GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-05-23 00:55:25 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdePort1 ST980811AS rev.3.CDD 74,53GB Running: 92rimh2n.exe; Driver: C:\DOCUME~1\JASAM~1.ANO\USTAWI~1\Temp\agkcipoc.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xA76EBAA0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xA76EC57E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xA773085D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xA76F85C8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xA76F8614] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xA76F87AE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xA7730211] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xA76F8536] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xA76F8658] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xA76F857E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xA76ECAB4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xA76F8768] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xA76ED36C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xA76EBB06] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xA7730F23] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xA77311D9] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xA76F0B40] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xA7730D8E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xA7730BF9] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xA76EB6F2] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xA7A017B2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xA76EBB6C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xA76F0F36] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xA76EDE54] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xA76F85F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xA76F8636] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xA76F87D2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xA773056D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xA76F855C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xA76F043A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xA76F86E6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xA76F85A6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xA76F0822] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xA76F878C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xA7A01556] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xA7730A74] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xA76EDCC8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xA77308C6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xA76ED81E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xA7A0F526] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xA772F857] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xA76EBBD2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xA76EBC38] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xA76ED1E6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xA76EB78C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xA76EB95E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xA773102A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xA76EB8EC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xA76ED536] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xA76ED698] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xA76EB9E6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xA76ED024] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xA76ED1C6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xA76EBC9E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xA76EC5DA] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2FD4 805048BC 12 Bytes [D2, BB, 6E, A7, 38, BC, 6E, ...] {SAR [EBX-0x43c75892], CL; OUTS DX, BYTE [ESI]; CMPSD ; OUT 0xd1, AL; OUTS DX, BYTE [ESI]; CMPSD } .text ntkrnlpa.exe!ZwCallbackReturn + 307C 80504964 12 Bytes [36, D5, 6E, A7, 98, D6, 6E, ...] {AAD 0x6e; CMPSD ; CWDE ; SALC ; OUTS DX, BYTE [ESI]; CMPSD ; OUT 0xb9, AL; OUTS DX, BYTE [ESI]; CMPSD } PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64DC 4 Bytes CALL A76EE501 \SystemRoot\system32\drivers\aswSnx.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[152] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[152] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[324] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[324] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[436] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[436] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[448] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[448] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[448] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[560] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[560] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\afwServ.exe[560] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe[620] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe[620] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[740] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[740] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\IePluginService\PluginService.exe[780] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\IePluginService\PluginService.exe[780] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\WPM\wprotectmanager.exe[812] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\WPM\wprotectmanager.exe[812] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[828] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[828] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\hkcmd.exe[856] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\hkcmd.exe[856] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[928] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[928] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[952] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[952] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\services.exe[996] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[996] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1008] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\SCardSvr.exe[1056] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\SCardSvr.exe[1056] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\igfxpers.exe[1076] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\igfxpers.exe[1076] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[1236] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1260] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1260] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1284] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1284] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1344] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1344] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\igfxsrvc.exe[1420] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\igfxsrvc.exe[1420] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1424] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1424] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1424] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\004\rqpbhevlkc32.exe[1440] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\004\rqpbhevlkc32.exe[1440] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\AVG Secure Search\vprot.exe[1444] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVG Secure Search\vprot.exe[1444] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe[1488] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe[1488] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe[1512] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe[1512] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1552] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1648] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1648] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1660] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1692] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1692] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Nikon\PictureProject\NkbMonitor.exe[1716] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Nikon\PictureProject\NkbMonitor.exe[1716] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1764] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\fst_pl_117\fst_pl_117.exe[1932] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\fst_pl_117\fst_pl_117.exe[1932] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1964] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1964] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\WinZip\WZQKPICK.EXE[2144] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\WinZip\WZQKPICK.EXE[2144] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text