GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-10-15 18:44:38 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2SS0 Running: 4w9vm9x9.exe; Driver: C:\Users\ANGELA~1\AppData\Local\Temp\pwddykoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x90C6D536] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x90F1B7BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x90C6DF52] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x90C78D7A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x90C78DC6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x90C78F48] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x90C78CE8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x90F1BBAC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x90C78D30] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x90C6E146] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x90C78F02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x90C6E8CA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x90C6D584] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x90F1B89E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x90C6D1EC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x90C6D5D2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x90C722A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x90C6F292] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x90C78DA4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x90C78DE8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x90C78F6C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x90C78D0E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x90C78E8C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x90C78D58] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x90C78F26] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x90F1BA1E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x90C6F15E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0x90C6ED08] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x90C6D620] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x90C6D66E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x90C6E74A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x90C6D276] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x90C6D426] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x90C6D3CC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x90C6EA2C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x90C6EB88] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x90C6D496] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x90F1BAE8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x90C6E5CA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x90C6D6BC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x90F1B954] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x90C6E2CE] INT 0x72 ? 87C96CC8 INT 0x82 ? 87C96CC8 INT 0x92 ? 87C96CC8 INT 0xA2 ? 85FB8CC8 INT 0xA2 ? 87C96CC8 INT 0xA2 ? 87C96CC8 INT 0xA2 ? 87C96CC8 INT 0xA2 ? 85FB8CC8 INT 0xB1 ? 85FB2CC8 INT 0xB1 ? 85FB2CC8 INT 0xB2 ? 87C96CC8 Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90F33744] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!KeInsertQueue + 2FD 82CB4934 4 Bytes [36, D5, C6, 90] .text ntoskrnl.exe!KeInsertQueue + 321 82CB4958 4 Bytes [BA, B7, F1, 90] .text ntoskrnl.exe!KeInsertQueue + 381 82CB49B8 4 Bytes [52, DF, C6, 90] .text ntoskrnl.exe!KeInsertQueue + 3C1 82CB49F8 8 Bytes [7A, 8D, C7, 90, C6, 8D, C7, ...] .text ntoskrnl.exe!KeInsertQueue + 3CD 82CB4A04 4 Bytes [48, 8F, C7, 90] {DEC EAX; POP EDI; NOP } .text ... PAGE ntoskrnl.exe!ObMakeTemporaryObject 82DEAE46 5 Bytes JMP 90F3061C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 110 82E3454F 4 Bytes CALL 90C6F959 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntoskrnl.exe!ObInsertObject 82E38A1C 5 Bytes JMP 90F320FE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 121 82E62017 4 Bytes CALL 90C6F96F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntoskrnl.exe!ZwCreateProcessEx 82ECFEC6 7 Bytes JMP 90F33748 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text sptd.sys 8AE45000 32 Bytes [06, 11, C2, 82, 60, 7F, C1, ...] .text sptd.sys 8AE45024 4 Bytes [D2, 43, F7, 8A] .text sptd.sys 8AE4502C 120 Bytes [12, 93, E4, 82, E2, DB, DE, ...] .text sptd.sys 8AE450A5 228 Bytes [E6, C8, 82, DA, 74, D2, 82, ...] .text sptd.sys 8AE4518A 74 Bytes [C9, 82, 50, F1, CA, 