GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-05-21 22:03:06 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 Maxtor_6L200P0 rev.BAJ41G20 Running: yxm70yo2.exe; Driver: C:\DOCUME~1\Paula\USTAWI~1\Temp\kxtdapog.sys ---- System - GMER 1.0.15 ---- SSDT spay.sys ZwCreateKey [0xF86E20E0] SSDT spay.sys ZwEnumerateKey [0xF86FADA4] SSDT spay.sys ZwEnumerateValueKey [0xF86FB132] SSDT spay.sys ZwOpenKey [0xF86E20C0] SSDT spay.sys ZwQueryKey [0xF86FB20A] SSDT spay.sys ZwQueryValueKey [0xF86FB08A] SSDT spay.sys ZwSetValueKey [0xF86FB29C] INT 0x62 ? 833DEBF8 INT 0x73 ? 8335FBF8 INT 0x82 ? 833DEBF8 INT 0x83 ? 8335FBF8 INT 0x84 ? 82FA0BF8 INT 0x94 ? 82FA0BF8 INT 0xA4 ? 82FA0BF8 ---- Kernel code sections - GMER 1.0.15 ---- ? spay.sys Nie można odnaleźć określonego pliku. ! .text USBPORT.SYS!DllUnload F79228AC 5 Bytes JMP 82FA01D8 .text a926h95k.SYS F78D1386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text a926h95k.SYS F78D13AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text a926h95k.SYS F78D13C4 3 Bytes [00, 80, 02] .text a926h95k.SYS F78D13C9 1 Byte [30] .text a926h95k.SYS F78D13C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL} .text ... ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[3744] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0122C930 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3744] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 0145E0AA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3744] kernel32.dll!MapViewOfFile 7C80B995 5 Bytes JMP 0145E083 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3744] GDI32.dll!CreateDIBSection 77F19E09 1 Byte [E9] .text C:\Program Files\Mozilla Firefox\firefox.exe[3744] GDI32.dll!CreateDIBSection 77F19E09 5 Bytes JMP 0145E00D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8335F2D8 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F870DDDC] spay.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F870DE30] spay.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F86E3042] spay.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F86E313E] spay.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F86E30C0] spay.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F86E3800] spay.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F86E36D6] spay.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F86F2B90] spay.sys IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82FA02D8 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!swprintf] 001CBA86 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8986 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C8B IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!MmFreeMappingAddress] 96868801 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CB286 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!MmUnmapIoSpace] 88968B00 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IofCompleteRequest] 001CA496 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IofCallDriver] 001CC186 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] C286880C IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CC386 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!sprintf] 968D5140 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C98 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!ObfDereferenceObject] 22F6E852 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!ZwClose] 1CB48E8D IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 000022E4 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoCreateDevice] 00001CA0 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 22D2E850 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!ZwOpenKey] 1CBC968D IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoStartTimer] 000022C0 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoInitializeTimer] 001CC38E IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CC58688 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!ZwCreateKey] C6000000 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CC386 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C98 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2292E851 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoStartPacket] 538B0000 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CB4868D IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoFreeMdl] E8500000 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!MmUnlockPages] 00002280 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CC38E IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CC58688 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CC396 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!KeSetTimer] F6317300 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!_allmul] 74070647 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!_except_handler3] 05578A0B IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CC5 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!_aulldiv] 03087408 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!strstr] 72F93B3F IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!_strupr] 8A09EBDA IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CC5 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!KeTickCount] 88084B8A IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CC68E IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC886 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoAllocateIrp] 11E85000 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000022 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CC08E IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!MmLockPagableDataSection] C4968B00 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CCC8E IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!ExFreePoolWithTag] D0968900 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!InitSafeBootMode] D4C68150 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!PoCallDriver] 0021E7E8 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!memmove] 18C48300 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F IAT \SystemRoot\System32\Drivers\a926h95k.