GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2010-11-16 15:24:02 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e Hitachi_HTS543232L9A300 rev.FB4OC40C Running: 9md9m0d7.exe; Driver: C:\DOCUME~1\KRZY~1\USTAWI~1\Temp\pxtdqpoc.sys ---- System - GMER 1.0.15 ---- SSDT F7AEF11E ZwCreateKey SSDT F7AEF114 ZwCreateThread SSDT F7AEF123 ZwDeleteKey SSDT F7AEF12D ZwDeleteValueKey SSDT spbh.sys ZwEnumerateKey [0xF72ACDA4] SSDT spbh.sys ZwEnumerateValueKey [0xF72AD132] SSDT F7AEF14B ZwLoadDriver SSDT F7AEF132 ZwLoadKey SSDT spbh.sys ZwOpenKey [0xF72940C0] SSDT F7AEF100 ZwOpenProcess SSDT F7AEF105 ZwOpenThread SSDT spbh.sys ZwQueryKey [0xF72AD20A] SSDT spbh.sys ZwQueryValueKey [0xF72AD08A] SSDT F7AEF13C ZwReplaceKey SSDT F7AEF137 ZwRestoreKey SSDT F7AEF150 ZwSetSystemInformation SSDT F7AEF128 ZwSetValueKey SSDT F7AEF10F ZwTerminateProcess SSDT F7AEF10A ZwWriteVirtualMemory INT 0x62 ? 8A606BF8 INT 0x63 ? 8A33ABF8 INT 0x83 ? 8A606BF8 INT 0x94 ? 8A33ABF8 INT 0xB1 ? 8A678BF8 INT 0xB1 ? 8A678BF8 INT 0xB4 ? 8A33ABF8 ---- Kernel code sections - GMER 1.0.15 ---- ? spbh.sys Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF67A7000, 0x189F82, 0xE8000020] .text USBPORT.SYS!DllUnload F67638AC 5 Bytes JMP 8A33A1D8 .text a02icqa8.SYS F65AC386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text a02icqa8.SYS F65AC3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text a02icqa8.SYS F65AC3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH} .text a02icqa8.SYS F65AC3C9 1 Byte [2E] .text a02icqa8.SYS F65AC3C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...] .text ... .text aedu8bac.SYS F6408386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text aedu8bac.SYS F64083AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text aedu8bac.SYS F64083C4 3 Bytes [00, 80, 02] .text aedu8bac.SYS F64083C9 1 Byte [30] .text aedu8bac.SYS F64083C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL} .text ... ---- User code sections - GMER 1.0.15 ---- .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90EBFC .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90EC6D .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90ED9B .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2476] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90EBFC .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90EC6D .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90ED9B .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\KrzyŚ\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7295042] spbh.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F729513E] spbh.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72950C0] spbh.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7295800] spbh.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72956D6] spbh.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F72A4B90] spbh.sys IAT \SystemRoot\System32\Drivers\a02icqa8.SYS[HAL.dll!KfAcquireSpinLock] CCCCCCC3 IAT \SystemRoot\System32\Drivers\a02icqa8.SYS[HAL.dll!READ_PORT_UCHAR] CCCCCCCC IAT \SystemRoot\System32\Drivers\a02icqa8.SYS[HAL.dll!KeGetCurrentIrql] CCCCCCCC IAT \SystemRoot\System32\Drivers\a02icqa8.SYS[HAL.dll!KfRaiseIrql] CCCCCCCC IAT \SystemRoot\System32\Drivers\a02icqa8.SYS[HAL.dll!KfLowerIrql] 8BEC8B55 IAT \SystemRoot\System32\Drivers\a02icqa8.SYS[HAL.dll!HalGetInterruptVector] 00C73445 IAT \SystemRoot\System32\Drivers\a02icqa8.SYS[HAL.dll!HalTranslateBusAddress] 00000000 IAT \SystemRoot\System32\Drivers\a02icqa8.SYS[HAL.dll!KeStallExecutionProcessor] 830C458B IAT \SystemRoot\System32\Drivers\a02icqa8.SYS[HAL.dll!KfReleaseSpinLock] C0840CEC IAT \SystemRoot\System32\Drivers\a02icqa8.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 053C0D74 IAT \SystemRoot\System32\Drivers\a02icqa8.SYS[HAL.dll!READ_PORT_USHORT] 57B80974 IAT \SystemRoot\System32\Drivers\a02icqa8.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 8B000000 IAT \SystemRoot\System32\Drivers\a02icqa8.SYS[HAL.dll!WRITE_PORT_UCHAR] 56C35DE5 IAT \SystemRoot\System32\Drivers\a02icqa8.SYS[WMILIB.SYS!WmiSystemControl] 8D51FC4D IAT \SystemRoot\System32\Drivers\a02icqa8.SYS[WMILIB.SYS!WmiCompleteRequest] 8D52FD55 IAT \SystemRoot\System32\Drivers\aedu8bac.