82, B5, ...] .text ... .sptd2 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x8AF3CD38] ? C:\Windows\System32\Drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .text USBPORT.SYS!DllUnload 9020741B 5 Bytes JMP 87C961D8 ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\System32\spoolsv.exe[124] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text C:\Windows\system32\svchost.exe[316] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text C:\Windows\system32\taskeng.exe[364] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text C:\Windows\system32\csrss.exe[652] KERNEL32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text C:\Windows\system32\wininit.exe[696] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text ... .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1688] kernel32.dll!SetUnhandledExceptionFilter 76E4A8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1688] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text C:\Windows\system32\WLANExt.exe[1696] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text C:\Windows\system32\Dwm.exe[1836] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[1852] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[1872] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text ... .text C:\Program Files\Sony\Content Manager Assistant\CMAWatcher.exe[2052] ntdll.dll!LdrLoadDll 77329378 5 Bytes JMP 000E01F8 .text C:\Program Files\Sony\Content Manager Assistant\CMAWatcher.exe[2052] ntdll.dll!LdrUnloadDll 7733B680 5 Bytes JMP 000E03FC .text C:\Program Files\Sony\Content Manager Assistant\CMAWatcher.exe[2052] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text C:\Program Files\Sony\Content Manager Assistant\CMAWatcher.exe[2052] USER32.dll!SetWindowsHookExA 75C16322 5 Bytes JMP 00100600 .text C:\Program Files\Sony\Content Manager Assistant\CMAWatcher.exe[2052] USER32.dll!SetWindowsHookExW 75C187AD 5 Bytes JMP 00100804 .text C:\Program Files\Sony\Content Manager Assistant\CMAWatcher.exe[2052] USER32.dll!UnhookWindowsHookEx 75C198DB 5 Bytes JMP 00100A08 .text C:\Program Files\Sony\Content Manager Assistant\CMAWatcher.exe[2052] USER32.dll!SetWinEventHook 75C19F3A 5 Bytes JMP 001001F8 .text C:\Program Files\Sony\Content Manager Assistant\CMAWatcher.exe[2052] USER32.dll!UnhookWinEvent 75C1C06F 5 Bytes JMP 001003FC .text C:\Program Files\Sony\Content Manager Assistant\CMAWatcher.exe[2052] ADVAPI32.dll!CreateServiceW 76B29EB4 5 Bytes JMP 001103FC .text C:\Program Files\Sony\Content Manager Assistant\CMAWatcher.exe[2052] ADVAPI32.dll!DeleteService 76B2A07E 5 Bytes JMP 00110600 .text C:\Program Files\Sony\Content Manager Assistant\CMAWatcher.exe[2052] ADVAPI32.dll!SetServiceObjectSecurity 76B66CD9 5 Bytes JMP 00111014 .text C:\Program Files\Sony\Content Manager Assistant\CMAWatcher.exe[2052] ADVAPI32.dll!ChangeServiceConfigA 76B66DD9 5 Bytes JMP 00110804 .text C:\Program Files\Sony\Content Manager Assistant\CMAWatcher.exe[2052] ADVAPI32.dll!ChangeServiceConfigW 76B66F81 5 Bytes JMP 00110A08 .text C:\Program Files\Sony\Content Manager Assistant\CMAWatcher.exe[2052] ADVAPI32.dll!ChangeServiceConfig2A 76B67099 5 Bytes JMP 00110C0C .text C:\Program Files\Sony\Content Manager Assistant\CMAWatcher.exe[2052] ADVAPI32.dll!ChangeServiceConfig2W 76B671E1 5 Bytes JMP 00110E10 .text C:\Program Files\Sony\Content Manager Assistant\CMAWatcher.exe[2052] ADVAPI32.dll!CreateServiceA 76B672A1 5 Bytes JMP 001101F8 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2100] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[2112] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text C:\Windows\system32\svchost.exe[2232] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2276] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text ... .text C:\Users\angela_koper470\Desktop\4w9vm9x9.exe[2476] ntdll.dll!LdrLoadDll 77329378 5 Bytes JMP 001501F8 .text C:\Users\angela_koper470\Desktop\4w9vm9x9.exe[2476] ntdll.dll!LdrUnloadDll 7733B680 5 Bytes JMP 001503FC .text C:\Users\angela_koper470\Desktop\4w9vm9x9.exe[2476] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text C:\Users\angela_koper470\Desktop\4w9vm9x9.exe[2476] ADVAPI32.dll!CreateServiceW 76B29EB4 5 Bytes JMP 003703FC .text C:\Users\angela_koper470\Desktop\4w9vm9x9.exe[2476] ADVAPI32.dll!DeleteService 76B2A07E 5 Bytes JMP 00370600 .text C:\Users\angela_koper470\Desktop\4w9vm9x9.exe[2476] ADVAPI32.dll!SetServiceObjectSecurity 