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E IAT \SystemRoot\System32\Drivers\a926h95k.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[HAL.dll!KeGetCurrentIrql] 9E880000 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[HAL.dll!KfRaiseIrql] 00001CB1 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[HAL.dll!KfLowerIrql] 0E798366 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[HAL.dll!HalGetInterruptVector] 74AAB000 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[HAL.dll!HalTranslateBusAddress] 8986C636 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C IAT \SystemRoot\System32\Drivers\a926h95k.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[HAL.dll!READ_PORT_USHORT] 001C9686 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2 IAT \SystemRoot\System32\Drivers\a926h95k.SYS[WMILIB.SYS!WmiSystemControl] 8800001C IAT \SystemRoot\System32\Drivers\a926h95k.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8335B1F8 AttachedDevice \FileSystem\Ntfs \Ntfs naiavf5x.sys (Anti-Virus File System Filter Driver/Network Associates, Inc.) Device \FileSystem\Fastfat \FatCdrom 82F01500 AttachedDevice \Driver\Tcpip \Device\Ip mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.) Device \Driver\usbohci \Device\USBPDO-0 831751F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8335D1F8 Device \Driver\dmio \Device\DmControl\DmConfig 8335D1F8 Device \Driver\dmio \Device\DmControl\DmPnP 8335D1F8 Device \Driver\dmio \Device\DmControl\DmInfo 8335D1F8 Device \Driver\usbehci \Device\USBPDO-1 82F911F8 Device \Driver\usbohci \Device\USBPDO-2 831751F8 Device \Driver\usbohci \Device\USBPDO-3 831751F8 AttachedDevice \Driver\Tcpip \Device\Tcp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.) Device \Driver\PCI_PNP7036 \Device\00000049 spay.sys Device \Driver\PCI_PNP7036 \Device\00000049 spay.sys Device \Driver\Ftdisk \Device\HarddiskVolume1 833DF1F8 Device \Driver\sptd \Device\116990786 spay.sys Device \Driver\Ftdisk \Device\HarddiskVolume2 833DF1F8 Device \Driver\Cdrom \Device\CdRom0 82FCC1F8 Device \Driver\atapi \Device\Ide\IdePort0 [F8635B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F8635B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F8635B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F8635B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 [F8635B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 [F8635B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Ftdisk \Device\HarddiskVolume3 833DF1F8 Device \Driver\Cdrom \Device\CdRom1 82FCC1F8 Device \Driver\Cdrom \Device\CdRom2 82FCC1F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 82ED2500 Device \Driver\NetBT \Device\NetbiosSmb 82ED2500 Device \Driver\NetBT \Device\NetBT_Tcpip_{C240DA82-8DD4-4C75-AC4A-0D5019843049} 82ED2500 AttachedDevice \Driver\Tcpip \Device\Udp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.) Device \Driver\usbohci \Device\USBFDO-0 831751F8 Device \Driver\usbohci \Device\USBFDO-1 831751F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 83026500 Device \Driver\usbohci \Device\USBFDO-2 831751F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 83026500 Device \Driver\usbehci \Device\USBFDO-3 82F911F8 Device \Driver\Ftdisk \Device\FtControl 833DF1F8 Device \Driver\a926h95k \Device\Scsi\a926h95k1Port3Path0Target0Lun0 82F871F8 Device \Driver\fasttx2k \Device\Scsi\fasttx2k1Port2Path0Target0Lun0 8335C1F8 Device \Driver\fasttx2k \Device\Scsi\fasttx2k1 8335C1F8 Device \Driver\a926h95k \Device\Scsi\a926h95k1 82F871F8 Device \FileSystem\Fastfat \Fat 82F01500 AttachedDevice \FileSystem\Fastfat \Fat naiavf5x.sys (Anti-Virus File System Filter Driver/Network Associates, Inc.) Device \FileSystem\Cdfs \Cdfs 82D8F1F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x91 0xB9 0x02 0xF3 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8C 0x59 0x39 0x40 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7B 0xBE 0xBE 0xB5 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x91 0xB9 0x02 0xF3 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8C 0x59 0x39 0x40 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7B 0xBE 0xBE 0xB5 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x91 0xB9 0x02 0xF3 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8C 0x59 0x39 0x40 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7B 0xBE 0xBE 0xB5 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x91 0xB9 0x02 0xF3 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8C 0x59 0x39 0x40 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7B 0xBE 0xBE 0xB5 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x91 0xB9 0x02 0xF3 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8C 0x59 0x39 0x40 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7B 0xBE 0xBE 0xB5 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x91 0xB9 0x02 0xF3 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8C 0x59 0x39 0x40 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7B 0xBE 0xBE 0xB5 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x91 0xB9 0x02 0xF3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8C 0x59 0x39 0x40 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7B 0xBE 0xBE 0xB5 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x91 0xB9 0x02 0xF3 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8C 0x59 0x39 0x40 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7B 0xBE 0xBE 0xB5 ... ---- EOF - GMER 1.0.15 ----