GMER Logfile: Code:
GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-07-02 16:52:53
Windows 6.1.7600
Running: mcc457gv.exe; Driver: C:\Users\PC\AppData\Local\Temp\pxldapoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwAlpcSendWaitReceivePort [0x8DA1DF36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateEvent [0x8DA1D8FC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateEventPair [0x8DA1D954]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateIoCompletion [0x8DA1DA6A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateMutant [0x8DA1D852]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateSection [0x8DA1D9A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateSemaphore [0x8DA1D8A6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateTimer [0x8DA1DA18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwLoadDriver [0x8DA1BD0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenEvent [0x8DA1D92C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenEventPair [0x8DA1D97C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenIoCompletion [0x8DA1DA94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenMutant [0x8DA1D87E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenSection [0x8DA1D9E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenSemaphore [0x8DA1D8D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenTimer [0x8DA1DA42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwQueryObject [0x8DA1C832]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwReplyWaitReceivePort [0x8DA1E310]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwReplyWaitReceivePortEx [0x8DA1DF0A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwSetSystemInformation [0x8DA1BD66]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwShutdownSystem [0x8DA1BE76]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwSystemDebugControl [0x8DA1BE88]
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83036AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83036104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830363F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301F2D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301E898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830361DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83036958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830366F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83036F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830371A8
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x8E32CAC6]
Code 87FFFC4C ZwTraceEvent
Code 87FFFC4B NtTraceEvent
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!NtTraceEvent 82C3EE34 5 Bytes JMP 87FFFC50
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C4F599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C73F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 28C 82C7B79C 4 Bytes [36, DF, A1, 8D]
.text ntkrnlpa.exe!RtlSidHashLookup + 2F0 82C7B800 8 Bytes [FC, D8, A1, 8D, 54, D9, A1, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 2FC 82C7B80C 4 Bytes [6A, DA, A1, 8D]
.text ntkrnlpa.exe!RtlSidHashLookup + 318 82C7B828 4 Bytes [52, D8, A1, 8D]
.text ntkrnlpa.exe!RtlSidHashLookup + 340 82C7B850 8 Bytes [A4, D9, A1, 8D, A6, D8, A1, ...]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E14FA7 5 Bytes JMP 8E328536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82E2ECA7 5 Bytes JMP 8E329F28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtRequestWaitReplyPort + 2 82E82B0D 5 Bytes JMP 87FFFD90
PAGE ntkrnlpa.exe!NtRequestPort + 2 82E96D73 5 Bytes JMP 87FFFCF0
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82EE6EAA 7 Bytes JMP 8E32CACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
? System32\Drivers\spnq.sys Das System kann den angegebenen Pfad nicht finden. !
? System32\Drivers\brmrhle.sys Ein an das System angeschlossenes Gerät funktioniert nicht. !
.rsrc C:\Windows\System32\drivers\partmgr.sys entry point in ".rsrc" section [0x88959014]
.text USBPORT.SYS!DllUnload 8E430CA0 5 Bytes JMP 864491D8
.text aqnaozqf.SYS 8E514000 12 Bytes [44, 18, 02, 83, EE, 16, 02, ...] {INC ESP; SBB [EDX], AL; SUB ESI, 0x16; ADD AL, [EBX-0x7cfe0860]}
.text aqnaozqf.SYS 8E51400D 9 Bytes [F7, 01, 83, 48, 1B, 02, 83, ...] {TEST DWORD [ECX], 0x21b4883; ADD DWORD [EAX], 0x0}
.text aqnaozqf.SYS 8E514017 170 Bytes [00, DE, 77, 72, 88, E6, 75, ...]
.text aqnaozqf.SYS 8E5140C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text aqnaozqf.SYS 8E5140CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text an516imt.SYS 8E54B000 12 Bytes [44, 18, 02, 83, EE, 16, 02, ...] {INC ESP; SBB [EDX], AL; SUB ESI, 0x16; ADD AL, [EBX-0x7cfe0860]}
.text an516imt.SYS 8E54B00D 9 Bytes [F7, 01, 83, 48, 1B, 02, 83, ...] {TEST DWORD [ECX], 0x21b4883; ADD DWORD [EAX], 0x0}
.text an516imt.SYS 8E54B017 170 Bytes [00, DE, 77, 72, 88, E6, 75, ...]
.text an516imt.SYS 8E54B0C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text an516imt.SYS 8E54B0CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text peauth.sys A58EFC9D 28 Bytes [8F, 81, D3, AF, 1E, 3E, 92, ...]