76B66CD9 5 Bytes JMP 00371014 .text C:\Users\angela_koper470\Desktop\4w9vm9x9.exe[2476] ADVAPI32.dll!ChangeServiceConfigA 76B66DD9 5 Bytes JMP 00370804 .text C:\Users\angela_koper470\Desktop\4w9vm9x9.exe[2476] ADVAPI32.dll!ChangeServiceConfigW 76B66F81 5 Bytes JMP 00370A08 .text C:\Users\angela_koper470\Desktop\4w9vm9x9.exe[2476] ADVAPI32.dll!ChangeServiceConfig2A 76B67099 5 Bytes JMP 00370C0C .text C:\Users\angela_koper470\Desktop\4w9vm9x9.exe[2476] ADVAPI32.dll!ChangeServiceConfig2W 76B671E1 3 Bytes JMP 00370E10 .text C:\Users\angela_koper470\Desktop\4w9vm9x9.exe[2476] ADVAPI32.dll!ChangeServiceConfig2W + 4 76B671E5 1 Byte [89] .text C:\Users\angela_koper470\Desktop\4w9vm9x9.exe[2476] ADVAPI32.dll!CreateServiceA 76B672A1 5 Bytes JMP 003701F8 .text C:\Users\angela_koper470\Desktop\4w9vm9x9.exe[2476] USER32.dll!SetWindowsHookExA 75C16322 5 Bytes JMP 00380600 .text C:\Users\angela_koper470\Desktop\4w9vm9x9.exe[2476] USER32.dll!SetWindowsHookExW 75C187AD 5 Bytes JMP 00380804 .text C:\Users\angela_koper470\Desktop\4w9vm9x9.exe[2476] USER32.dll!UnhookWindowsHookEx 75C198DB 5 Bytes JMP 00380A08 .text C:\Users\angela_koper470\Desktop\4w9vm9x9.exe[2476] USER32.dll!SetWinEventHook 75C19F3A 5 Bytes JMP 003801F8 .text C:\Users\angela_koper470\Desktop\4w9vm9x9.exe[2476] USER32.dll!UnhookWinEvent 75C1C06F 5 Bytes JMP 003803FC .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2480] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2580] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2600] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text C:\Windows\system32\svchost.exe[2616] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text C:\Windows\System32\svchost.exe[2660] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text ... .text C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe[3432] ntdll.dll!LdrLoadDll 77329378 5 Bytes JMP 000501F8 .text C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe[3432] ntdll.dll!LdrUnloadDll 7733B680 5 Bytes JMP 000503FC .text C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe[3432] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe[3432] USER32.dll!SetWindowsHookExA 75C16322 5 Bytes JMP 000A0600 .text C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe[3432] USER32.dll!SetWindowsHookExW 75C187AD 5 Bytes JMP 000A0804 .text C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe[3432] USER32.dll!UnhookWindowsHookEx 75C198DB 5 Bytes JMP 000A0A08 .text C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe[3432] USER32.dll!SetWinEventHook 75C19F3A 5 Bytes JMP 000A01F8 .text C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe[3432] USER32.dll!UnhookWinEvent 75C1C06F 5 Bytes JMP 000A03FC .text C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe[3432] ADVAPI32.dll!CreateServiceW 76B29EB4 5 Bytes JMP 000B03FC .text C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe[3432] ADVAPI32.dll!DeleteService 76B2A07E 5 Bytes JMP 000B0600 .text C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe[3432] ADVAPI32.dll!SetServiceObjectSecurity 76B66CD9 5 Bytes JMP 000B1014 .text C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe[3432] ADVAPI32.dll!ChangeServiceConfigA 76B66DD9 5 Bytes JMP 000B0804 .text C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe[3432] ADVAPI32.dll!ChangeServiceConfigW 76B66F81 5 Bytes JMP 000B0A08 .text C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe[3432] ADVAPI32.dll!ChangeServiceConfig2A 76B67099 5 Bytes JMP 000B0C0C .text C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe[3432] ADVAPI32.dll!ChangeServiceConfig2W 76B671E1 5 Bytes JMP 000B0E10 .text C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe[3432] ADVAPI32.dll!CreateServiceA 76B672A1 5 Bytes JMP 000B01F8 .text C:\Windows\RtHDVCpl.exe[3600] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3620] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3636] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3660] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text C:\Program Files\Windows Media Player\wmplayer.exe[3724] ntdll.dll!LdrLoadDll 77329378 5 Bytes JMP 000901F8 .text C:\Program Files\Windows Media Player\wmplayer.exe[3724] ntdll.dll!LdrUnloadDll 7733B680 5 Bytes JMP 000903FC .text C:\Program Files\Windows Media Player\wmplayer.exe[3724] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text