GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-05-07 20:38:06 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.04.0 Running: 993h42gb.exe; Driver: C:\Users\Karol\AppData\Local\Temp\kwdoqpob.sys ---- Kernel code sections - GMER 1.0.15 ---- ? C:\Windows\System32\Drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .sfreloc˙˙˙˙sfsync03unknown last section [0x832C0000, 0xA3E, 0x40000040] C:\Windows\System32\drivers\sfsync03.sys unknown last section [0x832C0000, 0xA3E, 0x40000040] .text USBPORT.SYS!DllUnload 8C71741B 5 Bytes JMP 869151C8 ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[856] USER32.dll!SetWindowsHookExW 75E287AD 5 Bytes JMP 71859B15 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[856] USER32.dll!CallNextHookEx 75E28E3B 5 Bytes JMP 7184D16D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[856] USER32.dll!UnhookWindowsHookEx 75E298DB 5 Bytes JMP 717C4666 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[856] USER32.dll!CreateWindowExW 75E31305 5 Bytes JMP 7185DB6C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[856] USER32.dll!DialogBoxParamW 75E510B0 5 Bytes JMP 71785501 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[856] USER32.dll!DialogBoxIndirectParamW 75E52EF5 5 Bytes JMP 7195502F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[856] USER32.dll!DialogBoxParamA 75E68152 5 Bytes JMP 71954FCC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[856] USER32.dll!DialogBoxIndirectParamA 75E6847D 5 Bytes JMP 71955092 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[856] USER32.dll!MessageBoxIndirectA 75E7D4D9 5 Bytes JMP 71954F61 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[856] USER32.dll!MessageBoxIndirectW 75E7D5D3 5 Bytes JMP 71954EF6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[856] USER32.dll!MessageBoxExA 75E7D639 5 Bytes JMP 71954E94 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[856] USER32.dll!MessageBoxExW 75E7D65D 5 Bytes JMP 71954E32 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[856] ole32.dll!OleLoadFromStream 76531E80 5 Bytes JMP 719553B0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[856] ole32.dll!CoCreateInstance 76569F3E 5 Bytes JMP 7185DBC8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!SetWindowsHookExW 75E287AD 5 Bytes JMP 71859B15 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!CallNextHookEx 75E28E3B 5 Bytes JMP 7184D16D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!UnhookWindowsHookEx 75E298DB 5 Bytes JMP 717C4666 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!CreateWindowExW 75E31305 5 Bytes JMP 7185DB6C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!DialogBoxParamW 75E510B0 5 Bytes JMP 71785501 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!DialogBoxIndirectParamW 75E52EF5 5 Bytes JMP 7195502F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!DialogBoxParamA 75E68152 5 Bytes JMP 71954FCC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!DialogBoxIndirectParamA 75E6847D 5 Bytes JMP 71955092 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!MessageBoxIndirectA 75E7D4D9 5 Bytes JMP 71954F61 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!MessageBoxIndirectW 75E7D5D3 5 Bytes JMP 71954EF6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!MessageBoxExA 75E7D639 5 Bytes JMP 71954E94 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!MessageBoxExW 75E7D65D 5 Bytes JMP 71954E32 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1576] ole32.dll!OleLoadFromStream 76531E80 5 Bytes JMP 719553B0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1576] ole32.dll!CoCreateInstance 76569F3E 5 Bytes JMP 7185DBC8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2660] USER32.dll!SetWindowsHookExW 75E287AD 5 Bytes JMP 71859B15 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2660] USER32.dll!CallNextHookEx 75E28E3B 5 Bytes JMP 7184D16D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2660] USER32.dll!UnhookWindowsHookEx 75E298DB 5 Bytes JMP 717C4666 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2660] USER32.dll!CreateWindowExW 75E31305 5 Bytes JMP 7185DB6C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2660] USER32.dll!DialogBoxParamW 75E510B0 5 Bytes JMP 71785501 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2660] USER32.dll!DialogBoxIndirectParamW 75E52EF5 5 Bytes JMP 7195502F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2660] USER32.dll!DialogBoxParamA 75E68152 5 Bytes JMP 71954FCC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2660] USER32.dll!DialogBoxIndirectParamA 75E6847D 5 Bytes JMP 71955092 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2660] USER32.dll!MessageBoxIndirectA 75E7D4D9 5 Bytes JMP 71954F61 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2660] USER32.dll!MessageBoxIndirectW 75E7D5D3 5 Bytes JMP 71954EF6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2660] USER32.dll!MessageBoxExA 75E7D639 5 Bytes JMP 71954E94 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2660] USER32.dll!MessageBoxExW 75E7D65D 5 Bytes JMP 71954E32 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2660] ole32.dll!OleLoadFromStream 76531E80 5 Bytes JMP 719553B0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2660] ole32.dll!CoCreateInstance 76569F3E 5 Bytes JMP 7185DBC8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!CreateWindowExW 75E31305 5 Bytes JMP 7185DB6C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!DialogBoxParamW 75E510B0 5 Bytes JMP 71785501 