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E IAT \SystemRoot\System32\Drivers\aedu8bac.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88 IAT \SystemRoot\System32\Drivers\aedu8bac.SYS[HAL.dll!KeGetCurrentIrql] 9E880000 IAT \SystemRoot\System32\Drivers\aedu8bac.SYS[HAL.dll!KfRaiseIrql] 00001CB1 IAT \SystemRoot\System32\Drivers\aedu8bac.SYS[HAL.dll!KfLowerIrql] 0E798366 IAT \SystemRoot\System32\Drivers\aedu8bac.SYS[HAL.dll!HalGetInterruptVector] 74AAB000 IAT \SystemRoot\System32\Drivers\aedu8bac.SYS[HAL.dll!HalTranslateBusAddress] 8986C636 IAT \SystemRoot\System32\Drivers\aedu8bac.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C IAT \SystemRoot\System32\Drivers\aedu8bac.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6 IAT \SystemRoot\System32\Drivers\aedu8bac.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000 IAT \SystemRoot\System32\Drivers\aedu8bac.SYS[HAL.dll!READ_PORT_USHORT] 001C9686 IAT \SystemRoot\System32\Drivers\aedu8bac.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200 IAT \SystemRoot\System32\Drivers\aedu8bac.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2 IAT \SystemRoot\System32\Drivers\aedu8bac.SYS[WMILIB.SYS!WmiSystemControl] 8800001C IAT \SystemRoot\System32\Drivers\aedu8bac.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe[2552] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [1000F312] C:\Program Files\Ant.com\IE add-on\AntLog.dll (BugTrap dynamic link library/IntelleSoft) IAT C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe[2552] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [1000F312] C:\Program Files\Ant.com\IE add-on\AntLog.dll (BugTrap dynamic link library/IntelleSoft) IAT C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe[2552] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [1000F312] C:\Program Files\Ant.com\IE add-on\AntLog.dll (BugTrap dynamic link library/IntelleSoft) IAT C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe[2552] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [1000F312] C:\Program Files\Ant.com\IE add-on\AntLog.dll (BugTrap dynamic link library/IntelleSoft) IAT C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe[2552] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [1000F312] C:\Program Files\Ant.com\IE add-on\AntLog.dll (BugTrap dynamic link library/IntelleSoft) IAT C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe[2552] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [1000F312] C:\Program Files\Ant.com\IE add-on\AntLog.dll (BugTrap dynamic link library/IntelleSoft) IAT C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe[2552] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [1000F312] C:\Program Files\Ant.com\IE add-on\AntLog.dll (BugTrap dynamic link library/IntelleSoft) IAT C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe[2552] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [1000F312] C:\Program Files\Ant.com\IE add-on\AntLog.dll (BugTrap dynamic link library/IntelleSoft) IAT C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe[2552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [1000F312] C:\Program Files\Ant.com\IE add-on\AntLog.dll (BugTrap dynamic link library/IntelleSoft) IAT C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe[2552] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [1000F312] C:\Program Files\Ant.com\IE add-on\AntLog.dll (BugTrap dynamic link library/IntelleSoft) IAT C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe[2552] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [1000F312] C:\Program Files\Ant.com\IE add-on\AntLog.dll (BugTrap dynamic link library/IntelleSoft) IAT C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe[2552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [1000F312] C:\Program Files\Ant.com\IE add-on\AntLog.dll (BugTrap dynamic link library/IntelleSoft) IAT