GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-05-13 00:08:15 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 MAXTOR_STM3250310AS rev.3.AAA Running: 7lbk4kvm.exe; Driver: C:\Users\Ja\AppData\Local\Temp\pxldypoc.sys ---- System - GMER 1.0.15 ---- INT 0x51 ? 85EA4CB8 INT 0x62 ? 85EA4CB8 INT 0x72 ? 85EA4CB8 INT 0x82 ? 84455CB8 INT 0x92 ? 84455CB8 INT 0xA2 ? 84455CB8 INT 0xB3 ? 85EA4CB8 ---- Kernel code sections - GMER 1.0.15 ---- .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x8079E089] .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8C210000, 0x38E905, 0xE8000020] .text USBPORT.SYS!DllUnload 87FD741B 5 Bytes JMP 85EA41C8 .text amf341to.SYS!A0DB34FC6FE35D429A28ADDE5467D4D7 8CC4B900 48 Bytes [14, C7, 2D, B0, 76, E3, 52, ...] ? C:\Windows\System32\Drivers\amf341to.SYS suspicious PE modification ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[2948] kernel32.dll!SetUnhandledExceptionFilter 7670A8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\Internet Explorer\iexplore.exe[3288] kernel32.dll!CreateThread 7672CB2E 5 Bytes JMP 6F5672FB C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!SetWindowsHookExW 766487AD 5 Bytes JMP 6F5A2194 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!CallNextHookEx 76648E3B 5 Bytes JMP 6F5C7BB7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!UnhookWindowsHookEx 766498DB 5 Bytes JMP 6F5EEB10 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!EnableWindow 7664CD8B 5 Bytes JMP 6F5A9A14 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!DefWindowProcA 7664DB88 7 Bytes JMP 6F569525 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!CreateWindowExA 7664DC2A 5 Bytes JMP 6F57335B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!CreateWindowExW 76651305 5 Bytes JMP 6F5CFF8F C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!DefWindowProcW 766603B4 7 Bytes JMP 6F5C7C1A C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!DialogBoxParamW 766710B0 5 Bytes JMP 6F50170B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!DialogBoxIndirectParamW 76672EF5 5 Bytes JMP 6F6F640E C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!DialogBoxParamA 76688152 5 Bytes JMP 6F6F63A9 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!DialogBoxIndirectParamA 7668847D 5 Bytes JMP 6F6F6473 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!MessageBoxIndirectA 7669D4D9 5 Bytes JMP 6F6F6330 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!MessageBoxIndirectW 7669D5D3 5 Bytes JMP 6F6F62B7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!MessageBoxExA 7669D639 5 Bytes JMP 6F6F6253 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!MessageBoxExW 7669D65D 5 Bytes JMP 6F6F61EF C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3288] ole32.dll!OleLoadFromStream 77B51E80 5 Bytes JMP 6F6F6BE7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!EnableWindow 7664CD8B 5 Bytes JMP 6F5A9A14 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!DialogBoxParamW 766710B0 5 Bytes JMP 6F50170B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!DialogBoxIndirectParamW 76672EF5 5 Bytes JMP 6F6F640E C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!DialogBoxParamA 76688152 5 Bytes JMP 6F6F63A9 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!DialogBoxIndirectParamA 7668847D 5 Bytes JMP 6F6F6473 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!MessageBoxIndirectA 7669D4D9 5 Bytes JMP 6F6F6330 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!MessageBoxIndirectW 7669D5D3 5 Bytes JMP 6F6F62B7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!MessageBoxExA 7669D639 5 Bytes JMP 6F6F6253 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!MessageBoxExW 7669D65D 5 Bytes JMP 6F6F61EF C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3744] kernel32.dll!CreateThread 7672CB2E 5 Bytes JMP 6F5672FB C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3744] USER32.dll!SetWindowsHookExW 766487AD 5 Bytes JMP 6F5A2194 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3744] USER32.dll!CallNextHookEx 76648E3B 5 Bytes JMP 6F5C7BB7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3744] USER32.dll!UnhookWindowsHookEx 766498DB 5 Bytes JMP 6F5EEB10 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3744] USER32.dll!EnableWindow 7664CD8B 5 Bytes JMP 6F5A9A14 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3744] USER32.dll!DefWindowProcA 7664DB88 7 Bytes JMP 6F569525 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3744] USER32.dll!CreateWindowExA 7664DC2A 5 Bytes JMP 6F57335B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3744] USER32.dll!CreateWindowExW 76651305 5 Bytes JMP 6F5CFF8F C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3744] USER32.dll!DefWindowProcW 766603B4 7 Bytes JMP 6F5C7C1A C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3744] USER32.dll!DialogBoxParamW 766710B0 5 Bytes JMP 