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!DialogBoxIndirectParamW 75E52EF5 5 Bytes JMP 7195502F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!DialogBoxParamA 75E68152 5 Bytes JMP 71954FCC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!DialogBoxIndirectParamA 75E6847D 5 Bytes JMP 71955092 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!MessageBoxIndirectA 75E7D4D9 5 Bytes JMP 71954F61 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!MessageBoxIndirectW 75E7D5D3 5 Bytes JMP 71954EF6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!MessageBoxExA 75E7D639 5 Bytes JMP 71954E94 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!MessageBoxExW 75E7D65D 5 Bytes JMP 71954E32 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068F61E] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068EAD4] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068F748] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068EB9C] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068EC1A] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A429A] \SystemRoot\System32\Drivers\sptd.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 001F0002 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 001F0000 IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [748B7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7490A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [748BBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [748AF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [748B75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [748AE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [748E8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [748BDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [748AFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [748AFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [748A71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7493CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [748DC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [748AD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [748A6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [748A687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [748B2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8543B1E8 Device \Driver\netbt \Device\NetBT_Tcpip_{91ADCD6A-5013-42E9-9BF1-7772ED383604} 881F4790 AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) Device \Driver\volmgr \Device\VolMgrControl 850141E8 Device \Driver\usbuhci \Device\USBPDO-0 8696F1E8 Device \Driver\netbt \Device\NetBT_Tcpip_{90A33E74-440E-4C0E-AE3B-342B2B81D63B} 881F4790 Device \Driver\usbuhci \Device\USBPDO-1 8696F1E8 Device \Driver\usbehci \Device\USBPDO-2 86992790 Device \Driver\usbuhci \Device\USBPDO-3 8696F1E8 Device \Driver\usbuhci \Device\USBPDO-4 8696F1E8 AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\usbuhci \Device\USBPDO-5 8696F1E8 Device \Driver\usbehci \Device\USBPDO-6 86992790 Device \Driver\volmgr \Device\HarddiskVolume1 850141E8 Device \Driver\volmgr \Device\HarddiskVolume2 850141E8 Device \Driver\cdrom \Device\CdRom0 86A291E8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 854391E8 Device \Driver\iaStor \Device\Ide\iaStor0 854371E8 Device \Driver\atapi \Device\Ide\IdePort0 854391E8 Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 854371E8 Device \Driver\volmgr \Device\HarddiskVolume3 850141E8 Device \Driver\netbt \Device\NetBt_Wins_Export 881F4790 Device \Driver\iScsiPrt \Device\RaidPort0 86A303A0 AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\usbuhci \Device\USBFDO-0 8696F1E8 Device \Driver\usbuhci \Device\USBFDO-1 8696F1E8 Device \Driver\usbehci \Device\USBFDO-2 86992790 Device \Driver\usbuhci \Device\USBFDO-3 8696F1E8 Device \Driver\usbuhci \Device\USBFDO-4 8696F1E8 Device \Driver\usbuhci \Device\USBFDO-5 8696F1E8 Device \Driver\usbehci \Device\USBFDO-6 86992790 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x18 0x2B 0xF7 0x6F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD5 0xEC 0x97 0x45 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x13 0x8F 0x1E 0xBC ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD8 0x9C 0xC5 0x24 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7B 0x44 0x5A 0xC4 ... Reg HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex@pkm:catalog:LastCatalogCrawlId 11 Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@NewCrawlNumber 12 Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages@NewStartPageIdentifier 6 Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\4@StartPageIdentifier 5 Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\4@NumberOfUrls 0 Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\4@LastCrawlSuccesses 1 Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\4@LastCrawlExcluded 0 Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\4@LastCrawlAccessDenied 0 Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\4@LastCrawlNotFound 0 Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\4@LastCrawlUncategorizedErrors 0 Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\4@LastCrawlSeedStatus 0 Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\4@LastCrawlId 9 Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\4@CsType 4 Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\4@Created 0 Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\4@Modified 0 Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gathering Manager\Applications\Windows@CrawlScopeVersion 18 ---- EOF - GMER 1.0.15 ----