GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-12-30 14:20:50 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT spow.sys ZwCreateKey [0xF74DA0E0] SSDT spow.sys ZwEnumerateKey [0xF74F7CA2] SSDT spow.sys ZwEnumerateValueKey [0xF74F8030] SSDT spow.sys ZwOpenKey [0xF74DA0C0] SSDT spow.sys ZwQueryKey [0xF74F8108] SSDT spow.sys ZwQueryValueKey [0xF74F7F88] SSDT spow.sys ZwSetValueKey [0xF74F819A] INT 0x62 ? 89918BF8 INT 0x73 ? 89724F00 INT 0x73 ? 89724F00 INT 0x73 ? 89724F00 INT 0x73 ? 89724F00 INT 0x73 ? 89724F00 INT 0x82 ? 89918BF8 ---- Kernel code sections - GMER 1.0.14 ---- ? spow.sys Das System kann die angegebene Datei nicht finden. ! .text USBPORT.SYS!DllUnload BA01A62C 5 Bytes JMP 897244E0 .text agfcpfvm.SYS B9F20380 49 Bytes [ 00, 00, 00, 00, 20, 00, 00, ... ] .text agfcpfvm.SYS B9F203B4 3 Bytes [ 00, 00, 00 ] .text agfcpfvm.SYS B9F203B8 2 Bytes [ 16, 30 ] .text agfcpfvm.SYS B9F203BB 9 Bytes [ 00, 00, E0, 01, 00, 00, 32, ... ] .text agfcpfvm.SYS B9F203C6 1 Byte [ 00 ] .text ... ---- User code sections - GMER 1.0.14 ---- .text F:\Programme\internet explorer\iexplore.exe[2480] USER32.dll!DialogBoxParamW 7E37555F 5 Bytes JMP 444DF301 F:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text F:\Programme\internet explorer\iexplore.exe[2480] USER32.dll!DialogBoxIndirectParamW 7E382032 5 Bytes JMP 4467179F F:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text F:\Programme\internet explorer\iexplore.exe[2480] USER32.dll!MessageBoxIndirectA 7E38A04A 5 Bytes JMP 44671720 F:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text F:\Programme\internet explorer\iexplore.exe[2480] USER32.dll!DialogBoxParamA 7E38B10C 5 Bytes JMP 44671764 F:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text F:\Programme\internet explorer\iexplore.exe[2480] USER32.dll!MessageBoxExW 7E3A05D8 5 Bytes JMP 446716AC F:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text F:\Programme\internet explorer\iexplore.exe[2480] USER32.dll!MessageBoxExA 7E3A05FC 5 Bytes JMP 446716E6 F:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text F:\Programme\internet explorer\iexplore.exe[2480] USER32.dll!DialogBoxIndirectParamA 7E3A6B50 5 Bytes JMP 446717DA F:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text F:\Programme\internet explorer\iexplore.exe[2480] USER32.dll!MessageBoxIndirectW 7E3B62AB 5 Bytes JMP 445016B6 F:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 898AB2D8 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F750A93C] spow.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F750A990] spow.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74DB040] spow.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74DB13C] spow.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74DB0BE] spow.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74DB7FC] spow.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74DB6D2] spow.sys IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 897245E0 IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74EAD92] spow.sys IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!RtlInitUnicodeString] 28DE7AA5 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!swprintf] 35C961B7 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!KeSetEvent] 3EC468B9 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 0FE75793 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 04EA5E9D IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 19FD458F IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!MmFreeMappingAddress] 12F04C81 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] CB6BAB3B IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoDisconnectInterrupt] C066A235 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!MmUnmapIoSpace] DD71B927 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] D67CB029 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IofCompleteRequest] E75F8F03 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IofCallDriver] EC52860D IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!RtlCompareUnicodeString] F1459D1F IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!MmAllocateMappingAddress] FA489411 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 9303E34B IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoConnectInterrupt] 980EEA45 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoDetachDevice] 8519F157 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!KeWaitForSingleObject] 8E14F859 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!KeInitializeEvent] BF37C773 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] B43ACE7D IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!RtlInitAnsiString] A92DD56F IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] A220DC61 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoQueueWorkItem] F66D76AD IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!MmMapIoSpace] FD607FA3 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] E07764B1 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoReportDetectedDevice] EB7A6DBF IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoReportResourceForDetection] DA595295 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] D1545B9B IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!NlsMbCodePageTag] CC434089 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!PoRequestPowerIrp] C74E4987 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] AE053EDD IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] A50837D3 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!sprintf] B81F2CC1 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] B31225CF IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!ObfDereferenceObject] 82311AE5 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 893C13EB IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 942B08F9 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!ZwClose] 9F2601F7 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 