GMER 2.1.19355 - http://www.gmer.net Rootkit scan 2014-01-25 22:30:53 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 ST3500320AS rev.SD15 465,76GB Running: gmer.exe; Driver: C:\DOCUME~1\Jaca\USTAWI~1\Temp\uwddifoc.sys ---- System - GMER 2.1 ---- SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwAddBootEntry [0xAC381B10] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xAC3825EE] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwClose [0xAC3C643E] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateEvent [0xAC38E5E0] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateEventPair [0xAC38E62C] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xAC38E7C6] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateKey [0xAC3C5DF2] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateMutant [0xAC38E54E] SSDT vax347b.sys ZwCreatePagingFile [0xB9F81C70] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateSection [0xAC38E670] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xAC38E596] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateThread [0xAC382B24] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateTimer [0xAC38E780] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xAC3833DC] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xAC381B76] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteKey [0xAC3C6B04] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xAC3C6DBA] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDuplicateObject [0xAC386B58] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwEnumerateKey [0xAC3C696F] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xAC3C67DA] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwLoadDriver [0xAC38175E] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xAC381BDC] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xAC386F4E] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xAC383E6C] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenEvent [0xAC38E60A] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenEventPair [0xAC38E64E] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xAC38E7EA] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenKey [0xAC3C614E] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenMutant [0xAC38E574] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenProcess [0xAC386452] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenSection [0xAC38E6FE] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xAC38E5BE] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenThread [0xAC38683A] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenTimer [0xAC38E7A4] SSDT \??\C:\WINDOWS\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xAC4530CC] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryKey [0xAC3C6655] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryObject [0xAC383D38] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryValueKey [0xAC3C64A7] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueueApcThread [0xAC38388E] SSDT \??\C:\WINDOWS\system32\drivers\aswSP.sys ZwRenameKey [0xAC460F22] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwRestoreKey [0xAC3C5438] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xAC381C42] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetBootOptions [0xAC381CA8] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetContextThread [0xAC383256] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xAC3817F8] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xAC3819CE] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetValueKey [0xAC3C6C0B] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwShutdownSystem [0xAC38195C] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSuspendProcess [0xAC3835A6] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSuspendThread [0xAC383708] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xAC381A56] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwTerminateProcess [0xAC383094] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwTerminateThread [0xAC383236] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwVdmControl [0xAC381D0E] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xAC38264A] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2D15 805045FD 7 Bytes [E5, 38, AC, 2C, E6, 38, AC] .text ntkrnlpa.exe!ZwCallbackReturn + 2E5C 80504744 4 Bytes [EA, E7, 38, AC] .text ntkrnlpa.exe!ZwCallbackReturn + 2FD4 805048BC 12 Bytes [42, 1C, 38, AC, A8, 1C, 38, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 307C 80504964 12 Bytes [A6, 35, 38, AC, 08, 37, 38, ...] PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64DC 4 Bytes CALL AC384519 \??\C:\WINDOWS\system32\drivers\aswSnx.sys ? System nie może odnaleźć określonej ścieżki. ! .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8ECA000, 0x1E2E7A, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\Explorer.EXE[256] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[444] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[444] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[492] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[492] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[564] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[564] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[588] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[692] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[732] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[732] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[752] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[752] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[780] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[780] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[800] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\services.exe[844] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[844] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[856] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[992] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[992] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1060] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1060] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[1132] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[1132] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1220] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1220] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1236] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1236] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1252] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1272] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1272] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1500] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1540] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1540] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\rundll32.exe[1600] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\rundll32.exe[1600] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1644] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1644] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1668] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1668] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1784] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1784] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1844] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1844] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Documents and