GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-06-04 11:48:00 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD2500BEVE-00WZT0 rev.01.01A01 Running: iux725lo.exe; Driver: C:\DOCUME~1\Piotr\USTAWI~1\Temp\uwldqpow.sys ---- System - GMER 1.0.15 ---- SSDT 893A9C90 ZwAssignProcessToJobObject SSDT 893AA200 ZwDebugActiveProcess SSDT 893AA2F0 ZwDuplicateObject SSDT 893A9590 ZwOpenProcess SSDT 893A9800 ZwOpenThread SSDT 893A9FD0 ZwProtectVirtualMemory SSDT 893AA0E0 ZwQueueApcThread SSDT 893A9EC0 ZwSetContextThread SSDT 893A9D90 ZwSetInformationThread SSDT 893A6DA0 ZwSetSecurityObject SSDT 893A9B90 ZwSuspendProcess SSDT 893A9A80 ZwSuspendThread SSDT 893A96E0 ZwTerminateProcess SSDT 893A9A50 ZwTerminateThread SSDT 893AA6D0 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- init C:\WINDOWSH\system32\drivers\senfilt.sys entry point in "init" section [0xF6D58900] .text C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl section is writeable [0xA9B5F000, 0x2BE8, 0xE8000020] .vmp2 C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl entry point in ".vmp2" section [0xA9B81666] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[892] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00] .text C:\WINDOWSH\system32\SearchIndexer.exe[1908] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWSH\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2700] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0116817F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2700] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 014102BC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2700] kernel32.dll!MapViewOfFile 7C80B9A5 5 Bytes JMP 01410295 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2700] GDI32.dll!CreateDIBSection 77F19E19 5 Bytes JMP 0141021F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[3632] @ C:\WINDOWSH\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWSH\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[3632] @ C:\WINDOWSH\system32\RPCRT4.dll [ADVAPI32.dll!OpenServiceW] [594307BA] C:\WINDOWSH\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[3632] @ C:\WINDOWSH\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWSH\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[3632] @ C:\WINDOWSH\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWSH\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[3632] @ C:\WINDOWSH\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWSH\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[3632] @ C:\WINDOWSH\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWSH\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[3632] @ C:\WINDOWSH\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWSH\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[3632] @ C:\WINDOWSH\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWSH\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[3632] @ C:\WINDOWSH\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWSH\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[3632] @ C:\WINDOWSH\system32\SHELL32.dll [ADVAPI32.dll!ControlService] [594307DD] C:\WINDOWSH\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[3632] @ C:\WINDOWSH\system32\SHELL32.dll [ADVAPI32.dll!OpenServiceW] [594307BA] C:\WINDOWSH\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[3632] @ C:\WINDOWSH\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWSH\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[3632] @ C:\WINDOWSH\system32\CRYPT32.dll [ADVAPI32.dll!OpenServiceW] [594307BA] C:\WINDOWSH\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[3632] @ C:\WINDOWSH\system32\CRYPT32.dll [ADVAPI32.dll!ControlService] [594307DD] C:\WINDOWSH\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[3632] @ C:\WINDOWSH\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWSH\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[3632] @ C:\WINDOWSH\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWSH\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[3632] @ C:\WINDOWSH\system32\netapi32.dll [ADVAPI32.dll!OpenServiceA] [59430797] C:\WINDOWSH\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[3632] @ C:\WINDOWSH\system32\netapi32.dll [ADVAPI32.dll!ControlService] [594307DD] C:\WINDOWSH\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[3632] @ C:\WINDOWSH\system32\netapi32.dll [ADVAPI32.dll!OpenServiceW] [594307BA] C:\WINDOWSH\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[3632] @ C:\WINDOWSH\system32\netapi32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWSH\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWSH\Explorer.EXE[3692] @ C:\WINDOWSH\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWSH\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWSH\Explorer.EXE[3692] @ C:\WINDOWSH\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWSH\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWSH\Explorer.EXE[3692] @ C:\WINDOWSH\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWSH\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWSH\Explorer.EXE[3692] @ C:\WINDOWSH\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWSH\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWSH\Explorer.EXE[3692] @ C:\WINDOWSH\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWSH\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWSH\Explorer.EXE[3692] @ C:\WINDOWSH\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWSH\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWSH\Explorer.EXE[3692] @ C:\WINDOWSH\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWSH\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWSH\Explorer.EXE[3692] @ C:\WINDOWSH\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWSH\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWSH\Explorer.EXE[3692] @ C:\WINDOWSH\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWSH\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWSH\Explorer.EXE[3692] @ C:\WINDOWSH\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWSH\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWSH\Explorer.EXE[3692] @ C:\WINDOWSH\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWSH\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWSH\Explorer.EXE[3692] @ C:\WINDOWSH\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWSH\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWSH\Explorer.EXE[3692] @ C:\WINDOWSH\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWSH\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWSH\Explorer.EXE[3692] @ C:\WINDOWSH\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWSH\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWSH\Explorer.EXE[3692] @ C:\WINDOWSH\system32\ws2_32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWSH\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWSH\Explorer.EXE[3692] @ C:\WINDOWSH\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWSH\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWSH\Explorer.EXE[3692] @ C:\WINDOWSH\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWSH\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET) AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet003\Services\sptd@Type 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd@Start 4 Reg HKLM\SYSTEM\ControlSet003\Services\sptd@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd@Tag 7 Reg HKLM\SYSTEM\ControlSet003\Services\sptd@ImagePath System32\Drivers\sptd.sys Reg HKLM\SYSTEM\ControlSet003\Services\sptd@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet003\Services\sptd@Set 111818945 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg@g0 0x38 0x23 0xE8 0xD0 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x71 0x8E 0xBD 0xAA ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8F 0x4A 0xC1 0x46 ... Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWSH\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWSH\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWSH\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWSH\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x6B 0x65 0x49 0x6A ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWSH\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWSH\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWSH\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWSH\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWSH\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xB2 0x46 0x9A 0xE2 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWSH\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWSH\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWSH\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{27AD7900-2F95-29F6-9182-215ADE2B8211} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{27AD7900-2F95-29F6-9182-215ADE2B8211}@nalgkgdnbjijdajncjeoecpjdncb 0x6A 0x61 0x63 0x6C ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{27AD7900-2F95-29F6-9182-215ADE2B8211}@oabgamafiffbbiclffmfabclbicnnk 0x6A 0x61 0x63 0x6C ... ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\All Users.WINDOWSH\Dane aplikacji\ESET\ESET NOD32 Antivirus\Updfiles\continuous\nod0A66.nup 0 bytes File C:\Documents and Settings\All Users.WINDOWSH\Dane aplikacji\ESET\ESET NOD32 Antivirus\Updfiles\continuous\nod131A.nup 0 bytes File C:\WINDOWSH\KB2718704.log 3787 bytes File C:\WINDOWSH\LastGood 0 bytes File C:\WINDOWSH\LastGood\INF 0 bytes File C:\WINDOWSH\LastGood\INF\oem59.inf 0 bytes File C:\WINDOWSH\LastGood\INF\oem59.PNF 0 bytes ---- EOF - GMER 1.0.15 ----