C:\Program Files\Windows Media Player\wmplayer.exe[3724] ADVAPI32.dll!CreateServiceW 76B29EB4 5 Bytes JMP 000B03FC .text C:\Program Files\Windows Media Player\wmplayer.exe[3724] ADVAPI32.dll!DeleteService 76B2A07E 5 Bytes JMP 000B0600 .text C:\Program Files\Windows Media Player\wmplayer.exe[3724] ADVAPI32.dll!SetServiceObjectSecurity 76B66CD9 5 Bytes JMP 000B1014 .text C:\Program Files\Windows Media Player\wmplayer.exe[3724] ADVAPI32.dll!ChangeServiceConfigA 76B66DD9 5 Bytes JMP 000B0804 .text C:\Program Files\Windows Media Player\wmplayer.exe[3724] ADVAPI32.dll!ChangeServiceConfigW 76B66F81 5 Bytes JMP 000B0A08 .text C:\Program Files\Windows Media Player\wmplayer.exe[3724] ADVAPI32.dll!ChangeServiceConfig2A 76B67099 5 Bytes JMP 000B0C0C .text C:\Program Files\Windows Media Player\wmplayer.exe[3724] ADVAPI32.dll!ChangeServiceConfig2W 76B671E1 5 Bytes JMP 000B0E10 .text C:\Program Files\Windows Media Player\wmplayer.exe[3724] ADVAPI32.dll!CreateServiceA 76B672A1 5 Bytes JMP 000B01F8 .text C:\Program Files\Windows Media Player\wmplayer.exe[3724] USER32.dll!SetWindowsHookExA 75C16322 5 Bytes JMP 000C0600 .text C:\Program Files\Windows Media Player\wmplayer.exe[3724] USER32.dll!SetWindowsHookExW 75C187AD 5 Bytes JMP 000C0804 .text C:\Program Files\Windows Media Player\wmplayer.exe[3724] USER32.dll!UnhookWindowsHookEx 75C198DB 5 Bytes JMP 000C0A08 .text C:\Program Files\Windows Media Player\wmplayer.exe[3724] USER32.dll!SetWinEventHook 75C19F3A 5 Bytes JMP 000C01F8 .text C:\Program Files\Windows Media Player\wmplayer.exe[3724] USER32.dll!UnhookWinEvent 75C1C06F 5 Bytes JMP 000C03FC .text C:\Windows\system32\igfxsrvc.exe[3768] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text C:\Windows\System32\hkcmd.exe[3908] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text C:\Windows\System32\igfxpers.exe[3916] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3924] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3932] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text ... .text C:\Program Files\Gadu-Gadu 10\gg.exe[4016] USER32.dll!EndPaint 75C2A28F 5 Bytes JMP 106E37A0 C:\Program Files\Gadu-Gadu 10\QtWebKit4.dll .text C:\Program Files\Gadu-Gadu 10\gg.exe[4016] USER32.dll!BeginPaint 75C2A2A3 5 Bytes JMP 106E3730 C:\Program Files\Gadu-Gadu 10\QtWebKit4.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[4032] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[4032] USER32.dll!InSendMessageEx + 4C9 75C1E7C8 7 Bytes JMP 10053940 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[4032] USER32.dll!CreateIconFromResourceEx + 340 75C20E45 7 Bytes JMP 100537F0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[4032] USER32.dll!DdeQueryStringW + 5CE 75C3FA2D 7 Bytes JMP 10053920 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[4032] USER32.dll!MessageBoxIndirectA + F5 75C6D5CE 7 Bytes JMP 10053990 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[4032] USER32.dll!MessageBoxIndirectW + 61 75C6D634 7 Bytes JMP 10053A60 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[4032] USER32.dll!MessageBoxExA + 1F 75C6D658 7 Bytes JMP 10053A10 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Skype\Phone\Skype.exe[4040] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4268] ntdll.dll!LdrLoadDll 77329378 5 Bytes JMP 001501F8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4268] ntdll.dll!LdrUnloadDll 7733B680 5 Bytes JMP 001503FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4268] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4268] USER32.dll!SetWindowsHookExA 75C16322 5 Bytes JMP 00170600 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4268] USER32.dll!SetWindowsHookExW 75C187AD 5 Bytes JMP 00170804 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4268] USER32.dll!UnhookWindowsHookEx 75C198DB 5 Bytes JMP 00170A08 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4268] USER32.dll!SetWinEventHook 75C19F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4268] USER32.dll!UnhookWinEvent 75C1C06F 5 Bytes JMP 001703FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4268] ADVAPI32.dll!CreateServiceW 76B29EB4 5 Bytes JMP 001803FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4268] ADVAPI32.dll!DeleteService 76B2A07E 5 Bytes JMP 00180600 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4268] ADVAPI32.dll!SetServiceObjectSecurity 76B66CD9 5 Bytes