GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-01-03 17:30:52 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c ST340015A rev.3.01 Running: gmer.exe; Driver: C:\DOCUME~1\Ania\USTAWI~1\Temp\awxyypoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xF2C18CF0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xF2C18BAC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xF2C19160] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xF2C1908A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xF2C18782] SSDT sptd.sys ZwEnumerateKey [0xF7556FFE] SSDT sptd.sys ZwEnumerateValueKey [0xF755738C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xF2C18C86] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xF2C186C2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xF2C18726] SSDT sptd.sys ZwQueryKey [0xF7557464] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xF2C18DA6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF2C1922E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xF2C18D66] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xF2C18EE6] INT 0x62 ? 837D9CC8 INT 0x63 ? 8352FCC8 INT 0x82 ? 837D9CC8 INT 0x94 ? 8352FCC8 INT 0xA4 ? 8352FCC8 INT 0xB4 ? 8352FCC8 Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF2C25BAE] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xF2C259D2] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xF2C25B0C] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- PAGE ntoskrnl.exe!ObInsertObject 8056503A 5 Bytes JMP F2C22FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!NtCreateSection 805652B3 7 Bytes JMP F2C259D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FC60 7 Bytes JMP F2C25BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059F84D 5 Bytes JMP F2C215D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwLoadDriver 805A3AF1 7 Bytes JMP F2C25B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text sptd.sys F74E8000 32 Bytes [5E, 57, 6F, 80, 20, 07, 6F, ...] .text sptd.sys F74E8024 4 Bytes [74, AF, 4D, F7] .text sptd.sys F74E802C 424 Bytes [9E, 7A, 57, 80, 36, BD, 5D, ...] .text sptd.sys F74E81E4 4 Bytes [79, 62, 73, 4C] {JNS 0x64; JAE 0x50} .text sptd.sys F74E81EC 1 Byte [02] .text ... .sptd2 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xF75DFD38] ? C:\WINDOWS\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .text USBPORT.SYS!DllUnload F71638AC 5 Bytes JMP 8352F1D8 ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1596] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2452] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2452] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2452] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2452] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2452] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2452] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2452] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2452] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2452] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2452] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90EBFC .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2452] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2452] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2452] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2452] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2452] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2452] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2452] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2452] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90EC6D .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2452] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2452] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2452] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2452] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90ED9B .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2452] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2452] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2452] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2452] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2452] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2452] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2452] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2452] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90EBFC .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90EC6D .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90ED9B .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 837DD308 IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [F74E9574] sptd.sys IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [F74E90C0] sptd.sys IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [F74E9FE0] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74E90C0] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74E9362] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74E92A4] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74EA1BC] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74E9FE0] sptd.sys IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8352F308 IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74FE312] sptd.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Ntfs \Ntfs 837D81F8 AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbohci \Device\USBPDO-0 8352E1F8 Device \Driver\usbohci \Device\USBPDO-1 8352E1F8 Device \Driver\usbohci \Device\USBPDO-2 8352E1F8 Device \Driver\usbehci \Device\USBPDO-3 8350B1F8 Device \Driver\usbohci \Device\USBPDO-4 8352E1F8 AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\NetBT \Device\NetBT_Tcpip_{3FE437B6-6AF2-458B-B025-CAF49CBA1E85} 832B01F8 Device \Driver\Cdrom \Device\CdRom0 835AB1F8 Device \Driver\atapi \Device\Ide\IdePort0 [F743BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F743BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F743BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F743BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBt_Wins_Export 832B01F8 Device \Driver\NetBT \Device\NetbiosSmb 832B01F8 AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\NetBT \Device\NetBT_Tcpip_{5A9C5AA1-7BD7-49FE-B719-6E0D7C2184EB} 832B01F8 Device \Driver\usbohci \Device\USBFDO-0 8352E1F8 Device \Driver\usbohci \Device\USBFDO-1 8352E1F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 831F71F8 Device \Driver\usbohci \Device\USBFDO-2 8352E1F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 831F71F8 Device \Driver\usbehci \Device\USBFDO-3 8350B1F8 Device \Driver\usbohci \Device\USBFDO-4 8352E1F8 Device \FileSystem\Cdfs \Cdfs 835EB430 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1475245557 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -815862345 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3C 0x50 0x09 0x05 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3C 0x50 0x09 0x05 ... ---- EOF - GMER 1.0.15 ----