.text peauth.sys A58EFCC1 28 Bytes [8F, 81, D3, AF, 1E, 3E, 92, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A46F3000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A46F3123 629 Bytes [E5, 6E, A4, FE, 05, 34, E5, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 A46F3399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F A46F33FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B A46F34AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\svchost.exe[1076] ntdll.dll!NtProtectVirtualMemory 77335360 5 Bytes JMP 0017000A
.text C:\Windows\system32\svchost.exe[1076] ntdll.dll!NtWriteVirtualMemory 77335EE0 5 Bytes JMP 0018000A
.text C:\Windows\system32\svchost.exe[1076] ntdll.dll!KiUserExceptionDispatcher 77336448 5 Bytes JMP 0016000A
.text C:\Windows\system32\svchost.exe[1076] ole32.dll!CoCreateInstance 763E57FC 5 Bytes JMP 004C000A
.text C:\Windows\system32\svchost.exe[1076] USER32.dll!GetCursorPos 76D3C198 5 Bytes JMP 009E000A
.text C:\Windows\Explorer.EXE[4684] ntdll.dll!NtProtectVirtualMemory 77335360 5 Bytes JMP 005E000A
.text C:\Windows\Explorer.EXE[4684] ntdll.dll!NtWriteVirtualMemory 77335EE0 5 Bytes JMP 005F000A
.text C:\Windows\Explorer.EXE[4684] ntdll.dll!KiUserExceptionDispatcher 77336448 5 Bytes JMP 0059000A
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8862B042] \SystemRoot\System32\Drivers\spnq.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8862B6D6] \SystemRoot\System32\Drivers\spnq.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8862B800] \SystemRoot\System32\Drivers\spnq.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8862B13E] \SystemRoot\System32\Drivers\spnq.sys
IAT \SystemRoot\System32\Drivers\aqnaozqf.SYS[ataport.SYS!AtaPortNotification] 000003E3
IAT \SystemRoot\System32\Drivers\aqnaozqf.SYS[ataport.SYS!AtaPortQuerySystemTime] 8B24568B
IAT \SystemRoot\System32\Drivers\aqnaozqf.SYS[ataport.SYS!AtaPortReadPortUchar] 50522046
IAT \SystemRoot\System32\Drivers\aqnaozqf.SYS[ataport.SYS!AtaPortStallExecution] FFEC9FE8
IAT \SystemRoot\System32\Drivers\aqnaozqf.SYS[ataport.SYS!AtaPortWritePortUchar] 08C483FF
IAT \SystemRoot\System32\Drivers\aqnaozqf.SYS[ataport.SYS!AtaPortWritePortUlong] 0874FF85
IAT \SystemRoot\System32\Drivers\aqnaozqf.SYS[ataport.SYS!AtaPortGetPhysicalAddress] FF53006A
IAT \SystemRoot\System32\Drivers\aqnaozqf.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 08C483D7
IAT \SystemRoot\System32\Drivers\aqnaozqf.SYS[ataport.SYS!AtaPortGetScatterGatherList] 81107D8B
IAT \SystemRoot\System32\Drivers\aqnaozqf.SYS[ataport.SYS!AtaPortGetParentBusType] 0003E5FF
IAT \SystemRoot\System32\Drivers\aqnaozqf.SYS[ataport.SYS!AtaPortRequestCallback] 0F840F00
IAT \SystemRoot\System32\Drivers\aqnaozqf.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 81000001
IAT \SystemRoot\System32\Drivers\aqnaozqf.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0003E3FF
IAT \SystemRoot\System32\Drivers\aqnaozqf.SYS[ataport.SYS!AtaPortCompleteRequest] EC840F00
IAT \SystemRoot\System32\Drivers\aqnaozqf.SYS[ataport.SYS!AtaPortCopyMemory] 8B000000
IAT \SystemRoot\System32\Drivers\aqnaozqf.SYS[ataport.SYS!AtaPortEtwTraceLog] 0001F88E
IAT \SystemRoot\System32\Drivers\aqnaozqf.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] FC8E0B00
IAT \SystemRoot\System32\Drivers\aqnaozqf.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 0F000001
IAT \SystemRoot\System32\Drivers\aqnaozqf.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 0000DA84
IAT \SystemRoot\System32\Drivers\aqnaozqf.SYS[ataport.SYS!AtaPortReadPortBufferUshort] ECD8E800
IAT \SystemRoot\System32\Drivers\aqnaozqf.SYS[ataport.SYS!AtaPortInitialize] 8E8BFFFF
IAT \SystemRoot\System32\Drivers\aqnaozqf.SYS[ataport.SYS!AtaPortGetDeviceBase] 000001F8
IAT \SystemRoot\System32\Drivers\aqnaozqf.SYS[ataport.SYS!AtaPortDeviceStateChange] 01E08E01
IAT \SystemRoot\System32\Drivers\an516imt.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\an516imt.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\an516imt.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\an516imt.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\an516imt.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\an516imt.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\an516imt.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\an516imt.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
IAT \SystemRoot\System32\Drivers\an516imt.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\an516imt.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\an516imt.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\an516imt.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\an516imt.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\an516imt.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\an516imt.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\an516imt.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\an516imt.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\an516imt.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\an516imt.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\an516imt.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\an516imt.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\an516imt.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\an516imt.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B
