GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-01 21:07:50
Windows 5.1.2600 Dodatek Service Pack 3
Running: oz8oqe4b.exe; Driver: C:\DOCUME~1\er!\USTAWI~1\Temp\kwaiifog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text  C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                     section is writeable [0xB9E8D380, 0x346307, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text  C:\WINDOWS\System32\svchost.exe[836] ntdll.dll!NtQueryInformationProcess     7C90D7FE 5 Bytes  JMP 020C9DD2 
.text  C:\WINDOWS\System32\svchost.exe[836] NETAPI32.dll!NetpwPathCanonicalize      6FF4A3A9 5 Bytes  JMP 020C9D72 
.text  C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!NtQueryInformationProcess     7C90D7FE 5 Bytes  JMP 00829DD2 

---- Registry - GMER 1.0.15 ----

Reg    HKLM\SYSTEM\ControlSet003\Services\pvenh@DisplayName                         Image Shell
Reg    HKLM\SYSTEM\ControlSet003\Services\pvenh@Type                                32
Reg    HKLM\SYSTEM\ControlSet003\Services\pvenh@Start                               2
Reg    HKLM\SYSTEM\ControlSet003\Services\pvenh@ErrorControl                        0
Reg    HKLM\SYSTEM\ControlSet003\Services\pvenh@ImagePath                           %SystemRoot%\system32\svchost.exe -k netsvcs
Reg    HKLM\SYSTEM\ControlSet003\Services\pvenh@ObjectName                          LocalSystem
Reg    HKLM\SYSTEM\ControlSet003\Services\pvenh@Description                         Utrzymuje aktualn? list? komputer?w w sieci i dostarcza j? do komputer?w wyznaczonych jako przegl?darki. Je?li ta us?uga zostanie zatrzymana, lista nie b?dzie aktualizowana ani zachowywana. Je?li ta us?uga zostanie wy??czona, wszelkie us?ugi jawnie od niej zale?ne przestan? si? uruchamia?.
Reg    HKLM\SYSTEM\ControlSet003\Services\pvenh\Parameters (not active ControlSet)  
Reg    HKLM\SYSTEM\ControlSet003\Services\pvenh\Parameters@ServiceDll               C:\WINDOWS\system32\vnxtaihg.dll

---- EOF - GMER 1.0.15 ----