46BDE64D IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 4DB0EF43 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 50A7F451 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 5BAAFD5F IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoCreateDevice] 6A89C275 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 6184CB7B IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] [7C93D069] \WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 779ED967 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!ZwOpenKey] 1ED5AE3D IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 15D8A733 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoStartTimer] 08CFBC21 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!KeInitializeTimer] 03C2B52F IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoInitializeTimer] 32E18A05 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!KeInitializeDpc] 39EC830B IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!KeInitializeSpinLock] 24FB9819 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoInitializeIrp] 2FF69117 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!ZwCreateKey] 8DD64D76 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 86DB4478 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 9BCC5F6A IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!ZwSetValueKey] 90C15664 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!KeInsertQueueDpc] A1E2694E IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] AAEF6040 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoStartPacket] B7F87B52 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] BCF5725C IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] D5BE0506 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoFreeMdl] DEB30C08 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!MmUnlockPages] C3A4171A IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] C8A91E14 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] F98A213E IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!MmHighestUserAddress] F2872830 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] EF903322 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!MmUnmapReservedMapping] E49D3A2C IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!KeSynchronizeExecution] 3D06DD96 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoStartNextPacket] 360BD498 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!KeBugCheckEx] 2B1CCF8A IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 2011C684 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!KeSetTimer] 1132F9AE IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!KeCancelTimer] 1A3FF0A0 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!_allmul] 0728EBB2 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!PoSetPowerState] 0C25E2BC IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 656E95E6 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 6E639CE8 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!_aulldiv] 737487FA IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!strstr] 78798EF4 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!_strupr] 495AB1DE IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!KeQuerySystemTime] 4257B8D0 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 5F40A3C2 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!_except_handler3] 544DAACC IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] F7DAEC41 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoDeleteDevice] FCD7E54F IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] E1C0FE5D IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoAllocateWorkItem] EACDF753 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoAllocateIrp] DBEEC879 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoAllocateMdl] D0E3C177 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] CDF4DA65 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!MmLockPagableDataSection] C6F9D36B IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] AFB2A431 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] A4BFAD3F IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!ExFreePoolWithTag] B9A8B62D IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoFreeIrp] B2A5BF23 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!IoFreeWorkItem] 83868009 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!InitSafeBootMode] 888B8907 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!RtlCompareMemory] 959C9215 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!PoCallDriver] 9E919B1B IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[ntoskrnl.exe!memmove] 470A7CA1 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[HAL.dll!KfAcquireSpinLock] E8B8D890 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[HAL.dll!READ_PORT_UCHAR] E3B5D19E IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[HAL.dll!KeGetCurrentIrql] FEA2CA8C IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[HAL.dll!KfRaiseIrql] F5AFC382 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[HAL.dll!KfLowerIrql] C48CFCA8 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[HAL.dll!HalGetInterruptVector] CF81F5A6 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[HAL.dll!HalTranslateBusAddress] D296EEB4 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[HAL.dll!KeStallExecutionProcessor] D99BE7BA IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[HAL.dll!KfReleaseSpinLock] 7BBB3BDB IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 70B632D5 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[HAL.dll!READ_PORT_USHORT] 6DA129C7 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 66AC20C9 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[HAL.dll!WRITE_PORT_UCHAR] 578F1FE3 IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[WMILIB.SYS!WmiSystemControl] 41950DFF IAT \SystemRoot\System32\Drivers\agfcpfvm.SYS[WMILIB.SYS!WmiCompleteRequest] 