GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-06-15 12:58:13 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- SSDT B5C466E6 ZwCreateKey SSDT B5C466DC ZwCreateThread SSDT B5C466EB ZwDeleteKey SSDT B5C466F5 ZwDeleteValueKey SSDT spmi.sys ZwEnumerateKey [0xF72A5CA2] SSDT spmi.sys ZwEnumerateValueKey [0xF72A6030] SSDT B5C466FA ZwLoadKey SSDT spmi.sys ZwOpenKey [0xF72870C0] SSDT B5C466C8 ZwOpenProcess SSDT B5C466CD ZwOpenThread SSDT spmi.sys ZwQueryKey [0xF72A6108] SSDT spmi.sys ZwQueryValueKey [0xF72A5F88] SSDT B5C46704 ZwReplaceKey SSDT B5C466FF ZwRestoreKey SSDT B5C466F0 ZwSetValueKey SSDT B5C466D7 ZwTerminateProcess INT 0x62 ? 86DDCBF8 INT 0x63 ? 86DDCBF8 INT 0x73 ? 86DDCBF8 INT 0x82 ? 86DDCBF8 INT 0xA4 ? 86AF4F00 INT 0xB1 ? 86D6EF00 INT 0xB1 ? 86D6EF00 INT 0xB4 ? 86AF4F00 ---- Kernel code sections - GMER 1.0.15 ---- ? spmi.sys Das System kann die angegebene Datei nicht finden. ! .text USBPORT.SYS!DllUnload F54B38AC 5 Bytes JMP 86AF44E0 .text ak52c3j1.SYS F4B95384 1 Byte [20] .text ak52c3j1.SYS F4B95384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...] .text ak52c3j1.SYS F4B953AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...] .text ak52c3j1.SYS F4B953C4 3 Bytes [00, 00, 00] .text ak52c3j1.SYS F4B953C9 1 Byte [00] .text ... .text afe0vfa6.SYS EE5E8386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text afe0vfa6.SYS EE5E83AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text afe0vfa6.SYS EE5E83C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH} .text afe0vfa6.SYS EE5E83C9 1 Byte [2E] .text afe0vfa6.SYS EE5E83C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...] .text ... ? C:\WINDOWS\TEMP\mc21.tmp Das System kann die angegebene Datei nicht finden. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[200] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[200] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[200] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[200] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[200] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe[232] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe[232] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe[232] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe[232] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe[232] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\nvsvc32.exe[352] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\nvsvc32.exe[352] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\nvsvc32.exe[352] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\nvsvc32.exe[352] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\nvsvc32.exe[352] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[620] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [FF, 25, 1E] .text C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[620] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[620] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[620] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[620] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[648] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[648] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[648] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[648] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[648] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[648] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 5F00003D .text C:\WINDOWS\system32\csrss.exe[844] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[844] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\csrss.exe[844] KERNEL32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\csrss.exe[844] KERNEL32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\csrss.exe[844] KERNEL32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Programme\Virtual CD v9\System\vc9secs.exe[848] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [FF, 25, 1E] .text C:\Programme\Virtual CD v9\System\vc9secs.exe[848] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Programme\Virtual CD v9\System\vc9secs.exe[848] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Programme\Virtual CD v9\System\vc9secs.exe[848] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Programme\Virtual CD v9\System\vc9secs.exe[848] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Programme\Virtual CD v9\System\vc9secs.exe[848] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 5F00003D .text C:\WINDOWS\system32\winlogon.exe[876] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[876] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\winlogon.exe[876] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\winlogon.exe[876] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\winlogon.exe[876] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\services.exe[920] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[920] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\services.exe[920] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\services.exe[920] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\services.exe[920] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\lsass.exe[932] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[932] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\lsass.exe[932] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\lsass.exe[932] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\lsass.exe[932] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\System32\svchost.exe[1208] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1208] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1448] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1448] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Programme\Lavasoft\Ad-Aware\aawservice.exe[1484] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [FF, 25, 1E] .text C:\Programme\Lavasoft\Ad-Aware\aawservice.exe[1484] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Programme\Lavasoft\Ad-Aware\aawservice.exe[1484] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Programme\Lavasoft\Ad-Aware\aawservice.exe[1484] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Programme\Lavasoft\Ad-Aware\aawservice.exe[1484] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\spoolsv.exe[1756] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1756] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\spoolsv.exe[1756] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\spoolsv.exe[1756] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\spoolsv.exe[1756] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Web.de\adminsvc.exe[1996] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [FF, 25, 1E] .text C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Web.de\adminsvc.exe[1996] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Web.de\adminsvc.exe[1996] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Web.de\adminsvc.exe[1996] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Web.de\adminsvc.exe[1996] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[2020] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [FF, 25, 1E] .