76] .text ... * 2 .text C:\Windows\system32\taskhost.exe[3828] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740ef8d 1 byte [62] .text C:\Windows\Explorer.EXE[3916] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740ef8d 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4508] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000772da2fd 1 byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4800] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740ef8d 1 byte [62] .text C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe[2456] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000772da2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2064] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000772b8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2064] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000772da2fd 1 byte [62] .text C:\Windows\System32\svchost.exe[5816] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740ef8d 1 byte [62] .text C:\Program Files (x86)\Mega Browse\bin\MegaBrowse.BrowserAdapter.exe[7220] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000772da2fd 1 byte [62] .text C:\Program Files (x86)\Mega Browse\bin\MegaBrowse.BrowserAdapter.exe[7220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b01465 2 bytes [B0, 76] .text C:\Program Files (x86)\Mega Browse\bin\MegaBrowse.BrowserAdapter.exe[7220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b014bb 2 bytes [B0, 76] .text ... * 2 .text C:\Program Files (x86)\Mega Browse\bin\MegaBrowse.BrowserAdapter64.exe[7252] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740ef8d 1 byte [62] .text C:\Users\pc\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe[6396] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000772da2fd 1 byte [62] .text C:\Users\pc\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe[6396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b01465 2 bytes [B0, 76] .text C:\Users\pc\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe[6396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b014bb 2 bytes [B0, 76] .text ... * 2 .text C:\Users\pc\Desktop\do naprawy systemu\GMER\i3dxstcx.exe[3296] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000772da2fd 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [820:2288] 000007fef78120c0 Thread C:\Windows\System32\svchost.exe [820:2304] 000007fef78126a8 Thread C:\Windows\System32\svchost.exe [820:2468] 000007fef77d14a0 Thread C:\Windows\System32\svchost.exe [820:3128] 000007fef6c7a2b0 Thread C:\Windows\System32\svchost.exe [820:4904] 000007feeb683efc Thread C:\Windows\System32\svchost.exe [820:5584] 000007feeb6c8a4c Thread C:\Windows\System32\svchost.exe [820:1236] 000007fef86d88f8 Thread C:\Windows\System32\svchost.exe [820:248] 000007fef78129dc Thread C:\Windows\system32\svchost.exe [1032:7648] 000007fefab61ab0 Thread C:\Windows\system32\svchost.exe [1032:7656] 000007fefb384164 Thread C:\Windows\System32\spoolsv.exe [1584:2068] 000007fef8f210c8 Thread C:\Windows\System32\spoolsv.exe [1584:2072] 000007fef8ee6144 Thread C:\Windows\System32\spoolsv.exe [1584:2076] 000007fef8cd5fd0 Thread C:\Windows\System32\spoolsv.exe [1584:2080] 000007fef8cc3438 Thread C:\Windows\System32\spoolsv.exe [1584:2084] 000007fef8cd63ec Thread C:\Windows\System32\spoolsv.exe [1584:2092] 000007fef8fc5e5c