JMP 00181014 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4268] ADVAPI32.dll!ChangeServiceConfigA 76B66DD9 5 Bytes JMP 00180804 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4268] ADVAPI32.dll!ChangeServiceConfigW 76B66F81 5 Bytes JMP 00180A08 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4268] ADVAPI32.dll!ChangeServiceConfig2A 76B67099 5 Bytes JMP 00180C0C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4268] ADVAPI32.dll!ChangeServiceConfig2W 76B671E1 5 Bytes JMP 00180E10 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4268] ADVAPI32.dll!CreateServiceA 76B672A1 5 Bytes JMP 001801F8 .text C:\Windows\system32\svchost.exe[4560] ntdll.dll!LdrLoadDll 77329378 5 Bytes JMP 000901F8 .text C:\Windows\system32\svchost.exe[4560] ntdll.dll!LdrUnloadDll 7733B680 5 Bytes JMP 000903FC .text C:\Windows\system32\svchost.exe[4560] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text C:\Windows\system32\svchost.exe[4560] ADVAPI32.dll!CreateServiceW 76B29EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\svchost.exe[4560] ADVAPI32.dll!DeleteService 76B2A07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\svchost.exe[4560] ADVAPI32.dll!SetServiceObjectSecurity 76B66CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\svchost.exe[4560] ADVAPI32.dll!ChangeServiceConfigA 76B66DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\svchost.exe[4560] ADVAPI32.dll!ChangeServiceConfigW 76B66F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\svchost.exe[4560] ADVAPI32.dll!ChangeServiceConfig2A 76B67099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\svchost.exe[4560] ADVAPI32.dll!ChangeServiceConfig2W 76B671E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\svchost.exe[4560] ADVAPI32.dll!CreateServiceA 76B672A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\wuauclt.exe[4968] ntdll.dll!LdrLoadDll 77329378 5 Bytes JMP 000601F8 .text C:\Windows\system32\wuauclt.exe[4968] ntdll.dll!LdrUnloadDll 7733B680 5 Bytes JMP 000603FC .text C:\Windows\system32\wuauclt.exe[4968] kernel32.dll!GetBinaryTypeW + 70 76E72467 1 Byte [62] .text C:\Windows\system32\wuauclt.exe[4968] USER32.dll!SetWindowsHookExA 75C16322 5 Bytes JMP 00070600 .text C:\Windows\system32\wuauclt.exe[4968] USER32.dll!SetWindowsHookExW 75C187AD 5 Bytes JMP 00070804 .text C:\Windows\system32\wuauclt.exe[4968] USER32.dll!UnhookWindowsHookEx 75C198DB 5 Bytes JMP 00070A08 .text C:\Windows\system32\wuauclt.exe[4968] USER32.dll!SetWinEventHook 75C19F3A 5 Bytes JMP 000701F8 .text C:\Windows\system32\wuauclt.exe[4968] USER32.dll!UnhookWinEvent 75C1C06F 5 Bytes JMP 000703FC .text C:\Windows\system32\wuauclt.exe[4968] ADVAPI32.dll!CreateServiceW 76B29EB4 5 Bytes JMP 000903FC .text C:\Windows\system32\wuauclt.exe[4968] ADVAPI32.dll!DeleteService 76B2A07E 5 Bytes JMP 00090600 .text C:\Windows\system32\wuauclt.exe[4968] ADVAPI32.dll!SetServiceObjectSecurity 76B66CD9 5 Bytes JMP 00091014 .text C:\Windows\system32\wuauclt.exe[4968] ADVAPI32.dll!ChangeServiceConfigA 76B66DD9 5 Bytes JMP 00090804 .text C:\Windows\system32\wuauclt.exe[4968] ADVAPI32.dll!ChangeServiceConfigW 76B66F81 5 Bytes JMP 00090A08 .text C:\Windows\system32\wuauclt.exe[4968] ADVAPI32.dll!ChangeServiceConfig2A 76B67099 5 Bytes JMP 00090C0C .text C:\Windows\system32\wuauclt.exe[4968] ADVAPI32.dll!ChangeServiceConfig2W 76B671E1 5 Bytes JMP 00090E10 .text C:\Windows\system32\wuauclt.exe[4968] ADVAPI32.dll!CreateServiceA 76B672A1 5 Bytes JMP 000901F8 ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 85FB2308 IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8AE46FE0] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [8AE46574] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8AE460C0] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8AE471BC] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8AE462A4] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8AE46362] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\ataport.SYS[ntoskrnl.exe!DbgBreakPoint] 85FB3308 IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 87C96308 IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8AE5B312] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\DRIVERS\storport.sys[ntoskrnl.exe!DbgBreakPoint] 87D34308 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\services.exe[744] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00120002 IAT