GMER 1.0.15.15640 - http://www.gmer.net Rootkit scan 2011-06-06 20:37:50 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort1 SAMSUNG_HD322HJ rev.1AC01109 Running: 879bfyhv.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\uxtdypow.sys ---- System - GMER 1.0.15 ---- SSDT spkz.sys ZwCreateKey [0xF769C0E0] SSDT spkz.sys ZwEnumerateKey [0xF76B4DA4] SSDT spkz.sys ZwEnumerateValueKey [0xF76B5132] SSDT spkz.sys ZwOpenKey [0xF769C0C0] SSDT spkz.sys ZwQueryKey [0xF76B520A] SSDT spkz.sys ZwQueryValueKey [0xF76B508A] SSDT spkz.sys ZwSetValueKey [0xF76B529C] INT 0x62 ? 873D8BF8 INT 0x73 ? 873D8BF8 INT 0x73 ? 873D8BF8 INT 0x73 ? 8710CF00 INT 0x73 ? 8710CF00 INT 0x73 ? 873D8BF8 INT 0x82 ? 873D8BF8 INT 0x94 ? 8710CF00 INT 0xA4 ? 8710CF00 ---- Kernel code sections - GMER 1.0.15 ---- ? spkz.sys Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF62DA000, 0x1C5D38, 0xE8000020] .text USBPORT.SYS!DllUnload F62968AC 5 Bytes JMP 8710C4E0 .text a3i3d95f.SYS F3BC5386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text a3i3d95f.SYS F3BC53AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text a3i3d95f.SYS F3BC53C4 3 Bytes [00, 80, 02] .text a3i3d95f.SYS F3BC53C9 1 Byte [30] .text a3i3d95f.SYS F3BC53C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL} .text ... .text C:\Program Files\CyberLink\PowerDVD9\NavFilter\000.fcl section is writeable [0xA99EB000, 0x2892, 0xE8000020] .vmp2 C:\Program Files\CyberLink\PowerDVD9\NavFilter\000.fcl entry point in ".vmp2" section [0xA9A0E050] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\notepad.exe[172] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [68, 39, 12] .text C:\WINDOWS\notepad.exe[172] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [10, C3] {ADC BL, AL} .text C:\WINDOWS\notepad.exe[176] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [68, 39, 12] .text C:\WINDOWS\notepad.exe[176] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [10, C3] {ADC BL, AL} .text C:\WINDOWS\system32\ctfmon.exe[272] ntdll.dll!NtEnumerateValueKey 7C90D2EE 4 Bytes [68, 39, 12, C3] .text ... .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[364] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00] .text C:\WINDOWS\system32\calc.exe[376] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [68, 39, 12] .text C:\WINDOWS\system32\calc.exe[376] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [10, C3] {ADC BL, AL} .text C:\Documents and Settings\Administrator\Pulpit\879bfyhv.exe[660] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [68, 39, 12] .text C:\Documents and Settings\Administrator\Pulpit\879bfyhv.exe[660] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [10, C3] {ADC BL, AL} .text C:\WINDOWS\Explorer.EXE[1344] ntdll.dll!NtEnumerateValueKey 7C90D2EE 6 Bytes PUSH 023F1239; RET D:\Program Files\HTV\HTV.007 .text ... .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] USER32.dll!SetWindowLongA 7E37C29D 5 Bytes JMP 10693206 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] USER32.dll!SetWindowLongW 7E37C2BB 5 Bytes JMP 106931A6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Documents and Settings\Administrator\Pulpit\OTL.exe[3904] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [68, 39, 12] .text C:\Documents and Settings\Administrator\Pulpit\OTL.exe[3904] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [10, C3] {ADC BL, AL} ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8736A2D8 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F76C7DDC] spkz.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F76C7E30] spkz.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F769D042] spkz.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F769D13E] spkz.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F769D0C0] spkz.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F769D800] spkz.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F769D6D6] spkz.sys IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8710C5E0 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!swprintf] 001CBA86 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8986 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C8B IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!MmFreeMappingAddress] 96868801 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CB286 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!MmUnmapIoSpace] 88968B00 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IofCompleteRequest] 001CA496 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IofCallDriver] 001CC186 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] C286880C IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CC386 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!sprintf] 968D5140 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C98 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!ObfDereferenceObject] 22F6E852 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!ZwClose] 1CB48E8D IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 000022E4 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoCreateDevice] 00001CA0 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 22D2E850 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!ZwOpenKey] 1CBC968D IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoStartTimer] 000022C0 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoInitializeTimer] 001CC38E IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CC58688 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!ZwCreateKey] C6000000 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CC386 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C98 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2292E851 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoStartPacket] 538B0000 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CB4868D IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoFreeMdl] E8500000 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!MmUnlockPages] 00002280 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CC38E IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CC58688 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CC396 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!KeSetTimer] [F6317300] \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!