GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-10-16 13:33:57 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD161HJ rev.JF100-15 149,05GB Running: znmdppl3.exe; Driver: C:\DOCUME~1\COOLPI~1\USTAWI~1\Temp\fwwiraob.sys ---- System - GMER 2.1 ---- SSDT spxn.sys ZwCreateKey [0xF73C70E0] SSDT spxn.sys ZwEnumerateKey [0xF73E5CA2] SSDT spxn.sys ZwEnumerateValueKey [0xF73E6030] SSDT spxn.sys ZwOpenKey [0xF73C70C0] SSDT spxn.sys ZwQueryKey [0xF73E6108] SSDT spxn.sys ZwQueryValueKey [0xF73E5F88] SSDT spxn.sys ZwSetValueKey [0xF73E619A] INT 0x62 ? 86B69BF8 INT 0x63 ? 869FCBF8 INT 0x73 ? 869FCBF8 INT 0x82 ? 86B69BF8 INT 0x83 ? 869FCBF8 INT 0xB4 ? 869FCBF8 ---- Kernel code sections - GMER 2.1 ---- ? spxn.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, E0, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, E3, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, E0, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, E1, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9158FA .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, E2, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, E1, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, E2, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91596B .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, E0, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B915A99 .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, E1, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, E2, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, E3, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[464] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 54, 08, 01] {SUB [EAX+ECX+0x1], DL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 57, 08, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 54, 08, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 55, 08, 01] {TEST AL, 0x55; OR [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91DE6E .text C:\Program Files\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 56, 08, 01] {TEST AL, 0x56; OR [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 55, 08, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 56, 08, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91DEDF .text C:\Program Files\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 54, 08, 01] {TEST AL, 0x54; OR [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91E00D .text C:\Program Files\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 55, 08, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 56, 08, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 57, 08, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, B0, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, B3, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, B0, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, B1, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ECCA .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, B2, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, B1, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, B2, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED3B .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, B0, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EE69 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, B1, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, B2, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, B3, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2028] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [18, 20, C4, 01] {SBB [EAX], AH; LES EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3776] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 30, A8, 00] {SUB [EAX], DH; TEST AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3776] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3776] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 33, A8, 00] {SUB [EBX], DH; TEST AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3776] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3776] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 30, A8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3776] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3776] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 31, A8, 00] {TEST AL, 0x31; TEST AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3776] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3776] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B917E4A .text C:\Program Files\Google\Chrome\Application\chrome.exe[3776] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3776] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 32, A8, 00] {TEST AL, 0x32; TEST AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3776] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3776] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 31, A8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3776] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3776] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 32, A8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3776] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3776] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B917EBB .text C:\Program Files\Google\Chrome\Application\chrome.exe[3776] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3776] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 30, A8, 00] {TEST AL, 0x30; TEST AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3776] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3776] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B917FE9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3776] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3776] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 31, A8, 00] {SUB [ECX], DH; TEST AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3776] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3776] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 32, A8, 00] {SUB [EDX], DH; TEST AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3776] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3776] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 33, A8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3776] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 86B681F8 AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{0363940E-20FC-4F03-B585-F6531DF5DDF8} 86819500 Device \Driver\PCI_PNP7856 \Device\00000041 spxn.sys Device \Driver\PCI_PNP7856 \Device\00000041 spxn.sys Device \Driver\usbuhci \Device\USBPDO-0 869FB1F8 Device \Driver\usbuhci \Device\USBPDO-1 869FB1F8 Device \Driver\usbuhci \Device\USBPDO-2 869FB1F8 Device \Driver\usbuhci \Device\USBPDO-3 869FB1F8 Device \Driver\usbehci \Device\USBPDO-4 869CD1F8 AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys Device \Driver\sptd \Device\3162925356 spxn.sys Device \Driver\Ftdisk \Device\HarddiskVolume1 86BDA1F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 86BDA1F8 Device \Driver\Cdrom \Device\CdRom0 86A09500 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7340B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 [F7340B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F7340B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F7340B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBt_Wins_Export 86819500 Device \Driver\NetBT \Device\NetbiosSmb 86819500 Device \Driver\usbuhci \Device\USBFDO-0 869FB1F8 Device \Driver\usbuhci \Device\USBFDO-1 869FB1F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86824500 Device \Driver\usbuhci \Device\USBFDO-2 869FB1F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 86824500 Device \Driver\usbuhci \Device\USBFDO-3 869FB1F8 Device \Driver\usbehci \Device\USBFDO-4 869CD1F8 Device \Driver\Ftdisk \Device\FtControl 86BDA1F8 Device \Driver\a5wtg6lp \Device\Scsi\a5wtg6lp1 869A91F8 Device \FileSystem\Cdfs \Cdfs 869701F8 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spxn.sys >>UNKNOWN [0x86b89938]<< 86b89938 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b4cab8] 86b4cab8 Trace 3 CLASSPNP.SYS[f7607fd7] -> nt!IofCallDriver -> \Device\0000005d[0x86b3e9e8] 86b3e9e8 Trace 5 ACPI.sys[f7385620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86b3f940] 86b3f940 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x7B 0x35 0xFB 0x38 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x7B 0x35 0xFB 0x38 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... ---- Files - GMER 2.1 ---- File C:\WINDOWS\LastGood 0 bytes File C:\WINDOWS\LastGood\INF 0 bytes File C:\WINDOWS\LastGood\INF\oem29.inf 0 bytes File C:\WINDOWS\LastGood\INF\oem29.PNF 0 bytes ---- EOF - GMER 2.1 ----