GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-06-18 18:24:48 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD3200AAJS-00L7A0 rev.01.03E01 298,09GB Running: dn4bs6q4.exe; Driver: C:\Users\Bocian\AppData\Local\Temp\uxddipod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\AVAST Software\Avast\avastui.exe[3116] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075f58781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c51401 2 bytes JMP 75f7b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3116] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c51419 2 bytes JMP 75f7b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c51431 2 bytes JMP 75ff8f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c5144a 2 bytes CALL 75f5489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\AVAST Software\Avast\avastui.exe[3116] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c514dd 2 bytes JMP 75ff8822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c514f5 2 bytes JMP 75ff89f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3116] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c5150d 2 bytes JMP 75ff8718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c51525 2 bytes JMP 75ff8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c5153d 2 bytes JMP 75f6fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3116] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c51555 2 bytes JMP 75f768ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c5156d 2 bytes JMP 75ff8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c51585 2 bytes JMP 75ff8b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3116] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c5159d 2 bytes JMP 75ff86dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c515b5 2 bytes JMP 75f6fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c515cd 2 bytes JMP 75f7b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c516b2 2 bytes JMP 75ff8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c516bd 2 bytes JMP 75ff8671 C:\Windows\syswow64\kernel32.dll ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\svchost.exe [316:2776] 000007fef9120ea8 Thread C:\Windows\system32\svchost.exe [316:2780] 000007fef9119db0 Thread C:\Windows\system32\svchost.exe [316:2792] 000007fef911aa10 Thread C:\Windows\system32\svchost.exe [316:2800] 000007fef9121c94 Thread C:\Windows\system32\svchost.exe [316:3616] 000007fef337d3c8 Thread C:\Windows\system32\svchost.exe [316:3620] 000007fef337d3c8 Thread C:\Windows\system32\svchost.exe [316:3624] 000007fef337d3c8 Thread C:\Windows\system32\svchost.exe [316:3628] 000007fef337d3c8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3604:4736] 000007fefbaa2bf8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3604:4744] 000007feea6f5648 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3604:4748] 000007feea6f5648 ---- Files - GMER 2.1 ---- File C:\avast! sandbox 0 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001 0 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone 0 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C 0 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile 0 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\chrome_shutdown_ms.txt 4 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default 0 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Network Action Predictor 5120 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Cache 0 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Cache\data_0 45056 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Cache\data_1 270336 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Cache\data_2 1056768 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Cache\data_3 4202496 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Cache\f_000001 31362 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Cache\f_000002 68994 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Cache\f_000003 24524 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Cache\f_000004 23836 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Cache\f_000005 21288 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Cache\f_000006 21728 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Cache\f_000007 23040 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Cache\f_000008 23676 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Cache\f_000009 19380 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Cache\f_00000a 40641 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Cache\f_00000b 21521 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Cache\f_00000c 50732 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Cache\f_00000d 27252 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Cache\f_00000e 22632 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Cache\index 524656 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Cookies 9216 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Cookies-journal 4640 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Current Session 6614 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Current Tabs 4281 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Extension State 0 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Extension State\000003.log 570 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Extension State\CURRENT 16 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Extension State\LOCK 0 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Extension State\LOG 47 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Extension State\MANIFEST-000002 50 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Favicons 20480 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Favicons-journal 14904 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\History 94208 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\History Provider Cache 895 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\History-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Local Extension Settings 0 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Local Storage 0 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage 3072 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Login Data 12288 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Login Data-journal 512 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Media Cache 0 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Media Cache\data_0 45056 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Media Cache\data_1 270336 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Media Cache\data_2 1056768 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Media Cache\data_3 4202496 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Media Cache\f_000001 1048576 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Media Cache\f_000002 998647 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Media Cache\index 524656 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Network Action Predictor-journal 1544 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Preferences 3148 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Secure Preferences 18853 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Session Storage 0 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Session Storage\000003.log 531 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Session Storage\CURRENT 16 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Session Storage\LOCK 0 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Session Storage\LOG 47 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Session Storage\MANIFEST-000002 50 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Shortcuts 12288 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Shortcuts-journal 512 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Top Sites 20480 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Top Sites-journal 12824 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\TransportSecurity 323 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Visited Links 131072 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Web Data 71680 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Default\Web Data-journal 4624 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Local State 5833 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\pnacl 0 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Safe Browsing Cookies 6144 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\sfzone_profile\Safe Browsing Cookies-journal 1544 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\Users 0 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\Users\Bocian 0 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\Users\Bocian\AppData 0 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\Users\Bocian\AppData\Local 0 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\Users\Bocian\AppData\Local\Temp 0 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\Windows 0 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\Windows\Prefetch 0 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\C\Windows\Prefetch\SAFEZONEBROWSER.EXE-497BCF76.pf 34512 bytes File C:\avast! sandbox\S-1-5-21-1206688101-3488512440-2860138731-1001\sfzone\snx_fs.dat 11716 bytes File C:\avast! sandbox\snx_rhive 262144 bytes File C:\avast! sandbox\snx_rhive.LOG1 25600 bytes File C:\avast! sandbox\snx_rhive.LOG2 0 bytes File C:\avast! sandbox\snx_rhive{44ea56c6-d407-11e4-9798-6c626d72e1ea}.TM.blf 65536 bytes File C:\avast! sandbox\snx_rhive{44ea56c6-d407-11e4-9798-6c626d72e1ea}.TMContainer00000000000000000001.regtrans-ms 524288 bytes File C:\avast! sandbox\snx_rhive{44ea56c6-d407-11e4-9798-6c626d72e1ea}.TMContainer00000000000000000002.regtrans-ms 524288 bytes ---- EOF - GMER 2.1 ----