GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2014-04-16 10:57:56 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 Hitachi_HTS543232L9A300 rev.FB4OC40C 298,09GB Running: m57g1hli.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\pxtdipow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xB15C8A9C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xB15C957A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xB160D85D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xB15D55C4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xB15D5610] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xB15D57AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xB160D211] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xB15D5532] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xB15D5654] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xB15D557A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xB15C9AB0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xB15D5764] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xB15CA368] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xB15C8B02] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xB160DF23] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xB160E1D9] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xB15CDB3C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xB160DD8E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xB160DBF9] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xB15C86EE] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xB18167A2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xB15C8B68] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xB15CDF32] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xB15CAE50] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xB15D55EE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xB15D5632] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xB15D57CE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xB160D56D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xB15D5558] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xB15CD436] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xB15D56E2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xB15D55A2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xB15CD81E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xB15D5788] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xB1816546] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xB160DA74] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xB15CACC4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xB160D8C6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xB15CA81A] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xB18244F6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xB160C857] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xB15C8BCE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xB15C8C34] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xB15CA1E2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xB15C8788] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xB15C895A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xB160E02A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xB15C88E8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xB15CA532] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xB15CA694] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xB15C89E2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xB15CA020] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xB15CA1C2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xB15C8C9A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xB15C95D6] INT 0x82 ? 8AFA4BF8 INT 0x83 ? 8AFA4BF8 INT 0x83 ? 8AFA4BF8 INT 0x83 ? 8AC6BBF8 INT 0x83 ? 8AFA4BF8 INT 0xA4 ? 8AC6BBF8 ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2470 80501CCC 2 Bytes [7A, 95] {JP 0xffffff97} .text ntkrnlpa.exe!ZwCallbackReturn + 24F8 80501D54 2 Bytes [B0, 9A] {MOV AL, 0x9a} .text ntkrnlpa.exe!ZwCallbackReturn + 24FB 80501D57 5 Bytes [B1, 64, 57, 5D, B1] .text ntkrnlpa.exe!ZwCallbackReturn + 260C 80501E68 2 Bytes [36, D4] .text ntkrnlpa.exe!ZwCallbackReturn + 2624 80501E80 2 Bytes [1E, D8] .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059BA02 4 Bytes CALL B15CB4FD \SystemRoot\system32\drivers\aswSnx.sys ? splj.sys Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB89F1360, 0x2217AD, 0xE8000020] .text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xAEF22400, 0x87EE2, 0xE8000020] .protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xAEFC6620] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xAEFC6620] .protect˙˙˙˙hardlockunknown last code section [0xAEFC6400, 0x5126, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xAEFC6400, 0x5126, 0xE0000020] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\svchost.exe[180] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[180] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[220] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[220] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[240] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[240] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\ElsaWin\bin\LcSvrAdm.exe[276] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\ElsaWin\bin\LcSvrAdm.exe[276] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\crypserv.exe[420] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\crypserv.exe[420] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Sony\PlayMemories Home\dfs.exe[532] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Sony\PlayMemories Home\dfs.exe[532] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\ElsaWin\bin\LcSvrDba.exe[552] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\ElsaWin\bin\LcSvrDba.exe[552] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\ElsaWin\bin\LcSvrHis.exe[640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\ElsaWin\bin\LcSvrHis.exe[640] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\ElsaWin\bin\LcSvrPas.exe[668] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\ElsaWin\bin\LcSvrPas.exe[668] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[720] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\ElsaWin\bin\LcSvrSaz.exe[892] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\ElsaWin\bin\LcSvrSaz.exe[892] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[900] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[900] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[936] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[936] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\services.exe[980] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[980] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[992] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[992] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1164] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[1180] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[1180] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1204] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1204] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1292] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Documents and Settings\Administrator\Pulpit\scan\gm\m57g1hli.exe[1308] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Administrator\Pulpit\scan\gm\m57g1hli.exe[1308] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\PDF Architect\HelperService.exe[1324] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\PDF Architect\HelperService.exe[1324] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[1384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[1384] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe[1420] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe[1420] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe[1536] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe[1536] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\PDF Architect\ConversionService.exe[1556] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\PDF Architect\ConversionService.exe[1556] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe[1628] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe[1628] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[1640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[1640] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1676] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1744] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1744] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\ACEngSvr.exe[1764] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ACEngSvr.exe[1764] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\HPSIsvc.exe[1804] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\HPSIsvc.exe[1804] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1892] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1892] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\acs.exe[1948] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\acs.exe[1948] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe[1996] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe[1996] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2168] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2168] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[2252] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[2252] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2384] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2452] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2452] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\ASUS\ATK Media\DMEDIA.EXE[2484] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\ASUS\ATK Media\DMEDIA.EXE[2484] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\RUNDLL32.EXE[2692] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\RUNDLL32.EXE[2692] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe[2700] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe[2700] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2784] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2784] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2800] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2800] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\ASUS\Splendid\ACMON.exe[2828] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\ASUS\Splendid\ACMON.exe[2828] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[2844] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[2844] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2932] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2932] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Atheros\ACU.exe[2948] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Atheros\ACU.exe[2948] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[2964] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[2964] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2984] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2984] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3544] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3544] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3544] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\ElsaWin\bin\LcSvrAuf.exe[3656] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\ElsaWin\bin\LcSvrAuf.exe[3656] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe[3704] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe[3704] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3776] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3776] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[4084] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[4084] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[980] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[980] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys splj.sys >>UNKNOWN [0x8af58938]<< 8af58938 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aecaab8] 8aecaab8 Trace 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000086[0x8af9af18] 8af9af18 Trace 5 ACPI.sys[b9e65620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8ae85940] 8ae85940 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xEA 0x6E 0x00 0x44 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xEA 0x6E 0x00 0x44 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xEA 0x6E 0x00 0x44 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xEA 0x6E 0x00 0x44 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xEA 0x6E 0x00 0x44 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xEA 0x6E 0x00 0x44 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xEA 0x6E 0x00 0x44 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xEA 0x6E 0x00 0x44 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xEA 0x6E 0x00 0x44 ... Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xEA 0x6E 0x00 0x44 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xEA 0x6E 0x00 0x44 ... Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\{4714AF41-F5B2-11d3-919D-00D0B71030AD}@IndexT -1293313969 ---- EOF - GMER 2.1 ----