GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-04-16 19:50:54 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\0000006c ST3250310AS rev.3.AAF 232,88GB Running: 8ce7creq.exe; Driver: C:\DOCUME~1\1\USTAWI~1\Temp\pwncraow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xB20F0A9C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xB20F157A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xB213585D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xB20FD5C4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xB20FD610] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xB20FD7AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xB2135211] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xB20FD532] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xB20FD654] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xB20FD57A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xB20F1AB0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xB20FD764] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xB20F2368] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xB20F0B02] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xB2135F23] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xB21361D9] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xB20F5B3C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xB2135D8E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xB2135BF9] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xB20F06EE] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xB23FC7A2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xB20F0B68] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xB20F5F32] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xB20F2E50] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xB20FD5EE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xB20FD632] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xB20FD7CE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xB213556D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xB20FD558] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xB20F5436] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xB20FD6E2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xB20FD5A2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xB20F581E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xB20FD788] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xB23FC546] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xB2135A74] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xB20F2CC4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xB21358C6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xB20F281A] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xB240A4F6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xB2134857] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xB20F0BCE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xB20F0C34] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xB20F21E2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xB20F0788] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xB20F095A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xB213602A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xB20F08E8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xB20F2532] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xB20F2694] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xB20F09E2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xB20F2020] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xB20F21C2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xB20F0C9A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xB20F15D6] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2FD4 805048BC 12 Bytes [CE, 0B, 0F, B2, 34, 0C, 0F, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 306C 80504954 4 Bytes CALL F1025861 .text ntkrnlpa.exe!ZwCallbackReturn + 307C 80504964 12 Bytes [32, 25, 0F, B2, 94, 26, 0F, ...] .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6ECB3C0, 0x9B091A, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[112] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[112] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[124] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[124] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[184] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[184] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[224] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[224] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[248] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[248] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[448] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[448] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe[516] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe[516] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[524] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[572] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[572] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[592] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[592] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[616] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[616] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\services.exe[660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[660] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[672] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[672] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[888] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[888] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[976] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1092] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [18, 00, C3, 01] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1172] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1248] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1248] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1248] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 7C, F3, 00] {SUB [EBX+ESI*8+0x0], BH} .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 7F, F3, 00] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 7C, F3, 00] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 7D, F3, 00] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91C996 .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 7E, F3, 00] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 7D, F3, 00] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 7E, F3, 00] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91CA07 .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 7C, F3, 00] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91CB35 .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 7D, F3, 00] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 7E, F3, 00] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 7F, F3, 00] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 013101F8 .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 013103FC .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1256] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[1372] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[1372] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1392] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[1476] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[1476] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1536] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1708] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1708] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Zune\ZuneBusEnum.exe[1848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Zune\ZuneBusEnum.exe[1848] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[2664] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[2664] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2728] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2728] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[3296] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[3296] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\RunDLL32.exe[3316] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\RunDLL32.exe[3316] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\rundll32.exe[3380] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\rundll32.exe[3380] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3396] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3396] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3396] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[3536] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[3536] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[3560] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[3560] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3580] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3580] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 80, 34, 00] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 83, 34, 00] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 80, 34, 00] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 81, 34, 00] {TEST AL, 0x81; XOR AL, 0x0} .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B910A9A .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 82, 34, 00] {TEST AL, 0x82; XOR AL, 0x0} .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 81, 34, 00] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 82, 34, 00] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B910B0B .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 80, 34, 00] {TEST AL, 0x80; XOR AL, 0x0} .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B910C39 .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 81, 34, 00] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 82, 34, 00] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 83, 34, 00] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003F01F8 .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003F03FC .text C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3608] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\msiexec.exe[4496] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\msiexec.exe[4496] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[5724] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[5724] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\1\Moje dokumenty\Downloads\8ce7creq.exe[5736] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\1\Moje dokumenty\Downloads\8ce7creq.exe[5736] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[660] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003E0002 IAT C:\WINDOWS\system32\services.exe[660] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003E0000 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS ---- Processes - GMER 2.1 ---- Library C:\Program Files\Google\Drive\googledrivesync32.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [2664] 0x10000000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\Alerter@Start 4 Reg HKLM\SYSTEM\CurrentControlSet\Services\Alerter Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310@2021a571cd6d 0xB9 0x01 0x6D 0xB2 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00158315a310 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00158315a310@2021a571cd6d 0xB9 0x01 0x6D 0xB2 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 138 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesSuccessful 98 ---- Files - GMER 2.1 ---- File C:\Documents and Settings\1\Ustawienia lokalne\Temporary Internet Files\Content.IE5\QKQPNK40\AllServices[1].aspx 0 bytes ---- EOF - GMER 2.1 ----