C:\Windows\system32\services.exe[744] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00120000 IAT C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1688] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7352F6D0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Windows\Explorer.EXE[1884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74427817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7446B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7442BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7441F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [744275E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7441E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [744573F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7442DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7441FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7441FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [744171CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [744ACAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7444C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7441D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74416853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7441687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74422AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Ntfs \Ntfs 85FBA1F8 Device \Driver\netbt \Device\NetBT_Tcpip_{F57F73DF-3822-4BE2-B388-466CCFDD3613} 884961F8 AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) Device \Driver\PCI_PNP6195 \Device\00000050 sptd.sys Device \Driver\usbuhci \Device\USBPDO-0 87CD91F8 Device \Driver\usbuhci \Device\USBPDO-1 87CD91F8 Device \Driver\usbuhci \Device\USBPDO-2 87CD91F8 Device \Driver\usbehci \Device\USBPDO-3 87CDA1F8 Device \Driver\usbuhci \Device\USBPDO-4 87CD91F8 AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbuhci \Device\USBPDO-5 87CD91F8 Device \Driver\usbuhci \Device\USBPDO-6 87CD91F8 Device \Driver\usbehci \Device\USBPDO-7 87CDA1F8 Device \Driver\cdrom \Device\CdRom0 87D2C1F8 Device \Driver\iaStor \Device\Ide\iaStor0 [8B0D4860] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8B0D4860] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [8B0D4860] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\cdrom \Device\CdRom1 87D2C1F8 Device \Driver\cdrom \Device\CdRom2 87D2C1F8 Device \Driver\netbt \Device\NetBt_Wins_Export 884961F8 Device \Driver\Smb \Device\NetbiosSmb 883C21F8 Device \Driver\PCI_PNP6195 \Device\0000004f sptd.sys Device \Driver\iScsiPrt \Device\RaidPort0 87D2E1F8 AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbuhci \Device\USBFDO-0 87CD91F8 Device \Driver\USBSTOR \Device\0000006c 885821F8 Device \Driver\USBSTOR \Device\0000006d 885821F8 Device \Driver\usbuhci \Device\USBFDO-1 87CD91F8 Device \Driver\usbuhci \Device\USBFDO-2 87CD91F8 Device \Driver\usbehci \Device\USBFDO-3 87CDA1F8 Device \Driver\usbuhci \Device\USBFDO-4 87CD91F8 Device \Driver\usbuhci \Device\USBFDO-5 87CD91F8 Device \Driver\usbuhci \Device\USBFDO-6 87CD91F8 Device \Driver\netbt \Device\NetBT_Tcpip_{7CAA2A9E-77BD-4A95-8411-A47CB26719F4} 884961F8 Device \Driver\usbehci \Device\USBFDO-7 87CDA1F8 Device \Driver\a2dcbuyi \Device\Scsi\a2dcbuyi1Port3Path0Target0Lun0 87D2A1F8 Device \Driver\afcw1bfg \Device\Scsi\afcw1bfg1Port2Path0Target0Lun0 87D0B1F8 Device \Driver\afcw1bfg \Device\Scsi\afcw1bfg1 87D0B1F8 Device \Driver\a2dcbuyi \Device\Scsi\a2dcbuyi1 87D2A1F8 Device \FileSystem\cdfs \Cdfs 892811F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5A 0x1A 0x31 0x1F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xAC 0x4E 0x40 0x66 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xAB 0x5F 0xA7 0x42 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4A 0xE8 0x53 0xDE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x09 0x21 0x13 0x12 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x46 0x5B 0x73 0xC6 ... Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5A 0x1A 0x31 0x1F ... Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xAC 0x4E 0x40 0x66 ... Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xAB 0x5F 0xA7 0x42 ... Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4A 0xE8 0x53 0xDE ... Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x09 0x21 0x13 0x12 ... Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x46 0x5B 0x73 0xC6 ... ---- EOF - GMER 1.0.15 ----