GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-08-02 11:46:40 Windows 5.1.2600 Dodatek Service Pack 2 Running: k2j9cmvs.exe; Driver: C:\DOCUME~1\beny\USTAWI~1\Temp\kxdcrfow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAAE39CD2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAAE39B8E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xAAE3A142] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAAE3A06C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAAE39764] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAAE39C68] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAAE396A4] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAAE39708] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAAE39D88] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xAAE3A210] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAAE39D48] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAAE39EC8] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xAAE46B9C] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xAAE469C0] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xAAE46AFA] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- PAGE ntkrnlpa.exe!ZwLoadDriver 80578664 7 Bytes JMP AAE46AFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntkrnlpa.exe!NtCreateSection 8059F568 7 Bytes JMP AAE469C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B0A74 5 Bytes JMP AAE425B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntkrnlpa.exe!ObInsertObject 805B7762 5 Bytes JMP AAE43F6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C5F66 7 Bytes JMP AAE46BA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[616] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3472] USER32.dll!TrackPopupMenu 77D84F16 5 Bytes JMP 1044721D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[836] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003C0002 IAT C:\WINDOWS\system32\services.exe[836] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003C0000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) ---- EOF - GMER 1.0.15 ----