GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-08-17 12:02:50 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-12 SAMSUNG_HD160JJ rev.ZM100-41 149,05GB Running: m02cmnz4.exe; Driver: C:\DOCUME~1\MARCIN~1.DOM\USTAWI~1\Temp\fgxdiaod.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xF1E60BA6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xF1E61684] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xF1EA5D80] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xF1E6D6F8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xF1E6D744] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xF1E6D8DE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xF1EA5734] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xF1E6D666] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xF1E6D788] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xF1E6D6AE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xF1E61BBA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xF1E6D898] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xF1E62472] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xF1E60C0C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xF1EA6446] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xF1EA66FC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xF1E65C68] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xF1EA62B1] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xF1EA611C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xF1E607F8] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xF219EED0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xF1E60C72] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xF1E6605E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xF1E62F5A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xF1E6D722] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xF1E6D766] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xF1E6D902] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xF1EA5A90] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xF1E6D68C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xF1E65560] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xF1E6D816] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xF1E6D6D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xF1E6594C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xF1E6D8BC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xF219EC6E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xF1EA5F97] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xF1E62DCE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xF1EA5DE9] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xF1E62924] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xF21ACE1A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xF1EA4D77] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xF1E60CD8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xF1E60D3E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xF1E622EC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xF1E60892] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xF1E60A64] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xF1EA654D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xF1E609F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xF1E6263C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xF1E6279E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xF1E60AEC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xF1E6212A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xF1E622CC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xF1E60DA4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xF1E616E0] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2600 80501E5C 8 Bytes JMP E6D68CF1 .text ntkrnlpa.exe!ZwCallbackReturn + 26E8 80501F44 4 Bytes [E9, 5D, EA, F1] .text ntkrnlpa.exe!ZwCallbackReturn + 2770 80501FCC 12 Bytes [D8, 0C, E6, F1, 3E, 0D, E6, ...] {FMUL DWORD [ESI]; INT1 ; OR EAX, 0x22ecf1e6; OUT 0xf1, AL} .text ntkrnlpa.exe!ZwCallbackReturn + 2818 80502074 12 Bytes [3C, 26, E6, F1, 9E, 27, E6, ...] {CMP AL, 0x26; OUT 0xf1, AL; SAHF ; DAA ; OUT 0xf1, AL; IN AL, DX; OR AH, DH; INT1 } PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059BA02 4 Bytes CALL F1E6362B \SystemRoot\system32\drivers\aswSnx.sys .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF7898380, 0x2FF527, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ControlCenter4\BrCtrlCntr.exe[176] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\ControlCenter4\BrCtrlCntr.exe[176] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[188] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[188] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[212] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[212] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\Marcin.DOM-D69AD2F462C\Pulpit\m02cmnz4.exe[232] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Marcin.DOM-D69AD2F462C\Pulpit\m02cmnz4.exe[232] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\ControlCenter4\BrCcUxSys.exe[284] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\ControlCenter4\BrCcUxSys.exe[284] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\PLAY ONLINE\OnlineUpdate\ouc.exe[372] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\PLAY ONLINE\OnlineUpdate\ouc.exe[372] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[424] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[500] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[500] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[528] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[528] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[548] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\services.exe[572] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[572] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[584] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[584] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[760] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\wdfmgr.exe[768] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wdfmgr.exe[768] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1020] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1020] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1312] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1312] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1312] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1372] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1372] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1516] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1516] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe[1680] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe[1680] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[1708] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[1708] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[1844] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[1844] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1876] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1876] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1876] USER32.dll!DefWindowProcA + 11A 7E37C298 7 Bytes JMP 105244B6 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1876] USER32.dll!SetWindowLongA + 19 7E37C2B6 7 Bytes JMP 10524527 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1876] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 1052825D C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1876] USER32.dll!GetMenuContextHelpId + 1A 7E3B5319 7 Bytes JMP 10521BFA C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1968] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1968] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\Marcin.DOM-D69AD2F462C\Ustawienia lokalne\Dane aplikacji\tuto4pc_pl_21\upt4pc_pl_21.exe[2020] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Marcin.DOM-D69AD2F462C\Ustawienia lokalne\Dane aplikacji\tuto4pc_pl_21\upt4pc_pl_21.exe[2020] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\RUNDLL32.EXE[2032] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\RUNDLL32.EXE[2032] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2040] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2040] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2040] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[2044] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 019D3D20 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2044] ntdll.dll!NtFlushBuffersFile 7C90D32E 5 Bytes JMP 019BC661 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2044] ntdll.dll!NtQueryFullAttributesFile 7C90D7AE 5 Bytes JMP 019D3820 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2044] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 019BC750 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2044] ntdll.dll!NtReadFileScatter 7C90D9DE 5 Bytes JMP 0225E1FF C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2044] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 019D43D0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2044] ntdll.dll!NtWriteFileGather 7C90DF8E 5 Bytes JMP 0225E1AE C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2044] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00461F4C C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2044] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[2044] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 004503FC .text C:\Program Files\Mozilla Firefox\firefox.exe[2044] KERNEL32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 021FF582 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2044] KERNEL32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 021FF55F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2044] KERNEL32.dll!ValidateLocale + B648 7C844EE0 7 Bytes JMP 019D06F3 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2044] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[2044] user32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 0210E5A9 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2044] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 021FF4E0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2284] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2284] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2356] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2356] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2688] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2688] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2828] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2828] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2916] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2916] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys ---- EOF - GMER 2.1 ----