c:\Program Files\CouponDownloader\CouponDownloaderService.exe[2348] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text c:\Program Files\CouponDownloader\CouponDownloaderService.exe[2348] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2452] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2452] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[2524] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[2524] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2824] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[2936] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[2936] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2984] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2984] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Settings Manager\systemk\SystemkService.exe[3016] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Settings Manager\systemk\SystemkService.exe[3016] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe[3088] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe[3088] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Settings Manager\systemk\SystemkService.exe[3144] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Settings Manager\systemk\SystemkService.exe[3144] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3152] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3152] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3160] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3160] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Settings Manager\systemk\systemku.exe[3236] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Settings Manager\systemk\systemku.exe[3236] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe[3288] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe[3288] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3572] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3572] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\wbem\unsecapp.exe[3784] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\unsecapp.exe[3784] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3828] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3828] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Pulpit\92rimh2n.exe[3964] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Pulpit\92rimh2n.exe[3964] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[996] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[996] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs systemkmgrc1.cfg AttachedDevice \Driver\Tcpip \Device\Ip aswNdis2.sys AttachedDevice \Driver\Tcpip \Device\Ip netfilter.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswNdis2.sys AttachedDevice \Driver\Tcpip \Device\Tcp netfilter.sys AttachedDevice \Driver\Tcpip \Device\Udp aswNdis2.sys AttachedDevice \Driver\Tcpip \Device\Udp netfilter.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswNdis2.sys AttachedDevice \Driver\Tcpip \Device\RawIp netfilter.sys ---- Processes - GMER 2.1 ---- Process C:\WINDOWS\system32\ZSHP1020.EXE (*** hidden *** ) 1620 ---- Files - GMER 2.1 ---- File C:\avast! sandbox 0 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004 0 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone 0 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C 0 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\Documents and Settings 0 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\Documents and Settings\ja sam.ANONIM-E21ED28F 0 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\Documents and Settings\ja sam.ANONIM-E21ED28F\Cookies 0 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\Documents and Settings\ja sam.ANONIM-E21ED28F\Cookies\index.dat 32768 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\Documents and Settings\ja sam.ANONIM-E21ED28F\Ustawienia lokalne 0 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\Documents and Settings\ja sam.ANONIM-E21ED28F\Ustawienia lokalne\Historia 0 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\Documents and Settings\ja sam.ANONIM-E21ED28F\Ustawienia lokalne\Historia\History.IE5 0 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\Documents and Settings\ja sam.ANONIM-E21ED28F\Ustawienia lokalne\Historia\History.IE5\index.dat 49152 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\Documents and Settings\ja sam.ANONIM-E21ED28F\Ustawienia lokalne\Temp 0 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\Documents and Settings\ja sam.ANONIM-E21ED28F\Ustawienia lokalne\Temporary Internet Files 0 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\Documents and Settings\ja sam.ANONIM-E21ED28F\Ustawienia lokalne\Temporary Internet Files\Content.IE5 0 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\Documents and Settings\ja sam.ANONIM-E21ED28F\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat 491520 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\Program Files 0 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\Program Files\AVAST Software 0 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\Program Files\AVAST Software\Avast 0 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\Program Files\AVAST Software\Avast\sfzone 0 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\Program Files\AVAST Software\Avast\sfzone\productid 32 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile 0 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\chrome_shutdown_ms.txt 4 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\Default 0 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\Default\Archived History 57344 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\Default\Archived History-journal 512 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\Default\Cache 0 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\Default\Cache\data_0 8192 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\Default\Cache\data_1 270336 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\Default\Cache\data_2 8192 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\Default\Cache\data_3 8192 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\Default\Cache\index 524656 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\Default\Cookies 6144 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\Default\Cookies-journal 1544 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\Default\Current Session 771 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\Default\Current Tabs 8 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\Default\Favicons 20480 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\Default\Favicons-journal 512 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\Default\History 94208 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\Default\History Index 2013-10 45056 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\Default\History Index 2013-10-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\Default\History Provider Cache 10861 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\Default\History-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\Default\Network Action Predictor 16384 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\Default\Network Action Predictor-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\Default\Origin Bound Certs 5120 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\Default\Origin Bound Certs-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\Default\Preferences 10091 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\Default\Shortcuts 12288 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\Default\Shortcuts-journal 512 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\Default\Top Sites 20480 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\Default\Top Sites-journal 12824 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\Default\User StyleSheets 0 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\Default\User StyleSheets\Custom.css 0 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\Default\Visited Links 131072 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\Default\Web Data 73728 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\Default\Web Data-journal 4624 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\First Run 0 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\C\sfzone_profile\Local State 1992 bytes File C:\avast! sandbox\S-1-5-21-299502267-1993962763-1417001333-1004\sfzone\snx_fs.dat 8558 bytes File C:\avast! sandbox\snx_rhive 262144 bytes File C:\avast! sandbox\snx_rhive.LOG 1024 bytes ---- EOF - GMER 2.1 ----