GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-05-04 20:12:01 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000071 SAMSUNG_ rev.1AG0 Running: gmer.exe; Driver: C:\Users\Oskar\AppData\Local\Temp\fwtoipod.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13C1 83286359 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832BFD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text sptd.sys 8C01C000 8 Bytes [34, E2, 21, 83, A0, 47, 21, ...] {XOR AL, 0xe2; AND [EBX-0x7cdeb860], EAX} .text sptd.sys 8C01C009 23 Bytes [47, 21, 83, 48, 6B, 21, 83, ...] .text sptd.sys 8C01C024 4 Bytes [44, B5, 14, 8C] .text sptd.sys 8C01C02C 188 Bytes [B1, D7, 4A, 83, C4, 99, 42, ...] .text sptd.sys 8C01C0E9 167 Bytes [1B, 28, 83, FA, A4, 2E, 83, ...] .text ... .sptd2 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x8C113D38] ? C:\Windows\System32\Drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .text USBPORT.SYS!DllUnload 94937DB9 5 Bytes JMP 86FF4410 ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1848] kernel32.dll!SetUnhandledExceptionFilter 77A9F4FB 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[2884] kernel32.dll!SetUnhandledExceptionFilter 77A9F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\Mozilla Firefox\firefox.exe[3120] ntdll.dll!LdrLoadDll 77D5223E 5 Bytes JMP 657FC930 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3120] kernel32.dll!MapViewOfFile 77A993DB 5 Bytes JMP 65A2E083 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3120] kernel32.dll!VirtualAlloc 77A9C43A 5 Bytes JMP 65A2E0AA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3120] GDI32.dll!CreateDIBSection 76B08850 5 Bytes JMP 65A2E00D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4680] USER32.dll!SetWindowLongA 77988BA3 5 Bytes JMP 65B85EE6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4680] USER32.dll!SetWindowLongW 77994449 5 Bytes JMP 65B85E78 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4680] USER32.dll!GetWindowInfo 77994B5E 5 Bytes JMP 65974822 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4680] USER32.dll!TrackPopupMenu 779A2228 5 Bytes JMP 65974DD6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5360] USER32.dll!TrackPopupMenu 779A2228 5 Bytes JMP 65974DD6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8C01D0C0] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8C01DFE0] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [8C01D574] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8C01E1BC] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8C01D362] \SystemRoot\System32\Drivers\sptd.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1048] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74942437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1048] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74925600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1048] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [749256BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1048] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [749424B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1048] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74938514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1048] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74934CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1048] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7493506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1048] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74935144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1048] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74936671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1048] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7493826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1048] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [749387BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1048] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7493901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1048] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7493E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1048] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74934BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] [02B49832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] [02B4A27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlLockHeap] [02B494D8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlUnlockHeap] [02B494E8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] [02B492CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] [02B49E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlDestroyHeap] [02B494B8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlCreateHeap] [02B494A8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlExitUserProcess] [02B4AA9E] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] [02B4A27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] [02B49832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] [02B492CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] [02B49E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75D8FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] [02B492CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] [02B49E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75D8FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] [02B49E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] [02B492CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] [02B49832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] [02B49E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] [02B492CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] [02B49E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] [02B492CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] [02B49832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75D8FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75D8FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] [02B49E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] [02B49E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] [02B492CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75D8FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] [02B49E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] [02B492CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\Crypt32.DLL [ntdll.dll!RtlFreeHeap] [02B49E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\Crypt32.DLL [ntdll.dll!RtlAllocateHeap] [02B492CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\Crypt32.DLL [KERNEL32.dll!GetProcAddress] [75D8FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] [02B492CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] [02B49E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[5992] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75D8FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 85B3A1F8 AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) Device \Driver\NetBT \Device\NetBT_Tcpip_{4BCD5856-CB2F-490F-A507-A8C116F670E0} 86E521F8 Device \Driver\usbohci \Device\USBPDO-0 86FF51F8 Device \Driver\usbehci \Device\USBPDO-1 870031F8 Device \Driver\PCI_PNP3776 \Device\00000060 sptd.sys Device \Driver\ACPI_HAL \Device\00000057 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) Device \Driver\nvstor32 \Device\00000071 85B381F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom0 86485430 AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\atapi \Device\Ide\IdePort0 85B361F8 Device \Driver\atapi \Device\Ide\IdePort1 85B361F8 Device \Driver\cdrom \Device\CdRom1 86485430 Device \Driver\nvstor32 \Device\00000073 85B381F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom2 86485430 AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\NetBT \Device\NetBt_Wins_Export 86E521F8 Device \Driver\nvstor32 \Device\RaidPort0 85B381F8 Device \Driver\nvstor32 \Device\RaidPort1 85B381F8 Device \Driver\usbohci \Device\USBFDO-0 86FF51F8 Device \Driver\usbehci \Device\USBFDO-1 870031F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{A612FB99-F666-4795-8B10-21C8E5527C72} 86E521F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{FF9752EC-654F-4C9A-9C0E-271A8D94E5CF} 86E521F8 Device \Driver\acoehm96 \Device\Scsi\acoehm961Port4Path0Target0Lun0 871DE1F8 Device \Driver\acoehm96 \Device\Scsi\acoehm961 871DE1F8 Device \FileSystem\cdfs \Cdfs 88A1F1F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x7B 0x23 0x7B 0xE2 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xAA 0xE0 0x31 0xC4 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xA9 0x66 0x9A 0xDF ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x89 0x11 0x7C 0x6E ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0x68 0xDA 0x17 0xEA ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0x82 0xD9 0xB4 0x42 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x7B 0x23 0x7B 0xE2 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xAA 0xE0 0x31 0xC4 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xA9 0x66 0x9A 0xDF ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x89 0x11 0x7C 0x6E ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0x68 0xDA 0x17 0xEA ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0x82 0xD9 0xB4 0x42 ... Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\îci\xa6gane_rzeczy\ComboFix.exe 1 ---- EOF - GMER 1.0.15 ----