Thread C:\Windows\System32\spoolsv.exe [1584:2096] 000007fef8ff5074 Thread C:\Windows\system32\svchost.exe [2420:1996] 000007fef84544e0 Thread C:\Windows\System32\WUDFHost.exe [3140:3188] 000007fef6bf24a0 Thread C:\Windows\Explorer.EXE [3916:4752] 000007fefbf16204 Thread C:\Windows\Explorer.EXE [3916:2248] 000007fef0d52118 Thread C:\Windows\Explorer.EXE [3916:5072] 000007fef0a22154 Thread C:\Windows\Explorer.EXE [3916:464] 000007feecf52f9c Thread C:\Windows\Explorer.EXE [3916:4332] 000007fef8711010 Thread C:\Windows\sysWOW64\wbem\wmiprvse.exe [3224:2856] 0000000069ff1070 ---- Processes - GMER 2.1 ---- Library C:\Users\pc\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\sqlite.dll (*** suspicious ***) @ C:\Users\pc\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe [6396](2014-09-19 10:24:56) 0000000060900000 ---- Files - GMER 2.1 ---- File C:\avast! sandbox 0 bytes File C:\avast! sandbox\S-1-5-21-1814759783-3317407556-1525104232-1000 0 bytes File C:\avast! sandbox\S-1-5-21-1814759783-3317407556-1525104232-1000\r266 0 bytes File C:\avast! sandbox\S-1-5-21-1814759783-3317407556-1525104232-1000\r266\_uninstall13336_{ed2a86ef-6f1d-11e3-8002-82e4cc683822} 0 bytes File C:\avast! sandbox\S-1-5-21-1814759783-3317407556-1525104232-1000\r266\_uninstall13336_{ed2a86ef-6f1d-11e3-8002-82e4cc683822}\C 0 bytes File C:\avast! sandbox\S-1-5-21-1814759783-3317407556-1525104232-1000\r266\_uninstall13336_{ed2a86ef-6f1d-11e3-8002-82e4cc683822}\C\Users 0 bytes File C:\avast! sandbox\S-1-5-21-1814759783-3317407556-1525104232-1000\r266\_uninstall13336_{ed2a86ef-6f1d-11e3-8002-82e4cc683822}\C\Users\pc 0 bytes File C:\avast! sandbox\S-1-5-21-1814759783-3317407556-1525104232-1000\r266\_uninstall13336_{ed2a86ef-6f1d-11e3-8002-82e4cc683822}\C\Users\pc\AppData 0 bytes File C:\avast! sandbox\S-1-5-21-1814759783-3317407556-1525104232-1000\r266\_uninstall13336_{ed2a86ef-6f1d-11e3-8002-82e4cc683822}\C\Users\pc\AppData\Local 0 bytes File C:\avast! sandbox\S-1-5-21-1814759783-3317407556-1525104232-1000\r266\_uninstall13336_{ed2a86ef-6f1d-11e3-8002-82e4cc683822}\C\Users\pc\AppData\Local\Temp 0 bytes File C:\avast! sandbox\S-1-5-21-1814759783-3317407556-1525104232-1000\r266\_uninstall13336_{ed2a86ef-6f1d-11e3-8002-82e4cc683822}\C\Users\pc\AppData\Local\Temp\.bitrock 0 bytes File C:\avast! sandbox\S-1-5-21-1814759783-3317407556-1525104232-1000\r266\_uninstall13336_{ed2a86ef-6f1d-11e3-8002-82e4cc683822}\C\Users\pc\AppData\Local\Temp\.bitrock\.tmp_9772_5528044 0 bytes File C:\avast! sandbox\S-1-5-21-1814759783-3317407556-1525104232-1000\r266\_uninstall13336_{ed2a86ef-6f1d-11e3-8002-82e4cc683822}\C\Users\pc\AppData\Local\Temp\.bitrock\.tmp_9772_5528044\file-16px.png 495 bytes File C:\avast! sandbox\S-1-5-21-1814759783-3317407556-1525104232-1000\r266\_uninstall13336_{ed2a86ef-6f1d-11e3-8002-82e4cc683822}\C\Users\pc\AppData\Local\Temp\.bitrock\.tmp_9772_5528044\folder-16px.png 547 bytes File C:\avast! sandbox\S-1-5-21-1814759783-3317407556-1525104232-1000\r266\_uninstall13336_{ed2a86ef-6f1d-11e3-8002-82e4cc683822}\C\Users\pc\AppData\Local\Temp\.bitrock\.tmp_9772_5528044\leftImage.png 81662 bytes File C:\avast! sandbox\S-1-5-21-1814759783-3317407556-1525104232-1000\r266\_uninstall13336_{ed2a86ef-6f1d-11e3-8002-82e4cc683822}\C\Users\pc\AppData\Local\Temp\.bitrock\.tmp_9772_5528044\logoImage.png 