GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-11-29 21:45:43 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e SAMSUNG_HD753LJ rev.1AA01113 Running: xmlc3le7.exe; Driver: C:\DOCUME~1\aversion\USTAWI~1\Temp\kwdiqfoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB41764BA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB424BC22] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xB4176ED6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB41B8811] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB4181FA8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB4181FF4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB4182176] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB41B81C5] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB4181F16] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB4182038] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB4181F5E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xB417711C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB4182130] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xB417793E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB4176508] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB41B8ED7] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB41B918D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB417B1C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB41B8D42] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB41B8BAD] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB424BCEA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB4176170] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB4176556] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB417B534] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB41783A6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB4181FD2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB4182016] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB418219A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB41B8521] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB4181F3C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB417AC3E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB41820BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB4181F86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB417AF14] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB4182154] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB424BE4A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB41B8A28] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB4178272] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB41B887A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xB4177DD4] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB42587D2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB41B7838] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB41765A4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB41765F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xB41777BE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB41761FA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB41763AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB41B8FDE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB4176350] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xB4177AF8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xB4177C54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB417641A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xB41774D4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xB4177636] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xB424A41C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB4176640] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xB4176F1A] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB4264E56] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2D1C 805045B8 4 Bytes [EA, BC, 24, B4] .text ntkrnlpa.exe!ZwCallbackReturn + 2F1C 805047B8 12 Bytes [A4, 65, 17, B4, F2, 65, 17, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2FC4 80504860 12 Bytes [F8, 7A, 17, B4, 54, 7C, 17, ...] PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A649A 4 Bytes CALL B4178A77 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC52E 5 Bytes JMP B4261CF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805C2FB2 5 Bytes JMP B4263810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1164 7 Bytes JMP B4264E5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6CE43A0, 0x5CC259, 0xE8000020] .text win32k.sys!EngFreeUserMem + 674 BF809911 5 Bytes JMP B417CB4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 35D0 BF80C86D 5 Bytes JMP B417CA3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF813900 5 Bytes JMP B417C9F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11F0 BF81C743 5 Bytes JMP B417C0A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 68B BF838F8B 5 Bytes JMP B417B7C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLockSurface + 3463 BF83C8BA 5 Bytes JMP B417C090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + 19A7 BF83F44A 5 Bytes JMP B417CCB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + 3449 BF840EEC 5 Bytes JMP B417CEBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTextOut + 1DB5 BF85983F 5 Bytes JMP B417C8FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBlt + 35C1 BF85DB54 5 Bytes JMP B417CA86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMultiByteToWideChar + 789E BF869E44 5 Bytes JMP B417B688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMulDiv + 8193 BF872D37 5 Bytes JMP B417B834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 35A0 BF87844A 5 Bytes JMP B417BC1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 362B BF8784D5 5 Bytes JMP B417BEE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 3F9B BF878E45 5 Bytes JMP B417C16A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 405B BF878F05 5 Bytes JMP B417B670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 35FB BF895DDE 5 Bytes JMP B417BCDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 411E BF896901 2 Bytes JMP B417BE9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 4121 BF896904 2 Bytes [8E, F4] .text win32k.sys!EngGetLastError + 1606 BF8B3B70 5 Bytes JMP B417C182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 3AA1 BF8B84CE 5 Bytes JMP B417CBFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 461F BF8BD042 3 Bytes JMP B417CE1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 4623 BF8BD046 1 Byte [F4] .text win32k.sys!EngAlphaBlend + 2998 BF8C3163 5 Bytes JMP B417B944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1517 BF8EB760 5 Bytes JMP B417BA1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1797 BF8EB9E0 5 Bytes JMP B417BB48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + B223 BF8F546C 5 Bytes JMP B417C0C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8F97F8 5 Bytes JMP B417B56A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 19C1 BF9133D3 5 Bytes JMP B417B760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2595 BF913FA7 5 Bytes JMP B417B8F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4EF4 BF916906 5 Bytes JMP B417BFFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 1948 BF9449E4 5 Bytes JMP B417CD74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe[188] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe[188] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[232] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[232] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[300] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[300] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[516] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[516] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[744] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[744] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[764] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[828] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[828] KERNEL32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[852] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[852] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[896] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62] .text C:\WINDOWS\system32\services.exe[896] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[908] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[1076] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[1076] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\PLAY ONLINE\OnlineUpdate\ouc.exe[1180] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\PLAY ONLINE\OnlineUpdate\ouc.exe[1180] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1248] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1248] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[1324] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[1324] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1444] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1548] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1548] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1652] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1652] kernel32.dll!SetUnhandledExceptionFilter 7C844935 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1652] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1708] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1708] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[1780] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[1780] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\system32\RUNDLL32.EXE[1796] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62] .text C:\WINDOWS\system32\RUNDLL32.EXE[1796] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\Program Files\Trojan Remover\Trjscan.exe[1820] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62] .text C:\Program Files\Trojan Remover\Trjscan.exe[1820] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[1832] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[1832] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\Program Files\Gadu-Gadu\gg.exe[1860] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62] .text C:\Program Files\Gadu-Gadu\gg.exe[1860] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1892] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1892] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1924] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1924] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1992] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[2076] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[2076] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\Documents and Settings\aversion\Pulpit\xmlc3le7.exe[2524] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003D01F8 .text C:\Documents and Settings\aversion\Pulpit\xmlc3le7.exe[2524] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62] .text C:\Documents and Settings\aversion\Pulpit\xmlc3le7.exe[2524] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003D03FC .text C:\Documents and Settings\aversion\Pulpit\xmlc3le7.exe[2524] KERNEL32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\Documents and Settings\aversion\Pulpit\xmlc3le7.exe[2524] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 009C1014 .text C:\Documents and Settings\aversion\Pulpit\xmlc3le7.exe[2524] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 009C0804 .text C:\Documents and Settings\aversion\Pulpit\xmlc3le7.exe[2524] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 009C0A08 .text C:\Documents and Settings\aversion\Pulpit\xmlc3le7.exe[2524] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 009C0C0C .text C:\Documents and Settings\aversion\Pulpit\xmlc3le7.exe[2524] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 009C0E10 .text C:\Documents and Settings\aversion\Pulpit\xmlc3le7.exe[2524] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009C01F8 .text C:\Documents and Settings\aversion\Pulpit\xmlc3le7.exe[2524] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009C03FC .text C:\Documents and Settings\aversion\Pulpit\xmlc3le7.exe[2524] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 009C0600 .text C:\Documents and Settings\aversion\Pulpit\xmlc3le7.exe[2524] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 009D0804 .text C:\Documents and Settings\aversion\Pulpit\xmlc3le7.exe[2524] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 009D0A08 .text C:\Documents and Settings\aversion\Pulpit\xmlc3le7.exe[2524] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 009D0600 .text C:\Documents and Settings\aversion\Pulpit\xmlc3le7.exe[2524] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009D01F8 .text C:\Documents and Settings\aversion\Pulpit\xmlc3le7.exe[2524] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009D03FC ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[896] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[896] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1652] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[1832] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) ---- EOF - GMER 1.0.15 ----