GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-11-27 07:33:50 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0040 232,89GB Running: qoc37f9g.exe; Driver: C:\DOCUME~1\MICHA~1\USTAWI~1\Temp\pxtdypow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xAC591AA0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xAC59257E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xAC5D685D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xAC59E5C8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xAC59E614] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xAC59E7AE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xAC5D6211] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xAC59E536] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xAC59E658] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xAC59E57E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xAC592AB4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xAC59E768] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xAC59336C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xAC591B06] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xAC5D6F23] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xAC5D71D9] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xAC596B40] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xAC5D6D8E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xAC5D6BF9] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xAC5916F2] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xAC97B7B2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xAC591B6C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xAC596F36] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xAC593E54] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xAC59E5F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xAC59E636] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xAC59E7D2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xAC5D656D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xAC59E55C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xAC59643A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xAC59E6E6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xAC59E5A6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xAC596822] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xAC59E78C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xAC97B556] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xAC5D6A74] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xAC593CC8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xAC5D68C6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xAC59381E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xAC989526] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xAC5D5857] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xAC591BD2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xAC591C38] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xAC5931E6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xAC59178C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xAC59195E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xAC5D702A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xAC5918EC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xAC593536] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xAC593698] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xAC5919E6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xAC593024] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xAC5931C6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xAC591C9E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xAC5925DA] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2FD4 805048BC 12 Bytes [D2, 1B, 59, AC, 38, 1C, 59, ...] {RCR [EBX], CL; POP ECX; LODSB ; CMP [ECX+EBX*2], BL; LODSB ; OUT 0x31, AL; POP ECX; LODSB } .text ntkrnlpa.exe!ZwCallbackReturn + 307C 80504964 12 Bytes [36, 35, 59, AC, 98, 36, 59, ...] {XOR EAX, 0x3698ac59; POP ECX; LODSB ; OUT 0x19, AL; POP ECX; LODSB } PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64DC 4 Bytes CALL AC594501 \SystemRoot\system32\drivers\aswSnx.sys .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB97F6000, 0x189C82, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\svchost.exe[216] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[216] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[232] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[232] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[232] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[256] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[256] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\wbem\unsecapp.exe[280] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\unsecapp.exe[280] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[404] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[404] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[432] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[432] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[672] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[672] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\acs.exe[720] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\acs.exe[720] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1020] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1020] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[1064] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[1112] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[1112] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[1148] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[1148] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1196] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1208] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\agrsmsvc.exe[1256] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\agrsmsvc.exe[1256] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1372] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1372] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1528] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1528] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1564] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1584] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1612] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1612] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1684] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1684] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1772] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1772] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1804] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1836] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1968] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2036] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2036] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2072] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2072] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[2252] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[2252] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe[2260] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe[2260] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2272] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2272] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Atheros\ACU.exe[2304] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Atheros\ACU.exe[2304] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\rundll32.exe[2384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\rundll32.exe[2384] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\PowerISO\PWRISOVM.EXE[2420] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\PowerISO\PWRISOVM.EXE[2420] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2444] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2444] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2444] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Real\RealPlayer\update\realsched.exe[2520] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Real\RealPlayer\update\realsched.exe[2520] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\Real\RealPlayer\update\realsched.exe[2520] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[2552] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[2552] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\ipla\ipla.exe[2744] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\ipla\ipla.exe[2744] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Skype\Phone\Skype.exe[2772] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Skype\Phone\Skype.exe[2772] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\PC Cleaner Pro\PCCleaners.exe[2780] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\PC Cleaner Pro\PCCleaners.exe[2780] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[2900] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[2900] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.28.15\GoogleCrashHandler.exe[2944] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.28.15\GoogleCrashHandler.exe[2944] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\Micha許Dane aplikacji\Dropbox\bin\Dropbox.exe[2948] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Micha許Dane aplikacji\Dropbox\bin\Dropbox.exe[2948] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3168] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3168] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[3332] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[3332] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3532] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3532] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.exe[5168] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.exe[5168] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\Micha許Pulpit\pobrane\qoc37f9g.exe[8624] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Micha許Pulpit\pobrane\qoc37f9g.exe[8624] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[1196] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[1196] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00037a94e691 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00037a94e691@001c4326aa56 0xA5 0xC0 0xAD 0x58 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00037a94e691@00265d89b99c 0xE7 0xFF 0xFE 0xDB ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00037a94e691 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00037a94e691@001c4326aa56 0xA5 0xC0 0xAD 0x58 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00037a94e691@00265d89b99c 0xE7 0xFF 0xFE 0xDB ... ---- EOF - GMER 2.1 ----