GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-06-27 14:08:12 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.890B Running: gmer.exe; Driver: C:\Users\Adamo\AppData\Local\Temp\uglorpoc.sys ---- System - GMER 1.0.15 ---- INT 0x52 ? 863DDF00 INT 0x62 ? 849DABF8 INT 0x72 ? 84048BF8 INT 0x92 ? 84048BF8 INT 0x92 ? 84048BF8 INT 0x92 ? 863DDF00 INT 0x92 ? 863DDF00 INT 0x93 ? 863DDF00 INT 0xA3 ? 863DDF00 INT 0xA3 ? 863DDF00 INT 0xA3 ? 863DDF00 INT 0xB3 ? 863DDF00 ---- Kernel code sections - GMER 1.0.15 ---- ? System32\Drivers\spmo.sys System nie może odnaleźć określonej ścieżki. ! .text USBPORT.SYS!DllUnload 8C18D41B 5 Bytes JMP 863DD4E0 ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1480] kernel32.dll!SetUnhandledExceptionFilter 776AA8C5 4 Bytes [C2, 04, 00, 00] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtCreateFile + 6 7790424A 4 Bytes [28, 00, 2C, 00] {SUB [EAX], AL; SUB AL, 0x0} .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtCreateFile + B 7790424F 1 Byte [E2] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtMapViewOfSection + 6 7790499A 1 Byte [28] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtMapViewOfSection + 6 7790499A 4 Bytes [28, 03, 2C, 00] {SUB [EBX], AL; SUB AL, 0x0} .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtMapViewOfSection + B 7790499F 1 Byte [E2] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenFile + 6 77904A2A 4 Bytes [68, 00, 2C, 00] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenFile + B 77904A2F 1 Byte [E2] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenProcess + 6 77904AAA 4 Bytes [A8, 01, 2C, 00] {TEST AL, 0x1; SUB AL, 0x0} .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenProcess + B 77904AAF 1 Byte [E2] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenProcessToken + 6 77904ABA 4 Bytes CALL 769076C0 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenProcessToken + B 77904ABF 1 Byte [E2] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenProcessTokenEx + 6 77904ACA 4 Bytes [A8, 02, 2C, 00] {TEST AL, 0x2; SUB AL, 0x0} .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenProcessTokenEx + B 77904ACF 1 Byte [E2] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenThread + 6 77904B1A 4 Bytes [68, 01, 2C, 00] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenThread + B 77904B1F 1 Byte [E2] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenThreadToken + 6 77904B2A 4 Bytes [68, 02, 2C, 00] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenThreadToken + B 77904B2F 1 Byte [E2] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenThreadTokenEx + 6 77904B3A 4 Bytes CALL 76907741 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenThreadTokenEx + B 77904B3F 1 Byte [E2] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtQueryAttributesFile + 6 77904BCA 4 Bytes [A8, 00, 2C, 00] {TEST AL, 0x0; SUB AL, 0x0} .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtQueryAttributesFile + B 77904BCF 1 Byte [E2] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtQueryFullAttributesFile + 6 77904C7A 4 Bytes CALL 7690787F C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtQueryFullAttributesFile + B 77904C7F 1 Byte [E2] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtSetInformationFile + 6 7790515A 4 Bytes [28, 01, 2C, 00] {SUB [ECX], AL; SUB AL, 0x0} .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtSetInformationFile + B 7790515F 1 Byte [E2] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtSetInformationThread + 6 779051AA 4 Bytes [28, 02, 2C, 00] {SUB [EDX], AL; SUB AL, 0x0} .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtSetInformationThread + B 779051AF 1 Byte [E2] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtUnmapViewOfSection + 6 7790544A 1 Byte [68] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtUnmapViewOfSection + 6 7790544A 4 Bytes [68, 03, 2C, 00] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtUnmapViewOfSection + B 7790544F 1 Byte [E2] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtCreateFile + 6 7790424A 4 Bytes [28, 00, 52, 00] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtCreateFile + B 7790424F 1 Byte [E2] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtMapViewOfSection + 6 7790499A 1 Byte [28] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtMapViewOfSection + 6 7790499A 4 Bytes [28, 03, 52, 00] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtMapViewOfSection + B 7790499F 1 Byte [E2] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenFile + 6 77904A2A 4 Bytes [68, 00, 52, 00] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenFile + B 77904A2F 1 Byte [E2] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenProcess + 6 77904AAA 4 Bytes [A8, 01, 52, 00] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenProcess + B 77904AAF 1 Byte [E2] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenProcessToken + 6 77904ABA 4 Bytes CALL 76909CC0 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenProcessToken + B 77904ABF 1 Byte [E2] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenProcessTokenEx + 6 77904ACA 4 Bytes [A8, 02, 52, 00] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenProcessTokenEx + B 77904ACF 1 Byte [E2] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenThread + 6 77904B1A 4 Bytes [68, 01, 52, 00] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenThread + B 77904B1F 1 Byte [E2] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenThreadToken + 6 77904B2A 4 Bytes [68, 02, 52, 00] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenThreadToken + B 77904B2F 1 Byte [E2] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenThreadTokenEx + 6 77904B3A 4 Bytes CALL 76909D41 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenThreadTokenEx + B 77904B3F 1 Byte [E2] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtQueryAttributesFile + 6 77904BCA 4 Bytes [A8, 00, 52, 00] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtQueryAttributesFile + B 77904BCF 1 Byte [E2] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtQueryFullAttributesFile + 6 77904C7A 4 Bytes CALL 76909E7F C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtQueryFullAttributesFile + B 77904C7F 1 Byte [E2] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtSetInformationFile + 6 7790515A 4 Bytes [28, 01, 52, 00] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtSetInformationFile + B 7790515F 1 Byte [E2] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtSetInformationThread + 6 779051AA 4 Bytes [28, 02, 52, 00] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtSetInformationThread + B 779051AF 1 Byte [E2] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtUnmapViewOfSection + 6 7790544A 1 Byte [68] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtUnmapViewOfSection + 6 7790544A 4 Bytes [68, 03, 52, 00] .text C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtUnmapViewOfSection + B 7790544F 1 Byte [E2] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806926D6] \SystemRoot\System32\Drivers\spmo.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80692042] \SystemRoot\System32\Drivers\spmo.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80692800] \SystemRoot\System32\Drivers\spmo.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806920C0] \SystemRoot\System32\Drivers\spmo.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069213E] \SystemRoot\System32\Drivers\spmo.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A1B90] \SystemRoot\System32\Drivers\spmo.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74567817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [745AB4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7456BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7455F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [745675E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7455E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [745973F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7456DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7455FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7455FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [745571CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [745ECAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7458C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7455D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74556853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7455687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74562AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[3248] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 IAT C:\Users\Adamo\AppData\Local\Google\Chrome\Application\chrome.exe[5092] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 849DD1F8 AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) Device \Driver\netbt \Device\NetBT_Tcpip_{A43D3BC4-55A3-447E-B7BB-1644633FD8E3} 8FBEC500 Device \Driver\volmgr \Device\VolMgrControl 8404A1F8 Device \Driver\usbuhci \Device\USBPDO-0 864951F8 Device \Driver\usbuhci \Device\USBPDO-1 864951F8 Device \Driver\usbehci \Device\USBPDO-2 864A11F8 Device \Driver\usbuhci \Device\USBPDO-3 864951F8 Device \Driver\usbuhci \Device\USBPDO-4 864951F8 AttachedDevice \Driver\tdx \Device\Tcp epfwtdir.sys Device \Driver\usbuhci \Device\USBPDO-5 864951F8 Device \Driver\usbehci \Device\USBPDO-6 864A11F8 Device \Driver\volmgr \Device\HarddiskVolume1 8404A1F8 Device \Driver\volmgr \Device\HarddiskVolume2 8404A1F8 Device \Driver\cdrom \Device\CdRom0 86453500 Device \Driver\iaStor \Device\Ide\iaStor0 [878FF620] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 849DB1F8 Device \Driver\atapi \Device\Ide\IdePort0 849DB1F8 Device \Driver\atapi \Device\Ide\IdePort1 849DB1F8 Device \Driver\atapi \Device\Ide\IdePort2 849DB1F8 Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [878FF620] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\volmgr \Device\HarddiskVolume3 8404A1F8 Device \Driver\cdrom \Device\CdRom1 86453500 Device \Driver\BTHUSB \Device\00000081 bthport.sys (Sterownik magistrali Bluetooth/Microsoft Corporation) Device \Driver\BTHUSB \Device\00000083 bthport.sys (Sterownik magistrali Bluetooth/Microsoft Corporation) Device \Driver\netbt \Device\NetBt_Wins_Export 8FBEC500 Device \Driver\Smb \Device\NetbiosSmb 83BFB1F8 Device \Driver\netbt \Device\NetBT_Tcpip_{E85A1D6F-CAF3-4A84-92EB-B4D7F8D9E6CF} 8FBEC500 Device \Driver\iScsiPrt \Device\RaidPort0 8634A1F8 Device \FileSystem\cdfs \Cdfs 854EC1F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37a00572 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37a00572@6c9b02703f5c 0x97 0x39 0x79 0x6B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x71 0x47 0x22 0xE5 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x32 0xB0 0x41 0x0C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4D 0x56 0xA9 0x5C ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37a00572 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37a00572@6c9b02703f5c 0x97 0x39 0x79 0x6B ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x71 0x47 0x22 0xE5 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x32 0xB0 0x41 0x0C ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4D 0x56 0xA9 0x5C ... ---- EOF - GMER 1.0.15 ----