GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-12-10 00:05:09 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3250820A rev.3.AAE 232,89GB Running: f6l9pmjj.exe; Driver: C:\DOCUME~1\Aras\USTAWI~1\Temp\pgtdrpoc.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xB8016BA6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xB8017684] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xB805BD80] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xB80236F8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xB8023744] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xB80238DE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xB805B734] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xB8023666] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xB8023788] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xB80236AE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xB8017BBA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xB8023898] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xB8018472] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xB8016C0C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xB805C446] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xB805C6FC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xB801BC68] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xB805C2B1] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xB805C11C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xB80167F8] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xB82B6ED0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xB8016C72] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xB801C05E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xB8018F5A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xB8023722] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xB8023766] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xB8023902] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xB805BA90] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xB802368C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xB801B560] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xB8023816] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xB80236D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xB801B94C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xB80238BC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xB82B6C6E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xB805BF97] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xB8018DCE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xB805BDE9] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xB8018924] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xB82C4E1A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xB805AD77] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xB8016CD8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xB8016D3E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xB80182EC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xB8016892] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xB8016A64] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xB805C54D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xB80169F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xB801863C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xB801879E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xB8016AEC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xB801812A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xB80182CC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xB8016DA4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xB80176E0] ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!_abnormal_termination + 310 804E28E4 4 Bytes JMP 99062EA6 .text ntoskrnl.exe!_abnormal_termination + 398 804E296C 12 Bytes [D8, 6C, 01, B8, 3E, 6D, 01, ...] {FSUBR DWORD [ECX+EAX-0x48]; INS DWORD [ES:EDI], DX; ADD [EAX-0x47fe7d14], EDI} .text ntoskrnl.exe!_abnormal_termination + 440 804E2A14 12 Bytes [3C, 86, 01, B8, 9E, 87, 01, ...] PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BC20 4 Bytes CALL B801962B \SystemRoot\system32\drivers\aswSnx.sys .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB97D7360, 0x240F7E, 0xE8000020] init C:\WINDOWS\System32\drivers\HPFECP06.SYS entry point in "init" section [0xB5E0E8C0] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[208] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [18, 20, C4, 01] {SBB [EAX], AH; LES EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[208] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[208] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[208] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[208] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[208] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[480] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[524] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[588] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[632] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\services.exe[676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[676] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[688] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1012] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1140] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[1396] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[1396] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1408] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1408] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1540] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe[1592] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe[1592] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1692] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1692] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\wbem\unsecapp.exe[1724] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\unsecapp.exe[1724] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1752] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1752] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1752] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1888] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1888] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[1944] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[1944] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1968] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1968] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 10, A8, 00] {SUB [EAX], DL; TEST AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 13, A8, 00] {SUB [EBX], DL; TEST AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 10, A8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 11, A8, 00] {TEST AL, 0x11; TEST AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B917E2A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 12, A8, 00] {TEST AL, 0x12; TEST AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 11, A8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 12, A8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B917E9B .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 10, A8, 00] {TEST AL, 0x10; TEST AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B917FC9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 11, A8, 00] {SUB [ECX], DL; TEST AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 12, A8, 00] {SUB [EDX], DL; TEST AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 13, A8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00E601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00E603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2268] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2268] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\Mixer.exe[2488] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Mixer.exe[2488] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe[2496] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe[2496] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2612] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2612] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\lg_fwupdate\fwupdate.exe[2628] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\lg_fwupdate\fwupdate.exe[2628] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2636] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2636] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Winamp\winampa.exe[2684] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Winamp\winampa.exe[2684] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2740] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2740] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2740] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[2748] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[2748] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2756] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2756] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\Aras\Moje dokumenty\Downloads\f6l9pmjj.exe[2788] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Aras\Moje dokumenty\Downloads\f6l9pmjj.exe[2788] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2848] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\CCleaner\CCleaner.exe[2864] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\CCleaner\CCleaner.exe[2864] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3436] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3436] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3456] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3456] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3860] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3860] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[3932] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[3932] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[676] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003E0002 IAT C:\WINDOWS\system32\services.exe[676] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003E0000 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys ---- EOF - GMER 2.1 ----