4A9804F1 ---- User IAT/EAT - GMER 1.0.14 ---- IAT F:\Programme\Gemeinsame Dateien\AOL\1180704905\ee\AOLSoftware.exe[1088] @ F:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] F:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT F:\Programme\Gemeinsame Dateien\AOL\1180704905\ee\AOLSoftware.exe[1088] @ F:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] F:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT F:\Programme\Gemeinsame Dateien\AOL\1180704905\ee\AOLSoftware.exe[1088] @ F:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] F:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT F:\Programme\Gemeinsame Dateien\AOL\1180704905\ee\AOLSoftware.exe[1088] @ F:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] F:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT F:\Programme\Gemeinsame Dateien\AOL\1180704905\ee\AOLSoftware.exe[1088] @ F:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] F:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT F:\Programme\Gemeinsame Dateien\AOL\1180704905\ee\AOLSoftware.exe[1088] @ F:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] F:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT F:\Programme\Gemeinsame Dateien\AOL\1180704905\ee\AOLSoftware.exe[1088] @ F:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] F:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT F:\Programme\Gemeinsame Dateien\AOL\1180704905\ee\AOLSoftware.exe[1088] @ F:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] F:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT F:\Programme\Gemeinsame Dateien\AOL\1180704905\ee\AOLSoftware.exe[1088] @ F:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] F:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT F:\Programme\Gemeinsame Dateien\AOL\1180704905\ee\AOLSoftware.exe[1088] @ F:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] F:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT F:\Programme\Gemeinsame Dateien\AOL\1180704905\ee\AOLSoftware.exe[1088] @ F:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] F:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT F:\Programme\Gemeinsame Dateien\AOL\1180704905\ee\AOLSoftware.exe[1088] @ F:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] F:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 899171F8 Device \FileSystem\Fastfat \FatCdrom 895B0500 Device \FileSystem\Udfs \UdfsCdRom 895B8500 Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Roxio) Device \FileSystem\Udfs \UdfsDisk 895B8500 Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Roxio) Device \Driver\usbuhci \Device\USBPDO-0 896E11F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 898A91F8 Device \Driver\dmio \Device\DmControl\DmConfig 898A91F8 Device \Driver\dmio \Device\DmControl\DmPnP 898A91F8 Device \Driver\dmio \Device\DmControl\DmInfo 898A91F8 Device \Driver\usbuhci \Device\USBPDO-1 896E11F8 Device \Driver\usbuhci \Device\USBPDO-2 896E11F8 Device \Driver\usbehci \Device\USBPDO-3 896BF1F8 Device \Driver\USBSTOR \Device\00000070 895B2500 Device \Driver\Ftdisk \Device\HarddiskVolume1 899191F8 Device \Driver\USBSTOR \Device\00000071 895B2500 Device \Driver\Cdrom \Device\CdRom0 896B21F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 899191F8 Device \Driver\USBSTOR \Device\00000072 895B2500 Device \Driver\Ftdisk \Device\HarddiskVolume3 899191F8 Device \Driver\Cdrom \Device\CdRom1 896B21F8 Device \Driver\atapi \Device\Ide\IdePort0 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.) Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.) Device \Driver\atapi \Device\Ide\IdePort1 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.) Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.) Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.) Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.) Device \Driver\USBSTOR \Device\00000073 895B2500 Device \Driver\Ftdisk \Device\HarddiskVolume4 899191F8 Device \Driver\Ftdisk \Device\HarddiskVolume5 899191F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{B99933EB-A720-4F29-B691-49A799BFF4F8} 89680500 Device \Driver\Ftdisk \Device\HarddiskVolume6 899191F8 Device \Driver\Ftdisk \Device\HarddiskVolume7 899191F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 89680500 Device \Driver\Ftdisk \Device\HarddiskVolume8 899191F8 Device \Driver\NetBT \Device\NetbiosSmb 89680500 Device \Driver\PCI_PNP4794 \Device\0000004d spow.sys Device \Driver\PCI_PNP4794 \Device\0000004d spow.sys Device \Driver\sptd \Device\680333544 spow.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{E18EBD92-4963-472E-871D-1DB8F5B68CD3} 89680500 Device \Driver\usbuhci \Device\USBFDO-0 896E11F8 Device \Driver\usbuhci \Device\USBFDO-1 896E11F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 893D41F8 Device \Driver\usbuhci \Device\USBFDO-2 896E11F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 893D41F8 Device \Driver\USBSTOR \Device\0000006f 895B2500 Device \Driver\usbehci \Device\USBFDO-3 896BF1F8 Device \Driver\Ftdisk \Device\FtControl 899191F8 Device \Driver\agfcpfvm \Device\Scsi\agfcpfvm1 8963E408 Device \FileSystem\Fastfat \Fat 895B0500 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 8964E500 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x20 0xC9 0x12 0xC6 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x11 0xBE 0x12 0xCA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 F:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF9 0x09 0x3F 0x37 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x36 0xF9 0xC0 0x2E ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x20 0xC9 0x12 0xC6 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x11 0xBE 0x12 0xCA ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 F:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF9 0x09 0x3F 0x37 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x36 0xF9 0xC0 0x2E ... ---- Disk sectors - GMER 1.0.14 ---- Disk \Device\Harddisk0\DR0 sector 62: copy of MBR ---- EOF - GMER 1.0.14 ----