---- User IAT/EAT - GMER 1.0.15 ----
IAT c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2260] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75125D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2260] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75125D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2260] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75125D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2260] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75125D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2260] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75125D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75125D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2260] @ C:\Windows\system32\ole32.dll [ntdll.dll!EtwRegisterTraceGuidsW] [6FEBB0C6] C:\Windows\AppPatch\AcXtrnal.dll (Windows Compatibility DLL/Microsoft Corporation)
IAT c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2260] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75125D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8610B0E8
Device \FileSystem\Ntfs \Ntfs 84F371F8
Device \Driver\sptd \Device\2455872160 spnq.sys
Device \Driver\volmgr \Device\VolMgrControl 84F331F8
Device \Driver\usbohci \Device\USBPDO-0 8644A1F8
Device \Driver\usbehci \Device\USBPDO-1 864401F8
Device \Driver\usbohci \Device\USBPDO-2 8644A1F8
Device \Driver\usbehci \Device\USBPDO-3 864401F8
Device \Driver\ACPI_HAL \Device\00000061 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/ALWIL Software)
Device \Driver\volmgr \Device\HarddiskVolume1 84F331F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 863761F8
Device \Driver\cdrom \Device\CdRom1 863761F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84F351F8
Device \Driver\atapi \Device\Ide\IdePort0 84F351F8
Device \Driver\atapi \Device\Ide\IdePort1 84F351F8
Device \Driver\atapi \Device\Ide\IdePort2 84F351F8
Device \Driver\atapi \Device\Ide\IdePort3 84F351F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-6 84F351F8
Device \Driver\cdrom \Device\CdRom2 863761F8
Device \Driver\cdrom \Device\CdRom3 863761F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 863E7500
Device \Driver\sptd \Device\2455716160 spnq.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{5D3F00CD-993D-466E-8835-BF951F808C49} 863E7500
AttachedDevice \Driver\tdx \Device\Udp aswFW.SYS (avast! Filtering TDI driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswFW.SYS (avast! Filtering TDI driver/ALWIL Software)
Device \Driver\PCI_PNP2160 \Device\0000006a spnq.sys
Device \Driver\PCI_PNP2160 \Device\0000006b spnq.sys
Device \Driver\usbohci \Device\USBFDO-0 8644A1F8
Device \Driver\usbehci \Device\USBFDO-1 864401F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D6C93908-EA0E-4EFD-8FBB-CD3D4424CDF9} 863E7500
Device \Driver\usbohci \Device\USBFDO-2 8644A1F8
Device \Driver\usbehci \Device\USBFDO-3 864401F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F5BD0AC1-2536-4D75-9274-F2A607E10348} 863E7500
Device \Driver\aqnaozqf \Device\Scsi\aqnaozqf1Port4Path0Target0Lun0 86262500
Device \Driver\an516imt \Device\Scsi\an516imt1 864A0500
Device \Driver\an516imt \Device\Scsi\an516imt1Port5Path0Target0Lun0 864A0500
Device \Driver\aqnaozqf \Device\Scsi\aqnaozqf1 86262500
Device -> \Driver\atapi \Device\Harddisk0\DR0 85C8EEC5
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\brmrhle@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\brmrhle@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\brmrhle@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\services\brmrhle@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA5 0x81 0x7F 0xAB ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x68 0x21 0xC7 0xF5 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x23 0x50 0x01 0x68 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD9 0x8A 0xF8 0x56 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA3 0xD8 0x3A 0xF0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x50 0xAD 0xB6 0xA4 ...
Reg HKLM\SYSTEM\ControlSet002\services\brmrhle@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\brmrhle@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\brmrhle@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\services\brmrhle@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA5 0x81 0x7F 0xAB ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x68 0x21 0xC7 0xF5 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x23 0x50 0x01 0x68 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCA 0x70 0x2A 0xFC ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA3 0xD8 0x3A 0xF0 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x50 0xAD 0xB6 0xA4 ...
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers@AliveServerCount 2
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\0D0CE898-2DFF-4703-9129-A177346B467C@Alive 1
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\PC\Desktop\b3\\xa9PS2\xae (BIOS) Emulator\Click-2UPS2Emulator.exe 1
---- Files - GMER 1.0.15 ----
File C:\Windows\System32\drivers\partmgr.sys suspicious modification
File C:\Windows\system32\drivers\atapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----
--- --- --- |
