GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-05-09 08:12:47 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c ST3160815A rev.3.AAC Running: lt9stgwo.exe; Driver: C:\DOCUME~1\olek\USTAWI~1\Temp\pxtdypob.sys ---- System - GMER 1.0.15 ---- SSDT spkg.sys ZwCreateKey [0xBA6A80E0] SSDT spkg.sys ZwEnumerateKey [0xBA6C6CA2] SSDT spkg.sys ZwEnumerateValueKey [0xBA6C7030] SSDT spkg.sys ZwOpenKey [0xBA6A80C0] SSDT spkg.sys ZwQueryKey [0xBA6C7108] SSDT spkg.sys ZwQueryValueKey [0xBA6C6F88] SSDT spkg.sys ZwSetValueKey [0xBA6C719A] INT 0x62 ? 8A855BF8 INT 0x63 ? 8A60EBF8 INT 0x73 ? 8A855BF8 INT 0x73 ? 8A855BF8 INT 0x73 ? 8A60EBF8 INT 0x83 ? 8A60EBF8 INT 0xB1 ? 8A7E8BF8 INT 0xB1 ? 8A7E8BF8 INT 0xB4 ? 8A60EBF8 ---- Kernel code sections - GMER 1.0.15 ---- ? spkg.sys Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB900D380, 0x2ED477, 0xE8000020] .text USBPORT.SYS!DllUnload B8FC962C 5 Bytes JMP 8A60E1D8 .text acym3yk0.SYS B8E92384 1 Byte [20] .text acym3yk0.SYS B8E92384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...] .text acym3yk0.SYS B8E923AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...] .text acym3yk0.SYS B8E923C4 3 Bytes [00, 00, 00] .text acym3yk0.SYS B8E923C9 1 Byte [00] .text ... .text ah0pty38.SYS B8E19386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text ah0pty38.SYS B8E193AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text ah0pty38.SYS B8E193C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH} .text ah0pty38.SYS B8E193C9 1 Byte [2E] .text ah0pty38.SYS B8E193C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL} .text ... ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[4028] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A9040] spkg.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A913C] spkg.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A90BE] spkg.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A97FC] spkg.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A96D2] spkg.sys IAT \SystemRoot\System32\Drivers\acym3yk0.SYS[HAL.dll!KfAcquireSpinLock] 6C000000 IAT \SystemRoot\System32\Drivers\acym3yk0.SYS[HAL.dll!READ_PORT_UCHAR] 56000000 IAT \SystemRoot\System32\Drivers\acym3yk0.SYS[HAL.dll!KeGetCurrentIrql] F4000000 IAT \SystemRoot\System32\Drivers\acym3yk0.SYS[HAL.dll!KfRaiseIrql] EA000000 IAT \SystemRoot\System32\Drivers\acym3yk0.SYS[HAL.dll!KfLowerIrql] 65000000 IAT \SystemRoot\System32\Drivers\acym3yk0.SYS[HAL.dll!HalGetInterruptVector] 7A000000 IAT \SystemRoot\System32\Drivers\acym3yk0.SYS[HAL.dll!HalTranslateBusAddress] AE000000 IAT \SystemRoot\System32\Drivers\acym3yk0.SYS[HAL.dll!KeStallExecutionProcessor] 08000000 IAT \SystemRoot\System32\Drivers\acym3yk0.SYS[HAL.dll!KfReleaseSpinLock] BA000000 IAT \SystemRoot\System32\Drivers\acym3yk0.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 78000000 IAT \SystemRoot\System32\Drivers\acym3yk0.SYS[HAL.dll!READ_PORT_USHORT] 25000000 IAT \SystemRoot\System32\Drivers\acym3yk0.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 2E000000 IAT \SystemRoot\System32\Drivers\acym3yk0.SYS[HAL.dll!WRITE_PORT_UCHAR] 1C000000 IAT \SystemRoot\System32\Drivers\acym3yk0.SYS[WMILIB.SYS!WmiSystemControl] B4000000 IAT \SystemRoot\System32\Drivers\acym3yk0.SYS[WMILIB.SYS!WmiCompleteRequest] C6000000 IAT \SystemRoot\System32\Drivers\ah0pty38.SYS[HAL.dll!KfAcquireSpinLock] 8A000002 IAT \SystemRoot\System32\Drivers\ah0pty38.SYS[HAL.dll!READ_PORT_UCHAR] 83880846 IAT \SystemRoot\System32\Drivers\ah0pty38.SYS[HAL.dll!KeGetCurrentIrql] 000001C0 IAT \SystemRoot\System32\Drivers\ah0pty38.SYS[HAL.dll!KfRaiseIrql] 2C4EB70F IAT \SystemRoot\System32\Drivers\ah0pty38.SYS[HAL.dll!KfLowerIrql] 8303C183 IAT \SystemRoot\System32\Drivers\ah0pty38.SYS[HAL.dll!HalGetInterruptVector] D103FCE1 IAT \SystemRoot\System32\Drivers\ah0pty38.SYS[HAL.dll!HalTranslateBusAddress] 2E7E8366 IAT \SystemRoot\System32\Drivers\ah0pty38.SYS[HAL.dll!KeStallExecutionProcessor] 8D1C7400 IAT \SystemRoot\System32\Drivers\ah0pty38.SYS[HAL.dll!KfReleaseSpinLock] 83893204 IAT \SystemRoot\System32\Drivers\ah0pty38.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00000218 IAT \SystemRoot\System32\Drivers\ah0pty38.SYS[HAL.dll!READ_PORT_USHORT] 2E4EB70F IAT \SystemRoot\System32\Drivers\ah0pty38.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 021C8B89 IAT \SystemRoot\System32\Drivers\ah0pty38.SYS[HAL.dll!WRITE_PORT_UCHAR] B70F0000 IAT \SystemRoot\System32\Drivers\ah0pty38.SYS[WMILIB.SYS!WmiSystemControl] 03D00304 IAT \SystemRoot\System32\Drivers\ah0pty38.SYS[WMILIB.SYS!WmiCompleteRequest] 0CB389F2 IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [BAB395B0] mksidsa.sys IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [BAB39430] mksidsa.sys IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [BAB39690] mksidsa.sys IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [BAB39690] mksidsa.sys IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [BAB395B0] mksidsa.sys IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [BAB39430] mksidsa.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [BAB39430] mksidsa.