GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-12-02 10:46:24 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK2552GSX rev.LV011C 232,89GB Running: gulq25hp.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\pgtdipob.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xA7BBFA9C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xA7BC057A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xA7C0485D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xA7BCC5C4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xA7BCC610] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xA7BCC7AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xA7C04211] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xA7BCC532] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xA7BCC654] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xA7BCC57A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xA7BC0AB0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xA7BCC764] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xA7BC1368] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xA7BBFB02] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xA7C04F23] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xA7C051D9] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xA7BC4B3C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xA7C04D8E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xA7C04BF9] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xA7BBF6EE] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xA801167A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xA7BBFB68] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xA7BC4F32] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xA7BC1E50] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xA7BCC5EE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xA7BCC632] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xA7BCC7CE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xA7C0456D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xA7BCC558] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xA7BC4436] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xA7BCC6E2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xA7BCC5A2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xA7BC481E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xA7BCC788] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xA801141E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xA7C04A74] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xA7BC1CC4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xA7C048C6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xA7BC181A] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xA801F3D8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xA7C03857] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xA7BBFBCE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xA7BBFC34] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xA7BC11E2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xA7BBF788] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xA7BBF95A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xA7C0502A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xA7BBF8E8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xA7BC1532] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xA7BC1694] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xA7BBF9E2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xA7BC1020] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xA7BC11C2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xA7BBFC9A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xA7BC05D6] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2FD4 805048BC 12 Bytes [CE, FB, BB, A7, 34, FC, BB, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 306C 80504954 4 Bytes CALL F0F80551 .text ntkrnlpa.exe!ZwCallbackReturn + 307C 80504964 12 Bytes [32, 15, BC, A7, 94, 16, BC, ...] {XOR DL, [0x1694a7bc]; MOV ESP, 0xbbf9e2a7; CMPSD } PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64DC 4 Bytes CALL A7BC24FD \SystemRoot\system32\drivers\aswSnx.sys ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\alg.exe[208] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[208] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[416] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[468] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[468] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[492] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[492] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\services.exe[536] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[536] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[548] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[548] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[772] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[812] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[812] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[836] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[836] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\WLTRYSVC.EXE[1040] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\WLTRYSVC.EXE[1040] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\bcmwltry.exe[1084] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\bcmwltry.exe[1084] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1092] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1092] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1092] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1264] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1264] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1324] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1324] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\agrsmsvc.exe[1340] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\agrsmsvc.exe[1340] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[1352] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[1352] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[1376] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[1376] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\MobileBrServ\mbbservice.exe[1488] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\MobileBrServ\mbbservice.exe[1488] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[1560] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[1560] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1580] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1580] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1612] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1612] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1636] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1636] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\notepad.exe[1688] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\notepad.exe[1688] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1716] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\wdfmgr.exe[1744] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wdfmgr.exe[1744] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1804] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1804] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\gulq25hp.exe[1908] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\gulq25hp.exe[1908] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe[2040] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe[2040] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[2092] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[2092] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2536] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, E0, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, E3, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, E0, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, E1, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912FFA .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, E2, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, E1, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, E2, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91306B .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, E0, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B913199 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, E1, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, E2, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, E3, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 009701F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 009703FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3308] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[536] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[536] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys ---- EOF - GMER 2.1 ----