GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-05-04 18:36:26 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541610J9SA00 rev.SBCOC70P 93,16GB Running: xfl521zp.exe; Driver: C:\DOCUME~1\Dawid\USTAWI~1\Temp\kfrcqpoc.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xA7245A9C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xA724657A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xA728A85D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xA72525C4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xA7252610] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xA72527AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xA728A211] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xA7252532] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xA7252654] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xA725257A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xA7246AB0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xA7252764] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xA7247368] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xA7245B02] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xA728AF23] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xA728B1D9] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xA724AB3C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xA728AD8E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xA728ABF9] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xA72456EE] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xA797667A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xA7245B68] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xA724AF32] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xA7247E50] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xA72525EE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xA7252632] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xA72527CE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xA728A56D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xA7252558] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xA724A436] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xA72526E2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xA72525A2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xA724A81E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xA7252788] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xA797641E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xA728AA74] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xA7247CC4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xA728A8C6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xA724781A] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xA79843D8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xA7289857] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xA7245BCE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xA7245C34] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xA72471E2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xA7245788] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xA724595A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xA728B02A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xA72458E8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xA7247532] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xA7247694] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xA72459E2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xA7247020] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xA72471C2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xA7245C9A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xA72465D6] ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!_abnormal_termination + 398 804E296C 12 Bytes [CE, 5B, 24, A7, 34, 5C, 24, ...] {INTO ; POP EBX; AND AL, 0xa7; XOR AL, 0x5c; AND AL, 0xa7; LOOP 0x7b; AND AL, 0xa7} .text ntoskrnl.exe!_abnormal_termination + 430 804E2A04 4 Bytes CALL E9F54E61 .text ntoskrnl.exe!_abnormal_termination + 440 804E2A14 12 Bytes [32, 75, 24, A7, 94, 76, 24, ...] {XOR DH, [EBP+0x24]; CMPSD ; XCHG ESP, EAX; JBE 0x2b; CMPSD ; LOOP 0x63; AND AL, 0xa7} PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BC20 4 Bytes CALL A72484FD \SystemRoot\system32\drivers\aswSnx.sys init C:\WINDOWS\System32\Drivers\ItSDisk.sys entry point in "init" section [0xF7A9A360] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\svchost.exe[208] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[264] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[264] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[312] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[312] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\afwServ.exe[312] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[336] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[336] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[336] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[368] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[368] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[512] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[512] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\taskmgr.exe[528] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\taskmgr.exe[528] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\SCardSvr.exe[588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\SCardSvr.exe[588] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[656] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[656] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[852] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[852] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[876] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[876] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\igfxtray.exe[908] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\igfxtray.exe[908] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\DllHost.exe[936] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\DllHost.exe[936] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[944] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[944] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\hkcmd.exe[988] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\hkcmd.exe[988] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\igfxpers.exe[1000] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\igfxpers.exe[1000] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[1024] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[1024] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe[1036] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe[1036] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1160] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1160] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[1244] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[1292] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[1292] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[1368] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[1368] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[1472] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[1472] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1568] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1568] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1600] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1600] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1608] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1608] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1644] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1644] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1716] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Wireless Console 2\wcourier.exe[1744] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Wireless Console 2\wcourier.exe[1744] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[2012] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[2012] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2032] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2052] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2052] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe[2168] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe[2168] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\UMonit.exe[2220] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\UMonit.exe[2220] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2308] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2308] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\Dawid\Pulpit\Nowy folder\xfl521zp.exe[2484] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Dawid\Pulpit\Nowy folder\xfl521zp.exe[2484] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[2584] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[2584] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE[2632] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE[2632] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[2684] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[2684] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2744] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2744] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2744] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE[2816] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE[2816] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2848] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[2968] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[2968] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Messenger\msmsgs.exe[3060] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Messenger\msmsgs.exe[3060] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3272] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3272] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\SetPoint\SetPoint.exe[3352] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\SetPoint\SetPoint.exe[3352] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3488] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3488] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE[3524] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE[3524] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[3676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[3676] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\RunDll32.exe[3932] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\RunDll32.exe[3932] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[1600] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[1600] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip aswNdis2.sys AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswNdis2.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Udp aswNdis2.sys AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswNdis2.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys ---- EOF - GMER 2.1 ----