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[2020] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[2020] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[2020] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[2020] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\eHome\ehSched.exe[2040] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\eHome\ehSched.exe[2040] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\eHome\ehSched.exe[2040] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\eHome\ehSched.exe[2040] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\eHome\ehSched.exe[2040] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\Explorer.EXE[2072] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[2072] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\Explorer.EXE[2072] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\Explorer.EXE[2072] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\Explorer.EXE[2072] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\Explorer.EXE[2072] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 5F00003D .text C:\Programme\Internet Explorer\iexplore.exe[2196] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [FF, 25, 1E] .text C:\Programme\Internet Explorer\iexplore.exe[2196] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Programme\Internet Explorer\iexplore.exe[2196] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Programme\Internet Explorer\iexplore.exe[2196] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Programme\Internet Explorer\iexplore.exe[2196] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Programme\Internet Explorer\iexplore.exe[2196] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 5F00003D .text C:\Programme\Internet Explorer\iexplore.exe[2196] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 411951D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2196] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 41269261 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2196] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4125C8A9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2196] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126D2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2196] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 411D4254 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2196] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4138B6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2196] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 4138B5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2196] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 4138B668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2196] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 4138B4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2196] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 4138B530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2196] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 4138B72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2196] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 4138B592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2196] ole32.dll!CoCreateInstance 774D057E 5 Bytes JMP 4126D320 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2252] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [FF, 25, 1E] .text C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2252] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2252] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2252] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2252] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2252] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 5F00003D .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[2268] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [FF, 25, 1E] .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[2268] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[2268] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[2268] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[2268] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[2268] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 5F00003D .text C:\WINDOWS\system32\ctfmon.exe[2280] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2280] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\ctfmon.exe[2280] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\ctfmon.exe[2280] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\ctfmon.exe[2280] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\ctfmon.exe[2280] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 5F00003D .text C:\WINDOWS\system32\dllhost.exe[2392] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\dllhost.exe[2392] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\dllhost.exe[2392] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\dllhost.exe[2392] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\dllhost.exe[2392] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\dllhost.exe[2392] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 5F00003D .text C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[2756] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[2756] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[2756] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[2756] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[2756] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[2756] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 5F00003D .text C:\WINDOWS\System32\alg.exe[2788] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[2788] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\System32\alg.exe[2788] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\alg.exe[2788] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\System32\alg.exe[2788] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\System32\alg.exe[2788] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 5F00003D .text C:\WINDOWS\system32\wscntfy.exe[2892] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wscntfy.exe[2892] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\wscntfy.exe[2892] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\wscntfy.exe[2892] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\wscntfy.exe[2892] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\wscntfy.exe[2892] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 5F00003D .text C:\Programme\Internet Explorer\iexplore.exe[3256] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [FF, 25, 1E] .text C:\Programme\Internet