C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe[2552] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [1000F312] C:\Program Files\Ant.com\IE add-on\AntLog.dll (BugTrap dynamic link library/IntelleSoft) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A6051F8 Device \FileSystem\Fastfat \FatCdrom 89E75500 Device \Driver\NetBT \Device\NetBT_Tcpip_{87401833-36B4-4476-940E-989270E7A1C0} 895321F8 AttachedDevice \Driver\Tcpip \Device\Ip avfwot.sys (TDI filtering kernel driver/Avira GmbH) Device \Driver\usbohci \Device\USBPDO-0 8A4341F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A6761F8 Device \Driver\dmio \Device\DmControl\DmConfig 8A6761F8 Device \Driver\dmio \Device\DmControl\DmPnP 8A6761F8 Device \Driver\dmio \Device\DmControl\DmInfo 8A6761F8 Device \Driver\usbohci \Device\USBPDO-1 8A4341F8 Device \Driver\usbehci \Device\USBPDO-2 8A32E1F8 AttachedDevice \Driver\Tcpip \Device\Tcp avfwot.sys (TDI filtering kernel driver/Avira GmbH) Device \Driver\Ftdisk \Device\HarddiskVolume1 8A6071F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 8A6071F8 Device \Driver\Cdrom \Device\CdRom0 8A438500 Device \Driver\sptd \Device\208020418 spbh.sys Device \Driver\sptd \Device\207864168 spbh.sys Device \Driver\Ftdisk \Device\HarddiskVolume3 8A6071F8 Device \Driver\Cdrom \Device\CdRom1 8A438500 Device \Driver\NetBT \Device\NetBT_Tcpip_{AFF7D317-D3E7-44D7-A8CD-6B7911B2F35A} 895321F8 Device \Driver\Cdrom \Device\CdRom2 8A438500 Device \Driver\NetBT \Device\NetBt_Wins_Export 895321F8 Device \Driver\NetBT \Device\NetbiosSmb 895321F8 Device \Driver\usbstor \Device\00000079 893881F8 Device \Driver\PCI_PNP6668 \Device\0000004c spbh.sys Device \Driver\PCI_PNP6668 \Device\0000004d spbh.sys AttachedDevice \Driver\Tcpip \Device\Udp avfwot.sys (TDI filtering kernel driver/Avira GmbH) AttachedDevice \Driver\Tcpip \Device\RawIp avfwot.sys (TDI filtering kernel driver/Avira GmbH) Device \Driver\usbohci \Device\USBFDO-0 8A4341F8 Device \Driver\usbohci \Device\USBFDO-1 8A4341F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 895281F8 Device \Driver\usbehci \Device\USBFDO-2 8A32E1F8 Device \Driver\usbstor \Device\0000007c 893881F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 895281F8 Device \Driver\Ftdisk \Device\FtControl 8A6071F8 Device \Driver\aedu8bac \Device\Scsi\aedu8bac1Port3Path0Target0Lun0 8A2B71F8 Device \Driver\a02icqa8 \Device\Scsi\a02icqa81 8A40D498 Device \Driver\aedu8bac \Device\Scsi\aedu8bac1 8A2B71F8 Device \Driver\a02icqa8 \Device\Scsi\a02icqa81Port4Path0Target0Lun0 8A40D498 Device \FileSystem\Fastfat \Fat 89E75500 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 8A3221F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCA 0x0E 0x6A 0x10 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xAE 0x01 0x98 0x4C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x90 0xC9 0x5F 0xE5 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9E 0xC1 0x5E 0xF8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1D 0x62 0x00 0x29 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC8 0x78 0x94 0xF6 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCA 0x0E 0x6A 0x10 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xAE 0x01 0x98 0x4C ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x90 0xC9 0x5F 0xE5 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFF 0x26 0x68 0x6B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1D 0x62 0x00 0x29 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC8 0x78 0x94 0xF6 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCA 0x0E 0x6A 0x10 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xAE 0x01 0x98 0x4C ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x90 0xC9 0x5F 0xE5 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9E 0xC1 0x5E 0xF8 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1D 0x62 0x00 0x29 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC8 0x78 0x94 0xF6 ... ---- Files - GMER 1.0.15 ---- File C:\System Volume Information\_restore{C2955376-C97A-4EFB-8E3D-988010C05C26}\RP6\A0007451.ini 3566 bytes ---- EOF - GMER 1.0.15 ----