_allmul] 74070647 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!_except_handler3] 05578A0B IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CC5 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!_aulldiv] 03087408 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!strstr] 72F93B3F IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!_strupr] 8A09EBDA IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CC5 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!KeTickCount] 88084B8A IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CC68E IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC886 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoAllocateIrp] 11E85000 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000022 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CC08E IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!MmLockPagableDataSection] C4968B00 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CCC8E IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!ExFreePoolWithTag] D0968900 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!InitSafeBootMode] D4C68150 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!PoCallDriver] 0021E7E8 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!memmove] 18C48300 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[HAL.dll!KeGetCurrentIrql] 9E880000 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[HAL.dll!KfRaiseIrql] 00001CB1 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[HAL.dll!KfLowerIrql] 0E798366 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[HAL.dll!HalGetInterruptVector] 74AAB000 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[HAL.dll!HalTranslateBusAddress] 8986C636 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[HAL.dll!READ_PORT_USHORT] 001C9686 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2 IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[WMILIB.SYS!WmiSystemControl] 8800001C IAT \SystemRoot\System32\Drivers\a3i3d95f.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 873D71F8 AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter Driver/Locktime Software) Device \Driver\usbuhci \Device\USBPDO-0 871E4500 Device \Driver\dmio \Device\DmControl\DmIoDaemon 873681F8 Device \Driver\dmio \Device\DmControl\DmConfig 873681F8 Device \Driver\dmio \Device\DmControl\DmPnP 873681F8 Device \Driver\dmio \Device\DmControl\DmInfo 873681F8 Device \Driver\usbuhci \Device\USBPDO-1 871E4500 Device \Driver\usbuhci \Device\USBPDO-2 871E4500 Device \Driver\usbuhci \Device\USBPDO-3 871E4500 Device \Driver\usbehci \Device\USBPDO-4 871A61F8 AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter Driver/Locktime Software) Device \Driver\PCI_PNP2862 \Device\00000049 spkz.sys Device \Driver\Ftdisk \Device\HarddiskVolume1 873D91F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 873D91F8 Device \Driver\Cdrom \Device\CdRom0 870E41F8 Device \Driver\atapi \Device\Ide\IdePort0 [F75EFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F75EFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [F75EFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [F75EFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 [F75EFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 [F75EFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Ftdisk \Device\HarddiskVolume3 873D91F8 Device \Driver\Cdrom \Device\CdRom1 870E41F8 Device \Driver\Ftdisk \Device\HarddiskVolume4 873D91F8 Device \Driver\usbstor \Device\00000080 86B87500 Device \Driver\Cdrom \Device\CdRom2 870E41F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{4C0CB4C6-D458-4D58-BF40-430C218DBBD6} 86AD91F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 86AD91F8 Device \Driver\NetBT \Device\NetbiosSmb 86AD91F8 AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter Driver/Locktime Software) AttachedDevice \Driver\Tcpip \Device\RawIp nltdi.sys (NetLimiter Driver/Locktime Software) Device \Driver\sptd \Device\225177862 spkz.sys Device \Driver\usbuhci \Device\USBFDO-0 871E4500 Device \Driver\usbuhci \Device\USBFDO-1 871E4500 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86AD21F8 Device \Driver\usbuhci \Device\USBFDO-2 871E4500 Device \FileSystem\MRxSmb \Device\LanmanRedirector 86AD21F8 Device \Driver\usbstor \Device\0000007c 86B87500 Device \Driver\usbuhci \Device\USBFDO-3 871E4500 Device \Driver\usbstor \Device\0000007d 86B87500 Device \Driver\usbehci \Device\USBFDO-4 871A61F8 Device \Driver\Ftdisk \Device\FtControl 873D91F8 Device \Driver\usbstor \Device\0000007e 86B87500 Device \Driver\usbstor \Device\0000007f 86B87500 Device \Driver\a3i3d95f \Device\Scsi\a3i3d95f1Port4Path0Target0Lun0 870D6500 Device \Driver\a3i3d95f \Device\Scsi\a3i3d95f1 870D6500 Device \Driver\a3i3d95f \Device\Scsi\a3i3d95f1Port4Path0Target1Lun0 870D6500 Device \FileSystem\Cdfs \Cdfs 86A89500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6B 0xC0 0xE1 0xC3 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7C 0x7A 0x44 0x24 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBE 0x78 0x9D 0x07 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB8 0x11 0x20 0xD5 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF1 0x0F 0xB8 0x57 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8D 0xA0 0xE8 0x73 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x6F 0xDE 0x4C 0x95 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB8 0x11 0x20 0xD5 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF1 0x0F 0xB8 0x57 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8D 0xA0 0xE8 0x73 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x6F 0xDE 0x4C 0x95 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB8 0x11 0x20 0xD5 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF1 0x0F 0xB8 0x57 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8D 0xA0 0xE8 0x73 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x6F 0xDE 0x4C 0x95 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@HTV Agent D:\Program Files\HTV\HTV.exe ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 MBR read error Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0 ---- EOF - GMER 1.0.15 ----