GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-07-07 21:50:46 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST98823A rev.3.06 Running: 3jgovc3w.exe; Driver: C:\DOCUME~1\Monika\USTAWI~1\Temp\fxtdapow.sys ---- System - GMER 1.0.15 ---- SSDT spwr.sys ZwCreateKey [0xF74D60E0] SSDT spwr.sys ZwEnumerateKey [0xF74F4CA4] SSDT spwr.sys ZwEnumerateValueKey [0xF74F5032] SSDT spwr.sys ZwOpenKey [0xF74D60C0] SSDT spwr.sys ZwQueryKey [0xF74F510A] SSDT spwr.sys ZwQueryValueKey [0xF74F4F8A] SSDT spwr.sys ZwSetValueKey [0xF74F519C] INT 0x62 ? 8A35FBF8 INT 0x73 ? 8A2DDBF8 INT 0x84 ? 8A2DDBF8 INT 0x94 ? 8A2DDBF8 INT 0xA4 ? 8A2DDBF8 ---- Kernel code sections - GMER 1.0.15 ---- ? spwr.sys Nie można odnaleźć określonego pliku. ! .text USBPORT.SYS!DllUnload BAD508AC 5 Bytes JMP 8A2DD1D8 .text a6827hmp.SYS BACAF386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text a6827hmp.SYS BACAF3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text a6827hmp.SYS BACAF3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH} .text a6827hmp.SYS BACAF3C9 1 Byte [2E] .text a6827hmp.SYS BACAF3C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...] .text ... ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A3622D8 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7507C4C] spwr.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7507CA0] spwr.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D7042] spwr.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D713E] spwr.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D70C0] spwr.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D7800] spwr.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D76D6] spwr.sys IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A2DD2D8 IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74E6E9C] spwr.sys IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8D52FF55 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!swprintf] 8D51F84D IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!KeSetEvent] 5052F455 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoCreateSymbolicLink] EACAE856 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoGetConfigurationInformation] C483FFFF IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 0FC08520 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!MmFreeMappingAddress] 0001AD85 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 46B70F00 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoDisconnectInterrupt] F44D8B48 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!MmUnmapIoSpace] C1815753 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 00011D90 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IofCompleteRequest] 467C8D51 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 77CEE84A IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IofCallDriver] D88BFFFF IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 8504C483 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 5F0A75DB IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoConnectInterrupt] 5B08438D IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoDetachDevice] 5DE58B5E IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!KeWaitForSingleObject] 1D9068C3 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!KeInitializeEvent] 006A0001 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!KeCancelTimer] 88AEE853 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 558DFFFF IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!RtlInitAnsiString] 90838DF8 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 5200011D IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoQueueWorkItem] 03895750 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!MmMapIoSpace] FFF363E8 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0C458AFF IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoReportDetectedDevice] 8B104D8B IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoReportResourceForDetection] 43881855 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 1C458B08 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!NlsMbCodePageTag] 0F544389 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!PoRequestPowerIrp] 89FF45B6 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 4D8B0C4B IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 50538920 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!sprintf] 8824558B IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 4B890A43 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!ObfDereferenceObject] 5C538958 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 8306468A IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 3F2418C4 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!ZwClose] 74FF4588 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] F8B60F79 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 1A8C8B8D IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 8D510000 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 50572846 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoCreateDevice] 00D2F7E8 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 80938D00 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 5200001B IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 5728468D IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!ZwOpenKey] ECF6E850 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!RtlFreeUnicodeString] B60F0000 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoStartTimer] 938DFF45 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!KeInitializeTimer] 0000026B IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoInitializeTimer] B908C683 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!KeInitializeDpc] 00000008 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!KeInitializeSpinLock] A5F3FA8B IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoInitializeIrp] 8808758B IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!ZwCreateKey] 00026883 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 06468A00 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 8306E8C0 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!ZwSetValueKey] 023C18C4 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!KeInsertQueueDpc] 02698388 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 19750000 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoStartPacket] 028C8B8D IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52510000 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 00C287E8 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoFreeMdl] 08C48300 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!MmUnlockPages] 0575C085 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] EB08708D IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 07568A54 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 026A9388 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 83660000 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!KeSynchronizeExecution] 7601487E IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoStartNextPacket] 4AC68305 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!KeBugCheckEx] F63302EB IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 5614458B IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!KeSetTimer] 79E85350 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!