6F50170B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3744] USER32.dll!DialogBoxIndirectParamW 76672EF5 5 Bytes JMP 6F6F640E C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3744] USER32.dll!DialogBoxParamA 76688152 5 Bytes JMP 6F6F63A9 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3744] USER32.dll!DialogBoxIndirectParamA 7668847D 5 Bytes JMP 6F6F6473 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3744] USER32.dll!MessageBoxIndirectA 7669D4D9 5 Bytes JMP 6F6F6330 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3744] USER32.dll!MessageBoxIndirectW 7669D5D3 5 Bytes JMP 6F6F62B7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3744] USER32.dll!MessageBoxExA 7669D639 5 Bytes JMP 6F6F6253 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3744] USER32.dll!MessageBoxExW 7669D65D 5 Bytes JMP 6F6F61EF C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3744] ole32.dll!OleLoadFromStream 77B51E80 5 Bytes JMP 6F6F6BE7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068BF12] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [8068C232] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068B730] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068C0F0] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068B856] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068B914] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74737817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7477B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7473BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7472F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [747375E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7472E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [747673F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7473DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7472FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7472FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747271CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [747BCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7475C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7472D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74726853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7472687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74732AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8445C1E8 Device \Driver\netbt \Device\NetBT_Tcpip_{A1F89EFB-5321-40CD-844D-3F544AD7575C} 863B6430 Device \Driver\usbuhci \Device\USBPDO-0 85DA41E8 Device \Driver\usbuhci \Device\USBPDO-1 85DA41E8 Device \Driver\usbuhci \Device\USBPDO-2 85DA41E8 Device \Driver\usbuhci \Device\USBPDO-3 85DA41E8 Device \Driver\usbehci \Device\USBPDO-4 85DEE1E8 Device \Driver\cdrom \Device\CdRom0 85D7B1E8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8445B1E8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 8445B1E8 Device \Driver\atapi \Device\Ide\IdePort0 8445B1E8 Device \Driver\atapi \Device\Ide\IdePort1 8445B1E8 Device \Driver\atapi \Device\Ide\IdePort2 8445B1E8 Device \Driver\atapi \Device\Ide\IdePort3 8445B1E8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-4 8445B1E8 Device \Driver\cdrom \Device\CdRom1 85D7B1E8 Device \Driver\USBSTOR \Device\00000066 85D821E8 Device \Driver\USBSTOR \Device\00000067 85D821E8 Device \Driver\cdrom \Device\CdRom2 85D7B1E8 Device \Driver\USBSTOR \Device\00000068 85D821E8 Device \Driver\USBSTOR \Device\00000069 85D821E8 Device \Driver\netbt \Device\NetBt_Wins_Export 863B6430 Device \Driver\PCI_PNP9761 \Device\0000003e sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) Device \Driver\PCI_PNP9761 \Device\0000003e sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) Device \Driver\iScsiPrt \Device\RaidPort0 85D401E8 Device \Driver\USBSTOR \Device\0000006a 85D821E8 Device \Driver\usbuhci \Device\USBFDO-0 85DA41E8 Device \Driver\usbuhci \Device\USBFDO-1 85DA41E8 Device \Driver\usbuhci \Device\USBFDO-2 85DA41E8 Device \Driver\usbuhci \Device\USBFDO-3 85DA41E8 Device \Driver\usbehci \Device\USBFDO-4 85DEE1E8 Device \Driver\amf341to \Device\Scsi\amf341to1Port5Path0Target0Lun0 85D651E8 Device \Driver\amf341to \Device\Scsi\amf341to1 85D651E8 Device \FileSystem\cdfs \Cdfs 86E401E8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF0 0x36 0x15 0xFB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC8 0xEA 0x6B 0x9F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x59 0x26 0x3D 0xAD ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF0 0x36 0x15 0xFB ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC8 0xEA 0x6B 0x9F ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x59 0x26 0x3D 0xAD ... ---- Files - GMER 1.0.15 ---- File C:\Users\Ja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F5GS01W4\cps-vflDsLkzx[1].swf 0 bytes File C:\Users\Ja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F5GS01W4\cps-vflDsLkzx[2].swf 0 bytes File C:\Users\Ja\AppData\Local\temp\~DF9AF1.tmp 0 bytes ---- EOF - GMER 1.0.15 ----