GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-09-06 02:01:50 Windows 5.1.2600 Dodatek Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.892C 74,53GB Running: d2wl6sof.exe; Driver: C:\DOCUME~1\admin\USTAWI~1\Temp\awtdqpog.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xA750CBA6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xA750D684] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xA7551D80] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xA75196F8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xA7519744] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xA75198DE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xA7551734] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xA7519666] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xA7519788] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xA75196AE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xA750DBBA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xA7519898] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xA750E472] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xA750CC0C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xA7552446] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xA75526FC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xA7511C68] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xA75522B1] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xA755211C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xA750C7F8] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xA785EED0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xA750CC72] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xA751205E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xA750EF5A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xA7519722] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xA7519766] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xA7519902] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xA7551A90] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xA751968C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xA7511560] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xA7519816] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xA75196D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xA751194C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xA75198BC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xA785EC6E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xA7551F97] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xA750EDCE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xA7551DE9] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xA750E924] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xA786CE1A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xA7550D77] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xA750CCD8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xA750CD3E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xA750E2EC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xA750C892] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xA750CA64] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xA755254D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xA750C9F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xA750E63C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xA750E79E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xA750CAEC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xA750E12A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xA750E2CC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xA750CDA4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xA750D6E0] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2D81 80503A65 7 Bytes [98, 51, A7, D6, 96, 51, A7] {CWDE ; PUSH ECX; CMPSD ; SALC ; XCHG ESI, EAX; PUSH ECX; CMPSD } .text ntkrnlpa.exe!ZwCallbackReturn + 2E50 80503B34 4 Bytes [E9, 1D, 55, A7] .text ntkrnlpa.exe!ZwCallbackReturn + 2E5C 80503B40 4 Bytes JMP BFF4E295 .text ntkrnlpa.exe!ZwCallbackReturn + 2ED8 80503BBC 12 Bytes [D8, CC, 50, A7, 3E, CD, 50, ...] {FMUL ST0, ST4; PUSH EAX; CMPSD ; INT 0x50; CMPSD ; IN AL, DX; LOOP 0x5b; CMPSD } .text ntkrnlpa.exe!ZwCallbackReturn + 2F80 80503C64 12 Bytes [3C, E6, 50, A7, 9E, E7, 50, ...] {CMP AL, 0xe6; PUSH EAX; CMPSD ; SAHF ; OUT 0x50, EAX; CMPSD ; IN AL, DX; RETF 0xa750} PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A4ED0 4 Bytes CALL A750F62B \SystemRoot\system32\drivers\aswSnx.sys ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\Explorer.EXE[172] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[172] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[204] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[204] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[368] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[368] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\wdfmgr.exe[532] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\wdfmgr.exe[532] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[572] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[572] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe[744] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe[744] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[796] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[796] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[836] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[916] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[916] KERNEL32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[944] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\services.exe[988] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\services.exe[988] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1288] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[1308] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[1308] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1452] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1484] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1484] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1640] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[1652] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[1652] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1700] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1700] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\DllHost.exe[1788] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\DllHost.exe[1788] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\HPQ\IAM\bin\asghost.exe[1808] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\HPQ\IAM\bin\asghost.exe[1808] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1892] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1892] kernel32.dll!SetUnhandledExceptionFilter 7C810386 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1892] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[2004] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[2004] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2168] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2168] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE[2212] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE[2212] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2244] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2244] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\igfxtray.exe[2276] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\igfxtray.exe[2276] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\hkcmd.exe[2308] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\hkcmd.exe[2308] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\igfxpers.exe[2316] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\igfxpers.exe[2316] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[2388] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[2388] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\igfxsrvc.exe[2436] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\igfxsrvc.exe[2436] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\SMINST\Scheduler.exe[2500] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\SMINST\Scheduler.exe[2500] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\SMINST\Scheduler.exe[2500] USER32.dll!GetSysColor 77D38E50 5 Bytes JMP 00418ED0 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2500] USER32.dll!GetSysColorBrush 77D38E83 5 Bytes JMP 00418F40 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2500] USER32.dll!SetScrollInfo 77D3902C 7 Bytes JMP 00418DC0 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2500] USER32.dll!GetScrollPos 77D3F66F 5 Bytes JMP 00418D50 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2500] USER32.dll!SetScrollRange 77D3F6BB 5 Bytes JMP 00418E40 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2500] USER32.dll!SetScrollPos 77D3F780 5 Bytes JMP 00418E00 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2500] USER32.dll!GetScrollRange 77D3F7B7 5 Bytes JMP 00418D80 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2500] USER32.dll!ShowScrollBar 77D40142 5 Bytes JMP 00418E90 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2500] USER32.dll!GetScrollInfo 77D43A2F 7 Bytes JMP 00418D10 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2500] USER32.dll!EnableScrollBar 77D87BAD 7 Bytes JMP 00418CD0 C:\WINDOWS\SMINST\Scheduler.exe .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2548] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2548] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2572] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2572] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2632] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2632] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2660] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2660] kernel32.dll!SetUnhandledExceptionFilter 7C810386 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2660] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\AGRSMMSG.exe[2676] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\AGRSMMSG.exe[2676] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[2760] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[2760] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe[2816] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe[2816] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Documents and Settings\admin\Pulpit\d2wl6sof.exe[2976] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Documents and Settings\admin\Pulpit\d2wl6sof.exe[2976] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Opera\opera.exe[3912] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003B01F8 .text C:\Program Files\Opera\opera.exe[3912] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Opera\opera.exe[3912] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 003B03FC .text C:\Program Files\Opera\opera.exe[3912] KERNEL32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[988] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003C0002 IAT C:\WINDOWS\system32\services.exe[988] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003C0000 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----