Explorer\iexplore.exe[3256] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Programme\Internet Explorer\iexplore.exe[3256] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Programme\Internet Explorer\iexplore.exe[3256] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Programme\Internet Explorer\iexplore.exe[3256] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Programme\Internet Explorer\iexplore.exe[3256] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 5F00003D .text C:\Programme\Internet Explorer\iexplore.exe[3256] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 411951D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3256] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126D2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3256] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4138B6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3256] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 4138B5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3256] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 4138B668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3256] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 4138B4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3256] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 4138B530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3256] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 4138B72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3256] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 4138B592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3360] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [FF, 25, 1E] .text C:\Programme\Internet Explorer\iexplore.exe[3360] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Programme\Internet Explorer\iexplore.exe[3360] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Programme\Internet Explorer\iexplore.exe[3360] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Programme\Internet Explorer\iexplore.exe[3360] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Programme\Internet Explorer\iexplore.exe[3360] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 5F00003D .text C:\Programme\Internet Explorer\iexplore.exe[3360] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 411951D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3360] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 41269261 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3360] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4125C8A9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3360] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126D2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3360] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 411D4254 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3360] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4138B6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3360] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 4138B5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3360] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 4138B668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3360] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 4138B4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3360] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 4138B530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3360] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 4138B72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3360] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 4138B592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3360] ole32.dll!CoCreateInstance 774D057E 5 Bytes JMP 4126D320 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3440] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [FF, 25, 1E] .text C:\Programme\Internet Explorer\iexplore.exe[3440] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Programme\Internet Explorer\iexplore.exe[3440] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Programme\Internet Explorer\iexplore.exe[3440] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Programme\Internet Explorer\iexplore.exe[3440] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Programme\Internet Explorer\iexplore.exe[3440] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 5F00003D .text C:\Programme\Internet Explorer\iexplore.exe[3440] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 411951D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3440] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 41269261 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3440] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4125C8A9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3440] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126D2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3440] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 411D4254 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3440] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4138B6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3440] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 4138B5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3440] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 4138B668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3440] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 4138B4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3440] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 4138B530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3440] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 4138B72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3440] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 4138B592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3440] ole32.dll!CoCreateInstance 774D057E 5 Bytes JMP 4126D320 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\unzip\12lszgrn.exe[3484] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [FF, 25, 1E] .text C:\unzip\12lszgrn.exe[3484] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\unzip\12lszgrn.exe[3484] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\unzip\12lszgrn.exe[3484] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\unzip\12lszgrn.exe[3484] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\unzip\12lszgrn.exe[3484] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 5F00003D ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7288040] spmi.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F728813C] spmi.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72880BE] spmi.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F72887FC] spmi.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72886D2] spmi.sys IAT \SystemRoot\System32\Drivers\ak52c3j1.SYS[HAL.dll!KfAcquireSpinLock] 000000AD IAT \SystemRoot\System32\Drivers\ak52c3j1.