GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-09-02 20:23:17 Windows 5.1.2600 Dodatek Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 HTS541080G9AT00 rev.MB4OA60A 74,53GB Running: t8ys0j9o.exe; Driver: C:\DOCUME~1\figaro\USTAWI~1\Temp\kwrcrfog.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xF33CBBA6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xF33CC684] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xF3410D80] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xF33D86F8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xF33D8744] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xF33D88DE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xF3410734] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xF33D8666] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xF33D8788] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xF33D86AE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xF33CCBBA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xF33D8898] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xF33CD472] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xF33CBC0C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xF3411446] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xF34116FC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xF33D0C68] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xF34112B1] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xF341111C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xF33CB7F8] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xF4205ED0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xF33CBC72] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xF33D105E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xF33CDF5A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xF33D8722] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xF33D8766] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xF33D8902] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xF3410A90] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xF33D868C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xF33D0560] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xF33D8816] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xF33D86D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xF33D094C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xF33D88BC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xF4205C6E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xF3410F97] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xF33CDDCE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xF3410DE9] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xF33CD924] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xF4213E1A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xF340FD77] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xF33CBCD8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xF33CBD3E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xF33CD2EC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xF33CB892] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xF33CBA64] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xF341154D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xF33CB9F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xF33CD63C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xF33CD79E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xF33CBAEC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xF33CD12A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xF33CD2CC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xF33CBDA4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xF33CC6E0] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2D81 80503A65 7 Bytes [88, 3D, F3, D6, 86, 3D, F3] .text ntkrnlpa.exe!ZwCallbackReturn + 2E50 80503B34 4 Bytes [E9, 0D, 41, F3] .text ntkrnlpa.exe!ZwCallbackReturn + 2ED8 80503BBC 12 Bytes [D8, BC, 3C, F3, 3E, BD, 3C, ...] {FDIVR DWORD [ESP+EDI+0x3cbd3ef3]; IN AL, DX; SAR [EBX+ESI*8], CL} .text ntkrnlpa.exe!ZwCallbackReturn + 2F80 80503C64 12 Bytes [3C, D6, 3C, F3, 9E, D7, 3C, ...] .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF69E4360, 0x213A6D, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[252] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[252] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[336] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[336] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\IePluginServices\PluginService.exe[352] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\IePluginServices\PluginService.exe[352] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect\ProtectWindowsManager.exe[452] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect\ProtectWindowsManager.exe[452] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[540] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[540] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[648] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[648] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[704] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[704] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\NetCrawl\bin\NetCrawl.BrowserAdapter.exe[740] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\NetCrawl\bin\NetCrawl.BrowserAdapter.exe[740] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[820] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\wbem\unsecapp.exe[832] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\wbem\unsecapp.exe[832] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[836] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[836] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[1004] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[1004] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[1016] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[1016] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1104] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1104] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1140] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[1168] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[1168] KERNEL32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[1196] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[1196] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1240] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1240] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1252] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1252] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\NetCrawl\updateNetCrawl.exe[1304] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\NetCrawl\updateNetCrawl.exe[1304] KERNEL32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[1364] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[1364] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1508] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1568] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1568] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1600] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1600] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1836] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\NetCrawl\updater.exe[1900] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\NetCrawl\updater.exe[1900] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\NetCrawl\bin\utilNetCrawl.exe[1952] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\NetCrawl\bin\utilNetCrawl.exe[1952] KERNEL32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2016] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2016] kernel32.dll!SetUnhandledExceptionFilter 7C810386 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2016] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2232] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2232] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2256] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2256] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2380] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2380] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2492] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\iPod\bin\iPodService.exe[2988] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\iPod\bin\iPodService.exe[2988] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\NetCrawl\bin\NetCrawl.PurBrowse.exe[3140] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\NetCrawl\bin\NetCrawl.PurBrowse.exe[3140] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3160] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3160] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3180] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3180] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[3296] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[3296] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3308] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3308] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[3332] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[3332] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\ATK0100\HControl.exe[3512] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\ATK0100\HControl.exe[3512] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[3684] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[3684] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\ATK0100\ATKOSD.exe[3692] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\ATK0100\ATKOSD.exe[3692] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3736] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3736] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Wireless Console 2\wcourier.exe[3760] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Wireless Console 2\wcourier.exe[3760] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3792] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3792] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3804] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3804] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[3816] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[3816] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[3852] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[3852] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3860] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3860] kernel32.dll!SetUnhandledExceptionFilter 7C810386 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3860] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\iTunes\iTunesHelper.exe[3868] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\iTunes\iTunesHelper.exe[3868] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3952] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3952] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[3964] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[3964] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Documents and Settings\figaro\Moje dokumenty\Downloads\t8ys0j9o.exe[5696] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Documents and Settings\figaro\Moje dokumenty\Downloads\t8ys0j9o.exe[5696] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[1240] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003C0002 IAT C:\WINDOWS\system32\services.exe[1240] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003C0000 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip {6fcd6092-9615-4f7f-8898-8df53980e5d2}t.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys AttachedDevice \Driver\Tcpip \Device\Tcp {6fcd6092-9615-4f7f-8898-8df53980e5d2}t.sys AttachedDevice \Driver\Tcpip \Device\Udp {6fcd6092-9615-4f7f-8898-8df53980e5d2}t.sys AttachedDevice \Driver\Tcpip \Device\RawIp {6fcd6092-9615-4f7f-8898-8df53980e5d2}t.sys ---- EOF - GMER 2.1 ----