Settings\Jaca\Pulpit\gmer.exe[1916] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Jaca\Pulpit\gmer.exe[1916] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\HPZipm12.exe[2072] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\HPZipm12.exe[2072] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\PnkBstrA.exe[2084] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\PnkBstrA.exe[2084] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2120] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2120] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2140] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2140] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2276] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2276] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[3004] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01D2B780 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3004] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[3004] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 004503FC .text C:\Program Files\Mozilla Firefox\firefox.exe[3004] KERNEL32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 02566EFD C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3004] KERNEL32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 02566EDA C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3004] KERNEL32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 01D30836 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3004] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[3004] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 02566E5B C:\Program Files\Mozilla Firefox\xul.dll .text C:\WINDOWS\System32\alg.exe[3584] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3584] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3624] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3624] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3624] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 1060F36E C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3624] USER32.dll!GetMenuContextHelpId + 1A 7E3B5319 7 Bytes JMP 10608DFA C:\Program Files\Mozilla Firefox\xul.dll .text C:\WINDOWS\system32\wscntfy.exe[3832] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[3832] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[844] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[844] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 8A6CA280 AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys Device \Driver\Cdrom \Device\CdRom0 8A27FF00 Device \FileSystem\Rdbss \Device\FsWrap 89A848C0 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-12 8A6DBAE8 Device \Driver\atapi \Device\Ide\IdePort0 8A6DBAE8 Device \Driver\atapi \Device\Ide\IdePort1 8A6DBAE8 Device \Driver\atapi \Device\Ide\IdePort2 8A6DBAE8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-7 8A6DBAE8 Device \Driver\atapi \Device\Ide\IdePort3 8A6DBAE8 Device \Driver\atapi \Device\Ide\IdePort4 8A6DBAE8 Device \Driver\atapi \Device\Ide\IdePort5 8A6DBAE8 Device \FileSystem\Srv \Device\LanmanServer 8965C108 AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 899D6208 Device \FileSystem\MRxSmb \Device\LanmanRedirector 899D6208 Device \FileSystem\Npfs \Device\NamedPipe 89ED8A00 Device \FileSystem\Msfs \Device\Mailslot 89A781A0 Device \Driver\vax347s \Device\Scsi\vax347s1 8A294600 Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 89A7EFB0 Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 89A7EFB0 Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 89A7EFB0 Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 89A7EFB0 Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 89A7EFB0 Device \FileSystem\Cdfs \Cdfs 8A2635B8 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a6dbae8]<< 8a6dbae8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6b8ab8] 8a6b8ab8 Trace 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006c[0x8a749bb8] 8a749bb8 Trace 5 ACPI.sys[b9f57620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-7[0x8a6b9d98] 8a6b9d98 Trace \Driver\atapi[0x8a6bea08] -> IRP_MJ_CREATE -> 0x8a6dbae8 8a6dbae8 ---- Modules - GMER 2.1 ---- Module _________ (FILE NOT FOUND) B9F09000-B9F21000 (98304 bytes) ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg40@ujdew 0x20 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg40@ljej40 0xE8 0x18 0x2C 0x1F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg40@ljej41 0x5D 0x18 0x2C 0x1F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg40@ljej42 0x5D 0x18 0x2C 0x1F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg40@ljej43 0x5D 0x18 0x2C 0x1F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg40@ljej44 0x5D 0x18 0x2C 0x1F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg41 Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg41@ujdew 0x20 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg41@ljej40 0xF3 0x18 0x2C 0x1F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg41@ljej41 0x5D 0x18 0x2C 0x1F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg41@ljej42 0x5D 0x18 0x2C 0x1F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg41@ljej43 0x5D 0x18 0x2C 0x1F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg41@ljej44 0x5D 0x18 0x2C 0x1F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg42 Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg42@ujdew 0x20 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg42@ljej40 0x99 0x17 0x4F 0x96 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg42@ljej41 0x28 0x17 0x4F 0x96 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg42@ljej42 0x28 0x17 0x4F 0x96 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg42@ljej43 0x28 0x17 0x4F 0x96 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg42@ljej44 0x28 0x17 0x4F 0x96 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}@DisplayName Alcohol 120% (Trial Version) Reg HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6@ProductName Alcohol 120% (Trial Version) ---- Files - GMER 2.1 ---- File C:\avast! sandbox 0 bytes File C:\avast! sandbox\S-1-5-21-1935655697-308236825-839522115-1243 0 bytes File C:\avast! sandbox\S-1-5-21-1935655697-308236825-839522115-1243\r129 0 bytes File C:\avast! sandbox\S-1-5-21-1935655697-308236825-839522115-1243\r129\gmer.exe_{a67e95c4-85f2-11e3-8199-002215a35341} 0 bytes File C:\avast! sandbox\S-1-5-21-1935655697-308236825-839522115-1243\r129\gmer.exe_{a67e95c4-85f2-11e3-8199-002215a35341}\C 0 bytes File C:\avast! sandbox\S-1-5-21-1935655697-308236825-839522115-1243\r129\gmer.exe_{a67e95c4-85f2-11e3-8199-002215a35341}\C\WINDOWS 0 bytes File C:\avast! sandbox\S-1-5-21-1935655697-308236825-839522115-1243\r129\gmer.exe_{a67e95c4-85f2-11e3-8199-002215a35341}\C\WINDOWS\system32 0 bytes File C:\avast! sandbox\S-1-5-21-1935655697-308236825-839522115-1243\r129\gmer.exe_{a67e95c4-85f2-11e3-8199-002215a35341}\C\WINDOWS\system32\CatRoot2 0 bytes File C:\avast! sandbox\S-1-5-21-1935655697-308236825-839522115-1243\r129\gmer.exe_{a67e95c4-85f2-11e3-8199-002215a35341}\C\WINDOWS\system32\CatRoot2\edb.log 131072 bytes File C:\avast! sandbox\S-1-5-21-1935655697-308236825-839522115-1243\r129\gmer.exe_{a67e95c4-85f2-11e3-8199-002215a35341}\C\WINDOWS\system32\CatRoot2\edbtmp.log 131072 bytes File C:\avast! sandbox\S-1-5-21-1935655697-308236825-839522115-1243\r129\gmer.exe_{a67e95c4-85f2-11e3-8199-002215a35341}\C\WINDOWS\system32\CatRoot2\tmp.edb 1056768 bytes File C:\avast! sandbox\S-1-5-21-1935655697-308236825-839522115-1243\r129\gmer.exe_{a67e95c4-85f2-11e3-8199-002215a35341}\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE} 0 bytes File C:\avast! sandbox\S-1-5-21-1935655697-308236825-839522115-1243\r129\gmer.exe_{a67e95c4-85f2-11e3-8199-002215a35341}\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb 1056768 bytes File C:\avast! sandbox\S-1-5-21-1935655697-308236825-839522115-1243\r129\gmer.exe_{a67e95c4-85f2-11e3-8199-002215a35341}\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} 0 bytes File C:\avast! sandbox\S-1-5-21-1935655697-308236825-839522115-1243\r129\gmer.exe_{a67e95c4-85f2-11e3-8199-002215a35341}\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb 7348224 bytes File C:\avast! sandbox\snx_rhive 262144 bytes File C:\avast! sandbox\snx_rhive.LOG 1024 bytes ---- EOF - GMER 2.1 ----