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4 IAT \SystemRoot\System32\Drivers\ak52c3j1.SYS[HAL.dll!KeGetCurrentIrql] 000000A2 IAT \SystemRoot\System32\Drivers\ak52c3j1.SYS[HAL.dll!KfRaiseIrql] 000000AF IAT \SystemRoot\System32\Drivers\ak52c3j1.SYS[HAL.dll!KfLowerIrql] 0000009C IAT \SystemRoot\System32\Drivers\ak52c3j1.SYS[HAL.dll!HalGetInterruptVector] 000000A4 IAT \SystemRoot\System32\Drivers\ak52c3j1.SYS[HAL.dll!HalTranslateBusAddress] 00000072 IAT \SystemRoot\System32\Drivers\ak52c3j1.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0 IAT \SystemRoot\System32\Drivers\ak52c3j1.SYS[HAL.dll!KfReleaseSpinLock] 000000B7 IAT \SystemRoot\System32\Drivers\ak52c3j1.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD IAT \SystemRoot\System32\Drivers\ak52c3j1.SYS[HAL.dll!READ_PORT_USHORT] 00000093 IAT \SystemRoot\System32\Drivers\ak52c3j1.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026 IAT \SystemRoot\System32\Drivers\ak52c3j1.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036 IAT \SystemRoot\System32\Drivers\ak52c3j1.SYS[WMILIB.SYS!WmiSystemControl] 000000F7 IAT \SystemRoot\System32\Drivers\ak52c3j1.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC IAT \SystemRoot\System32\Drivers\afe0vfa6.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC IAT \SystemRoot\System32\Drivers\afe0vfa6.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74 IAT \SystemRoot\System32\Drivers\afe0vfa6.SYS[HAL.dll!KeGetCurrentIrql] 57B80974 IAT \SystemRoot\System32\Drivers\afe0vfa6.SYS[HAL.dll!KfRaiseIrql] 8B000000 IAT \SystemRoot\System32\Drivers\afe0vfa6.SYS[HAL.dll!KfLowerIrql] 56C35DE5 IAT \SystemRoot\System32\Drivers\afe0vfa6.SYS[HAL.dll!HalGetInterruptVector] 8D08758B IAT \SystemRoot\System32\Drivers\afe0vfa6.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D IAT \SystemRoot\System32\Drivers\afe0vfa6.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55 IAT \SystemRoot\System32\Drivers\afe0vfa6.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D IAT \SystemRoot\System32\Drivers\afe0vfa6.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55 IAT \SystemRoot\System32\Drivers\afe0vfa6.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D IAT \SystemRoot\System32\Drivers\afe0vfa6.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455 IAT \SystemRoot\System32\Drivers\afe0vfa6.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856 IAT \SystemRoot\System32\Drivers\afe0vfa6.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520 IAT \SystemRoot\System32\Drivers\afe0vfa6.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Programme\Spyware Doctor\sdhelp.exe[416] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Programme\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd) IAT C:\Programme\Spyware Doctor\sdhelp.exe[416] @ C:\WINDOWS\system32\advapi32.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Programme\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd) IAT C:\Programme\Spyware Doctor\sdhelp.exe[416] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Programme\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd) IAT C:\Programme\Spyware Doctor\sdhelp.exe[416] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Programme\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd) IAT C:\Programme\Spyware Doctor\sdhelp.exe[416] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Programme\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd) IAT C:\Programme\Spyware Doctor\sdhelp.exe[416] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Programme\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd) IAT C:\Programme\Spyware Doctor\sdhelp.exe[416] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Programme\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd) IAT C:\Programme\Spyware Doctor\sdhelp.exe[416] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Programme\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd) IAT C:\Programme\Spyware Doctor\sdhelp.exe[416] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Programme\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd) IAT C:\WINDOWS\Explorer.EXE[2072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E52F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[2072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E52CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[2072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00E52D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[2072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E52CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Internet Explorer\iexplore.exe[2196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00922F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Internet Explorer\iexplore.exe[2196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00922CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Internet Explorer\iexplore.exe[2196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00922D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Internet Explorer\iexplore.exe[2196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00922CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Internet Explorer\iexplore.exe[2196] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [02632070] C:\Programme\Canon\Easy-WebPrint\EWPCore.dll IAT C:\Programme\Internet Explorer\iexplore.exe[2196] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [026320B0] C:\Programme\Canon\Easy-WebPrint\EWPCore.dll IAT C:\Programme\Internet Explorer\iexplore.exe[2196] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [02632030] C:\Programme\Canon\Easy-WebPrint\EWPCore.dll IAT C:\Programme\Internet Explorer\iexplore.exe[2196] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [02632000] C:\Programme\Canon\Easy-WebPrint\EWPCore.dll IAT C:\Programme\Internet Explorer\iexplore.exe[2196] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [02634C50] C:\Programme\Canon\Easy-WebPrint\EWPCore.dll IAT C:\Programme\Internet Explorer\iexplore.exe[2196] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1A7B] C:\Programme\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[2756] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A12F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[2756] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A12CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[2756] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A12D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[2756] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A12CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wscntfy.exe[2892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00DE2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wscntfy.exe[2892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00DE2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wscntfy.exe[2892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00DE2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wscntfy.exe[2892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00DE2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Internet