11698 bytes File C:\avast! sandbox\S-1-5-21-1814759783-3317407556-1525104232-1000\r266\_uninstall13336_{ed2a86ef-6f1d-11e3-8002-82e4cc683822}\C\Users\pc\AppData\Local\Temp\.bitrock\.tmp_9772_5528044\msgbox-error.png 1553 bytes File C:\avast! sandbox\S-1-5-21-1814759783-3317407556-1525104232-1000\r266\_uninstall13336_{ed2a86ef-6f1d-11e3-8002-82e4cc683822}\C\Users\pc\AppData\Local\Temp\.bitrock\.tmp_9772_5528044\msgbox-info.png 2669 bytes File C:\avast! sandbox\S-1-5-21-1814759783-3317407556-1525104232-1000\r266\_uninstall13336_{ed2a86ef-6f1d-11e3-8002-82e4cc683822}\C\Users\pc\AppData\Local\Temp\.bitrock\.tmp_9772_5528044\msgbox-question.png 2662 bytes File C:\avast! sandbox\S-1-5-21-1814759783-3317407556-1525104232-1000\r266\_uninstall13336_{ed2a86ef-6f1d-11e3-8002-82e4cc683822}\C\Users\pc\AppData\Local\Temp\.bitrock\.tmp_9772_5528044\msgbox-warning.png 1807 bytes File C:\avast! sandbox\S-1-5-21-1814759783-3317407556-1525104232-1000\r266\_uninstall13336_{ed2a86ef-6f1d-11e3-8002-82e4cc683822}\C\Users\pc\AppData\Local\Temp\.bitrock\.tmp_9772_5528044\open_project-16px.png 639 bytes File C:\avast! sandbox\S-1-5-21-1814759783-3317407556-1525104232-1000\r266\_uninstall13336_{ed2a86ef-6f1d-11e3-8002-82e4cc683822}\C\Users\pc\AppData\Local\Temp\.bitrock\.tmp_9772_5528044\slideShow0.png 209167 bytes File C:\avast! sandbox\S-1-5-21-1814759783-3317407556-1525104232-1000\r266\_uninstall13336_{ed2a86ef-6f1d-11e3-8002-82e4cc683822}\C\Users\pc\AppData\Local\Temp\.bitrock\.tmp_9772_5528044\slideShow1.png 183880 bytes File C:\avast! sandbox\S-1-5-21-1814759783-3317407556-1525104232-1000\r266\_uninstall13336_{ed2a86ef-6f1d-11e3-8002-82e4cc683822}\C\Users\pc\AppData\Local\Temp\.bitrock\.tmp_9772_5528044\slideShow2.png 214843 bytes File C:\avast! sandbox\S-1-5-21-1814759783-3317407556-1525104232-1000\r266\_uninstall13336_{ed2a86ef-6f1d-11e3-8002-82e4cc683822}\C\Users\pc\AppData\Local\Temp\.bitrock\.tmp_9772_5528044\slideShow3.png 198235 bytes File C:\avast! sandbox\S-1-5-21-1814759783-3317407556-1525104232-1000\r266\_uninstall13336_{ed2a86ef-6f1d-11e3-8002-82e4cc683822}\C\Users\pc\AppData\Local\Temp\.bitrock\.tmp_9772_5528044\splashImage.png 209167 bytes File C:\avast! sandbox\S-1-5-21-1814759783-3317407556-1525104232-1000\r266\_uninstall13336_{ed2a86ef-6f1d-11e3-8002-82e4cc683822}\C\Users\pc\AppData\Local\Temp\.bitrock\.tmp_9772_5528044\updir.png 1133 bytes File C:\avast! sandbox\S-1-5-21-1814759783-3317407556-1525104232-1000\r266\_uninstall13336_{ed2a86ef-6f1d-11e3-8002-82e4cc683822}\C\Users\pc\AppData\Local\Temp\.bitrock\.tmp_9772_5528044\wmImage.png 11698 bytes File C:\avast! sandbox\S-1-5-21-1814759783-3317407556-1525104232-1000\r266\_uninstall13336_{ed2a86ef-6f1d-11e3-8002-82e4cc683822}\C\Users\pc\AppData\Local\Temp\.bitrock\.tmp_9772_5528044\x01image_small.png 8476 bytes File C:\avast! sandbox\snx_rhive 262144 bytes File C:\avast! sandbox\snx_rhive.LOG1 5120 bytes File C:\avast! sandbox\snx_rhive.LOG2 0 bytes File C:\avast! sandbox\snx_rhive{296dd2e6-3f9d-11e4-8f3c-87dedd62983d}.TM.blf 65536 bytes File C:\avast! sandbox\snx_rhive{296dd2e6-3f9d-11e4-8f3c-87dedd62983d}.TMContainer00000000000000000001.regtrans-ms 524288 bytes File C:\avast! sandbox\snx_rhive{296dd2e6-3f9d-11e4-8f3c-87dedd62983d}.TMContainer00000000000000000002.regtrans-ms 524288 bytes ---- EOF - GMER 2.1 ----