GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-06-24 18:05:48 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS721010G9SA00 rev.MCZOC10H Running: oqw4wcrr.exe; Driver: C:\DOCUME~1\Wojtek\USTAWI~1\Temp\pxtdapob.sys ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA0 0x01 0xD5 0x58 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x37 0x9C 0x5C 0x15 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE6 0xEF 0x72 0x20 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C79D6DB4-E2CB-AD96-2F2D-E60292B76ECF} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C79D6DB4-E2CB-AD96-2F2D-E60292B76ECF}@ablkffpblnacihlalekhpfikobhkbpchph 0x70 0x61 0x6E 0x6B ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C79D6DB4-E2CB-AD96-2F2D-E60292B76ECF}@mamkcgfcndpfkcgecgkkgogdca 0x6F 0x61 0x6C 0x61 ... ---- EOF - GMER 1.0.15 ----