Explorer\iexplore.exe[3256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A62F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Internet Explorer\iexplore.exe[3256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A62CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Internet Explorer\iexplore.exe[3256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A62D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Internet Explorer\iexplore.exe[3256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A62CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Internet Explorer\iexplore.exe[3360] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00952F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Internet Explorer\iexplore.exe[3360] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00952CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Internet Explorer\iexplore.exe[3360] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00952D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Internet Explorer\iexplore.exe[3360] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00952CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Internet Explorer\iexplore.exe[3360] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [02632070] C:\Programme\Canon\Easy-WebPrint\EWPCore.dll IAT C:\Programme\Internet Explorer\iexplore.exe[3360] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [026320B0] C:\Programme\Canon\Easy-WebPrint\EWPCore.dll IAT C:\Programme\Internet Explorer\iexplore.exe[3360] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [02632030] C:\Programme\Canon\Easy-WebPrint\EWPCore.dll IAT C:\Programme\Internet Explorer\iexplore.exe[3360] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [02632000] C:\Programme\Canon\Easy-WebPrint\EWPCore.dll IAT C:\Programme\Internet Explorer\iexplore.exe[3360] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [02634C50] C:\Programme\Canon\Easy-WebPrint\EWPCore.dll IAT C:\Programme\Internet Explorer\iexplore.exe[3360] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1A7B] C:\Programme\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\Programme\Internet Explorer\iexplore.exe[3440] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A62F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Internet Explorer\iexplore.exe[3440] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A62CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Internet Explorer\iexplore.exe[3440] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A62D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Internet Explorer\iexplore.exe[3440] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A62CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Internet Explorer\iexplore.exe[3440] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [02772070] C:\Programme\Canon\Easy-WebPrint\EWPCore.dll IAT C:\Programme\Internet Explorer\iexplore.exe[3440] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [027720B0] C:\Programme\Canon\Easy-WebPrint\EWPCore.dll IAT C:\Programme\Internet Explorer\iexplore.exe[3440] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [02772030] C:\Programme\Canon\Easy-WebPrint\EWPCore.dll IAT C:\Programme\Internet Explorer\iexplore.exe[3440] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [02772000] C:\Programme\Canon\Easy-WebPrint\EWPCore.dll IAT C:\Programme\Internet Explorer\iexplore.exe[3440] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [02774C50] C:\Programme\Canon\Easy-WebPrint\EWPCore.dll IAT C:\Programme\Internet Explorer\iexplore.exe[3440] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1A7B] C:\Programme\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\unzip\12lszgrn.exe[3484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00342F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\unzip\12lszgrn.exe[3484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00342CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\unzip\12lszgrn.exe[3484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00342D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\unzip\12lszgrn.exe[3484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00342CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 86DDB1F8 AttachedDevice \FileSystem\Ntfs \Ntfs ikhfile.sys (PCTools Research Pty Ltd.) Device \Driver\usbstor \Device\0000008e 84EC51F8 Device \Driver\sptd \Device\788940830 spmi.sys Device \Driver\usbohci \Device\USBPDO-0 86BB21F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 86DDD1F8 Device \Driver\dmio \Device\DmControl\DmConfig 86DDD1F8 Device \Driver\dmio \Device\DmControl\DmPnP 86DDD1F8 Device \Driver\dmio \Device\DmControl\DmInfo 86DDD1F8 Device \Driver\usbehci \Device\USBPDO-1 86C051F8 Device \Driver\sptd \Device\789097080 spmi.sys Device \Driver\Ftdisk \Device\HarddiskVolume1 86D6C1F8 Device \Driver\Cdrom \Device\CdRom0 86B7E1F8 Device \Driver\Cdrom \Device\CdRom1 86B7E1F8 Device \Driver\Cdrom \Device\CdRom2 86B7E1F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 84F2E1F8 Device \Driver\NetBT \Device\NetbiosSmb 84F2E1F8 Device \Driver\usbstor \Device\00000085 84EC51F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{5B82396E-4A73-49DD-BE4B-4386AF267BE9} 84F2E1F8 Device \Driver\PCI_PNP9580 \Device\0000005a spmi.sys Device \Driver\PCI_PNP9580 \Device\0000005b spmi.sys Device \Driver\usbohci \Device\USBFDO-0 86BB21F8 Device \Driver\nvata \Device\0000007a 86DDC1F8 Device \Driver\usbehci \Device\USBFDO-1 86C051F8 Device \Driver\nvata \Device\NvAta0 86DDC1F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 84F1F1F8 Device \Driver\nvata \Device\NvAta1 86DDC1F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 84F1F1F8 Device \Driver\nvata \Device\0000007c 86DDC1F8 Device \Driver\nvata \Device\NvAta2 86DDC1F8 Device \Driver\Ftdisk \Device\FtControl 86D6C1F8 Device \Driver\usbstor \Device\0000008b 84EC51F8 Device \Driver\usbstor \Device\0000008c 84EC51F8 Device \Driver\vdrv9000 \Device\Scsi\vdrv90001Port3Path0Target0Lun0 866E2500 Device \Driver\afe0vfa6 \Device\Scsi\afe0vfa61Port5Path0Target0Lun0 867DE500 Device \Driver\vdrv9000 \Device\Scsi\vdrv90001 866E2500 Device \Driver\afe0vfa6 \Device\Scsi\afe0vfa61 867DE500 Device \Driver\ak52c3j1 \Device\Scsi\ak52c3j11 86A951F8 Device \Driver\afe0vfa6 \Device\Scsi\afe0vfa61Port5Path0Target2Lun0 867DE500 Device \Driver\ak52c3j1 \Device\Scsi\ak52c3j11Port4Path0Target0Lun0 86A951F8 Device \Driver\vdrv9000 \Device\Scsi\vdrv90001Port3Path0Target1Lun0 866E2500 Device \Driver\afe0vfa6 \Device\Scsi\afe0vfa61Port5Path0Target1Lun0 867DE500 Device \Driver\usbstor \Device\0000008d 84EC51F8 Device \FileSystem\Cdfs \Cdfs 84ED01F8 ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\DRIVERS\vdrv9000.sys (*** hidden *** ) [SYSTEM] vdrv9000 <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x98 0x8F 0xC6 0x8A ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x8C 0x12 0x7E 0xEA ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x5C 0xFA 0xA2 0xF6 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBC 0xCB 0x83 0x37 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA6 0xB4 0xE1 0x6E ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD3 0xC1 0xFA 0x30 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x6B 0x72 0xF4 0x3E ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x84 0x4B 0xC3 0x27 ... Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000@ServiceBinary C:\WINDOWS\system32\drivers\VDRV9000.SYS Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000@Group SCSI Miniport Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000@ImagePath system32\DRIVERS\vdrv9000.sys Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000@Start 1 Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000@Type 1 Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000@Tag 34 Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000\Enum Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000\Enum@Count 1 Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000\Enum@NextInstance 1 Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000\Enum@INITSTARTFAILED 1 Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000\Enum@0 Root\SCSIADAPTER\0000 Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000\parameters Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000\parameters\pnpinterface Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000\parameters\pnpinterface@1 1 Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000\security Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000\security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x98 0x8F 0xC6 0x8A ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x8C 0x12 0x7E 0xEA ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x5C 0xFA 0xA2 0xF6 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBC 0xCB 0x83 0x37 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA6 0xB4 0xE1 0x6E ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD3 0xC1 0xFA 0x30 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x6B 0x72 0xF4 0x3E ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x84 0x4B 0xC3 0x27 ... Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000@ServiceBinary C:\WINDOWS\system32\drivers\VDRV9000.SYS Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000@Group SCSI Miniport Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000@ImagePath system32\DRIVERS\vdrv9000.sys Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000@Start 1 Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000@Type 1 Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000@Tag 34 Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\Enum Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\Enum@Count 1 Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\Enum@NextInstance 1 Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\Enum@INITSTARTFAILED 1 Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\Enum@0 Root\SCSIADAPTER\0000 Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\parameters Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\parameters\pnpinterface Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\parameters\pnpinterface@1 1 Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\security Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x98 0x8F 0xC6 0x8A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x8C 0x12 0x7E 0xEA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x5C 0xFA 0xA2 0xF6 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBC 0xCB 0x83 0x37 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA6 0xB4 0xE1 0x6E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD3 0xC1 0xFA 0x30 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x6B 0x72 0xF4 0x3E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x84 0x4B 0xC3 0x27 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000@ServiceBinary C:\WINDOWS\system32\drivers\VDRV9000.SYS Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000@Group SCSI Miniport Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000@ImagePath system32\DRIVERS\vdrv9000.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000@Tag 34 Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\Enum Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\Enum@Count 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\Enum@NextInstance 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\Enum@INITSTARTFAILED 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\Enum@0 Root\SCSIADAPTER\0000 Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\parameters\pnpinterface Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\parameters\pnpinterface@1 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\security Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x98 0x8F 0xC6 0x8A ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x8C 0x12 0x7E 0xEA ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x5C 0xFA 0xA2 0xF6 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBC 0xCB 0x83 0x37 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA6 0xB4 0xE1 0x6E ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD3 0xC1 0xFA 0x30 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x6B 0x72 0xF4 0x3E ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x84 0x4B 0xC3 0x27 ... Reg HKLM\SYSTEM\ControlSet004\Services\vdrv9000@ServiceBinary C:\WINDOWS\system32\drivers\VDRV9000.SYS Reg HKLM\SYSTEM\ControlSet004\Services\vdrv9000@Group SCSI Miniport Reg HKLM\SYSTEM\ControlSet004\Services\vdrv9000@ImagePath system32\DRIVERS\vdrv9000.sys Reg HKLM\SYSTEM\ControlSet004\Services\vdrv9000@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet004\Services\vdrv9000@Start 1 Reg HKLM\SYSTEM\ControlSet004\Services\vdrv9000@Type 1 Reg HKLM\SYSTEM\ControlSet004\Services\vdrv9000@Tag 34 Reg HKLM\SYSTEM\ControlSet004\Services\vdrv9000\Enum Reg HKLM\SYSTEM\ControlSet004\Services\vdrv9000\Enum@Count 1 Reg HKLM\SYSTEM\ControlSet004\Services\vdrv9000\Enum@NextInstance 1 Reg HKLM\SYSTEM\ControlSet004\Services\vdrv9000\Enum@INITSTARTFAILED 1 Reg HKLM\SYSTEM\ControlSet004\Services\vdrv9000\Enum@0 Root\SCSIADAPTER\0000 Reg HKLM\SYSTEM\ControlSet004\Services\vdrv9000\parameters Reg HKLM\SYSTEM\ControlSet004\Services\vdrv9000\parameters\pnpinterface Reg HKLM\SYSTEM\ControlSet004\Services\vdrv9000\parameters\pnpinterface@1 1 Reg HKLM\SYSTEM\ControlSet004\Services\vdrv9000\security Reg HKLM\SYSTEM\ControlSet004\Services\vdrv9000\security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000 ---- EOF - GMER 1.0.15 ----