_allmul] 8BFFFFF4 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!MmProbeAndLockPages] 83FF33F0 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!_except_handler3] F73B0CC4 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!PoSetPowerState] 7D801E75 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 850F050C IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 00000090 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 51F84D8B IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!_aulldiv] F84AE853 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!strstr] C483FFFF IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!_strupr] 75C08408 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!KeQuerySystemTime] 08778D76 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoWMIRegistrationControl] F34AE853 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!KeTickCount] C483FFFF IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 00F46804 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoDeleteDevice] 938D0000 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 00001A8C IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoAllocateWorkItem] E852006A IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoAllocateIrp] FFFF878C IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoAllocateMdl] 0000F468 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 80838D00 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!MmLockPagableDataSection] 6A00001B IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 79E85000 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 33FFFF87 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!ExFreePoolWithTag] 6B8389C0 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoFreeIrp] 89000002 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!IoFreeWorkItem] 00026F83 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!InitSafeBootMode] 73838900 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!RtlCompareMemory] 89000002 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!PoCallDriver] 00027783 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!memmove] 7B838900 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[ntoskrnl.exe!MmHighestUserAddress] 89000002 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[HAL.dll!KfAcquireSpinLock] CCCCCCC3 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[HAL.dll!READ_PORT_UCHAR] CCCCCCCC IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[HAL.dll!KeGetCurrentIrql] CCCCCCCC IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[HAL.dll!KfRaiseIrql] CCCCCCCC IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[HAL.dll!KfLowerIrql] 8BEC8B55 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[HAL.dll!HalGetInterruptVector] 00C73445 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[HAL.dll!HalTranslateBusAddress] 00000000 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[HAL.dll!KeStallExecutionProcessor] 830C458B IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[HAL.dll!KfReleaseSpinLock] C0840CEC IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 053C0D74 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[HAL.dll!READ_PORT_USHORT] 57B80974 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 8B000000 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[HAL.dll!WRITE_PORT_UCHAR] 56C35DE5 IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[WMILIB.SYS!WmiSystemControl] 8D51FC4D IAT \SystemRoot\System32\Drivers\a6827hmp.SYS[WMILIB.SYS!WmiCompleteRequest] 8D52FD55 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A35E1F8 Device \FileSystem\Fastfat \FatCdrom 8A0AA1F8 Device \Driver\USBSTOR \Device\0000009b 8A0D5500 AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \Driver\usbuhci \Device\USBPDO-0 8A2241F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A3D11F8 Device \Driver\dmio \Device\DmControl\DmConfig 8A3D11F8 Device \Driver\dmio \Device\DmControl\DmPnP 8A3D11F8 Device \Driver\dmio \Device\DmControl\DmInfo 8A3D11F8 Device \Driver\usbuhci \Device\USBPDO-1 8A2241F8 Device \Driver\usbuhci \Device\USBPDO-2 8A2241F8 Device \Driver\usbuhci \Device\USBPDO-3 8A2241F8 Device \Driver\usbehci \Device\USBPDO-4 8A25B468 Device \Driver\Ftdisk \Device\HarddiskVolume1 8A3601F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 8A3601F8 Device \Driver\Cdrom \Device\CdRom0 8A2D01F8 Device \Driver\PCI_PNP4862 \Device\00000059 spwr.sys Device \Driver\PCI_PNP4862 \Device\00000059 spwr.sys Device \Driver\atapi \Device\Ide\IdePort0 [F7A40B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7A40B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F7A40B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7A40B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Ftdisk \Device\HarddiskVolume3 8A3601F8 Device \Driver\Cdrom \Device\CdRom1 8A2D01F8 Device \Driver\usbuhci \Device\USBFDO-0 8A2241F8 Device \Driver\usbuhci \Device\USBFDO-1 8A2241F8 Device \Driver\usbuhci \Device\USBFDO-2 8A2241F8 Device \Driver\usbuhci \Device\USBFDO-3 8A2241F8 Device \Driver\usbehci \Device\USBFDO-4 8A25B468 Device \Driver\sptd \Device\4041159862 spwr.sys Device \Driver\Ftdisk \Device\FtControl 8A3601F8 Device \Driver\a6827hmp \Device\Scsi\a6827hmp1 8A1B01F8 Device \Driver\a6827hmp \Device\Scsi\a6827hmp1Port2Path0Target0Lun0 8A1B01F8 Device \Driver\USBSTOR \Device\0000009a 8A0D5500 Device \FileSystem\Fastfat \Fat 8A0AA1F8 Device \FileSystem\Cdfs \Cdfs 8A0611F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x09 0x96 0x52 0x26 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x6E 0x97 0x44 0x54 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x49 0x5A 0xBE 0xF8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x6D 0x1F 0xB7 0x65 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x6E 0x97 0x44 0x54 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x45 0x8C 0x99 0xFB ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x6D 0x1F 0xB7 0x65 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x6E 0x97 0x44 0x54 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x45 0x8C 0x99 0xFB ... ---- EOF - GMER 1.0.15 ----