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [BAB39690] mksidsa.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [BAB395B0] mksidsa.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [BAB39690] mksidsa.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [BAB395B0] mksidsa.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [BAB39430] mksidsa.sys IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [BAB395B0] mksidsa.sys IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [BAB39690] mksidsa.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [BAB39430] mksidsa.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [BAB39690] mksidsa.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [BAB395B0] mksidsa.sys IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [BAB395B0] mksidsa.sys IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [BAB39430] mksidsa.sys IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [BAB39690] mksidsa.sys IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [BAB39690] mksidsa.sys IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [BAB39430] mksidsa.sys IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [BAB395B0] mksidsa.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A8541F8 AttachedDevice \FileSystem\Ntfs \Ntfs MksMonFd.sys AttachedDevice \Driver\Tcpip \Device\Ip mksfwallt.sys Device \Driver\usbuhci \Device\USBPDO-0 8A60D1F8 Device \Driver\PCI_PNP1340 \Device\00000044 spkg.sys Device \Driver\usbuhci \Device\USBPDO-1 8A60D1F8 Device \Driver\PCI_PNP1340 \Device\00000045 spkg.sys Device \Driver\usbuhci \Device\USBPDO-2 8A60D1F8 Device \Driver\usbuhci \Device\USBPDO-3 8A60D1F8 Device \Driver\usbehci \Device\USBPDO-4 8A5DF1F8 AttachedDevice \Driver\Tcpip \Device\Tcp mksfwallt.sys Device \Driver\Ftdisk \Device\HarddiskVolume1 8A7E61F8 Device \Driver\sptd \Device\4177748840 spkg.sys Device \Driver\Cdrom \Device\CdRom0 8A5BA1F8 Device \Driver\Cdrom \Device\CdRom1 8A5BA1F8 Device \Driver\atapi \Device\Ide\IdePort0 8A8551F8 Device \Driver\atapi \Device\Ide\IdePort1 8A8551F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 8A8551F8 Device \Driver\atapi \Device\Ide\IdePort2 8A8551F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 8A8551F8 Device \Driver\atapi \Device\Ide\IdePort3 8A8551F8 Device \Driver\Cdrom \Device\CdRom2 8A5BA1F8 Device \Driver\sptd \Device\4177905090 spkg.sys Device \Driver\NetBT \Device\NetBt_Wins_Export 89AD71F8 Device \Driver\NetBT \Device\NetbiosSmb 89AD71F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{78DEBD2C-1019-4349-8344-1794805DE99D} 89AD71F8 AttachedDevice \Driver\Tcpip \Device\Udp mksfwallt.sys AttachedDevice \Driver\Tcpip \Device\RawIp mksfwallt.sys Device \Driver\usbuhci \Device\USBFDO-0 8A60D1F8 Device \Driver\usbuhci \Device\USBFDO-1 8A60D1F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89ACD1F8 Device \Driver\usbuhci \Device\USBFDO-2 8A60D1F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 89ACD1F8 Device \Driver\usbuhci \Device\USBFDO-3 8A60D1F8 Device \Driver\usbehci \Device\USBFDO-4 8A5DF1F8 Device \Driver\Ftdisk \Device\FtControl 8A7E61F8 Device \Driver\ah0pty38 \Device\Scsi\ah0pty381 8A47B1F8 Device \Driver\acym3yk0 \Device\Scsi\acym3yk01Port5Path0Target0Lun0 8A5AE1F8 Device \Driver\ah0pty38 \Device\Scsi\ah0pty381Port4Path0Target0Lun0 8A47B1F8 Device \Driver\acym3yk0 \Device\Scsi\acym3yk01 8A5AE1F8 Device \FileSystem\Cdfs \Cdfs 8A5281F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00081b84f911 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x69 0x7B 0x5F 0x75 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4D 0x44 0x33 0x8B ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x37 0x0A 0xC9 0x74 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF4 0xF4 0x98 0x70 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x65 0x35 0xC7 0xA2 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x2A 0x2F 0x5D 0xA2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00081b84f911 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x69 0x7B 0x5F 0x75 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4D 0x44 0x33 0x8B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x37 0x0A 0xC9 0x74 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF4 0xF4 0x98 0x70 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x65 0x35 0xC7 0xA2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x2A 0x2F 0x5D 0xA2 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00081b84f911 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x69 0x7B 0x5F 0x75 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4D 0x44 0x33 0x8B ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x37 0x0A 0xC9 0x74 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF4 0xF4 0x98 0x70 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x65 0x35 0xC7 0xA2 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x2A 0x2F 0x5D 0xA2 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Documents and Settings\zbyszek\Moje dokumenty\MotionTitles\-Looks\Standard\01 \x2013 Soft Shadow Looks.ixLook 1 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ... ---- EOF - GMER 1.0.15 ----