Codice:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-17 16:23:59
Windows 6.1.7600 Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-0 MAXTOR_STM3500320AS rev.MX15
Running: 188k24vg.exe; Driver: C:\Users\Walter\AppData\Local\Temp\kxryqpow.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x901ABBAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x901AB9D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x901ABB0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 830738E9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 830933B2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE ntoskrnl.exe!ZwLoadDriver 831DF124 7 Bytes JMP 901ABB10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 8321FD9F 5 Bytes JMP 901A75D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!RtlCompareUnicodeStrings + 50C 8324714A 5 Bytes JMP 901A9012 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!NtCreateSection 83290E75 7 Bytes JMP 901AB9D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8330F6FE 7 Bytes JMP 901ABBB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? System32\Drivers\spwk.sys Impossibile trovare il percorso specificato. !
.text USBPORT.SYS!DllUnload 922F0CA0 5 Bytes JMP 862171D8
.text aps968wy.SYS 90349000 2 Bytes [44, C8]
.text aps968wy.SYS 90349003 9 Bytes [83, EE, C6, 00, 83, A0, A7, ...] {SUB ESI, -0x3a; ADD [EBX-0x7cff5860], AL}
.text aps968wy.SYS 9034900D 9 Bytes [A7, 00, 83, 48, CB, 00, 83, ...] {CMPSD ; ADD [EBX-0x7cff34b8], AL; ADD [EAX], AL}
.text aps968wy.SYS 90349017 85 Bytes [00, DE, 47, B0, 89, E6, 45, ...]
.text aps968wy.SYS 9034906E 83 Bytes [07, 83, 50, 21, 09, 83, EC, ...]
.text ...
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA4464300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA44A7300, 0x1BEE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1712] kernel32.dll!SetUnhandledExceptionFilter 760B3142 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Mozilla Firefox\firefox.exe[1776] ntdll.dll!LdrLoadDll 77C6F585 5 Bytes JMP 013C13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Tunngle\TnglCtrl.exe[3144] ntdll.dll!DbgBreakPoint 77C43540 1 Byte [90]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5312] USER32.dll!TrackPopupMenu 770A4B3B 5 Bytes JMP 5C3F2342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\pci.sys[ntoskrnl.exe!IoDetachDevice] [89A32DDC] \SystemRoot\System32\Drivers\spwk.sys
IAT \SystemRoot\system32\DRIVERS\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [89A32E30] \SystemRoot\System32\Drivers\spwk.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [89A08042] \SystemRoot\System32\Drivers\spwk.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [89A086D6] \SystemRoot\System32\Drivers\spwk.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [89A08800] \SystemRoot\System32\Drivers\spwk.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [89A0813E] \SystemRoot\System32\Drivers\spwk.sys
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] [005AB7E8] \Windows\System32\autochk.exe (Auto Check Utility/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[NTOSKRNL.exe!KeTickCount] 78801875
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7487250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74872494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74855624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [748556E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74868573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74864D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [748650CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [748651A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [748666D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [748682CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74868819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7486907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7486E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74864C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2096] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75CB5D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2096] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75CB5D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2096] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75CB5D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2096] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75CB5D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8507A1F8
Device \FileSystem\fastfat \FatCdrom 8606C500
Device \Driver\volmgr \Device\VolMgrControl 850761F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{79EAFBA8-AED8-4F56-BCD4-45D265993702} 861371F8
Device \Driver\usbuhci \Device\USBPDO-0 862181F8
Device \Driver\usbuhci \Device\USBPDO-1 862181F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{118998DA-A708-44ED-A006-7C5C7AB03063} 861371F8
Device \Driver\usbuhci \Device\USBPDO-2 862181F8
Device \Driver\usbuhci \Device\USBPDO-3 862181F8
Device \Driver\usbehci \Device\USBPDO-4 863321F8
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\usbohci \Device\USBPDO-5 863751F8
Device \Driver\usbohci \Device\USBPDO-6 863751F8
Device \Driver\PCI_PNP7970 \Device\00000063 spwk.sys
Device \Driver\volmgr \Device\HarddiskVolume1 850761F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-7 863321F8
Device \Driver\ACPI_HAL \Device\00000058 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume2 850761F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 860B11F8
Device \Driver\atapi \Device\Ide\IdePort0 850781F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 850781F8
Device \Driver\atapi \Device\Ide\IdePort1 850781F8
Device \Driver\atapi \Device\Ide\IdePort2 850781F8
Device \Driver\atapi \Device\Ide\IdePort3 850781F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 850781F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-4 850781F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-6 850781F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-0 850781F8
Device \Driver\volmgr \Device\HarddiskVolume3 850761F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom1 860B11F8
Device \Driver\sptd \Device\112027970 spwk.sys
Device \Driver\volmgr \Device\HarddiskVolume4 850761F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom2 860B11F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 861371F8
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\usbuhci \Device\USBFDO-0 862181F8
Device \Driver\usbuhci \Device\USBFDO-1 862181F8
Device \Driver\usbuhci \Device\USBFDO-2 862181F8
Device \Driver\usbuhci \Device\USBFDO-3 862181F8
Device \Driver\usbehci \Device\USBFDO-4 863321F8
Device \Driver\usbohci \Device\USBFDO-5 863751F8
Device \Driver\usbohci \Device\USBFDO-6 863751F8
Device \Driver\usbehci \Device\USBFDO-7 863321F8
Device \Driver\aps968wy \Device\Scsi\aps968wy1Port4Path0Target0Lun0 863771F8
Device \Driver\aps968wy \Device\Scsi\aps968wy1 863771F8
Device \FileSystem\fastfat \Fat 8606C500
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestione filtri file system Microsoft/Microsoft Corporation)
Device \FileSystem\cdfs \Cdfs 860AB1F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc000647
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc000647@0018090412e3 0x8D 0x24 0x8D 0x29 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc000647@1886ac51eaaf 0xFC 0xD6 0xFC 0x6A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xED 0x81 0x0C 0xA9 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFB 0xE3 0xBC 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCD 0x0B 0x36 0x3D ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc000647 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc000647@0018090412e3 0x8D 0x24 0x8D 0x29 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc000647@1886ac51eaaf 0xFC 0xD6 0xFC 0x6A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xED 0x81 0x0C 0xA9 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFB 0xE3 0xBC 0xE8 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCD 0x0B 0x36 0x3D ...
---- EOF - GMER 1.0.15 ----