GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2010-11-17 20:46:19 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0 ST316081 rev.3.AA Running: 9rmoslx5.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\pxtdypob.sys ---- System - GMER 1.0.15 ---- SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcess [0xB53CDE5C] SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcessEx [0xB53CDE76] SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateThread [0xB53CD014] SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwLoadDriver [0xB53CD340] SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwMapViewOfSection [0xB53CCD3C] SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwOpenSection [0xB53CD776] SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwRenameKey [0xB53CEA0E] SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSetSystemInformation [0xB53CD5C8] SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendProcess [0xB53CCBBE] SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendThread [0xB53CD048] SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSystemDebugControl [0xB53CD1C8] SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA865C620] SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwTerminateThread [0xB53CCC76] SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwWriteVirtualMemory [0xB53CD10E] Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2EE4 80504780 4 Bytes JMP 589CB53C .text ntkrnlpa.exe!ZwCallbackReturn + 2FD8 80504874 12 Bytes [BE, CB, 3C, B5, 48, D0, 3C, ...] {MOV ESI, 0x48b53ccb; SAR BYTE [ESI*4-0x4ac32e38], 0x1} PAGE ntkrnlpa.exe!IoCreateDevice 805758EE 5 Bytes JMP B7DDC116 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) PAGENPNP NDIS.SYS!NdisRegisterProtocol B7DAC17F 5 Bytes JMP B7DDBF26 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) PAGENPNP NDIS.SYS!NdisOpenAdapter B7DAC399 5 Bytes JMP B7DDC4B0 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) PAGENPNP NDIS.SYS!NdisCloseAdapter B7DB6642 5 Bytes JMP B7DDC034 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) PAGENPNP NDIS.SYS!NdisDeregisterProtocol B7DB6821 5 Bytes JMP B7DDC2CC fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) PAGENDSP NDIS.SYS!NdisReturnPackets B7DB9810 5 Bytes JMP B7DDCE38 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) PAGENDSP NDIS.SYS!NdisRequest B7DB997B 5 Bytes JMP B7DDC7D8 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) PAGENDSP NDIS.SYS!NdisSend B7DBC986 5 Bytes JMP B7DDD7B8 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) PAGENDSP NDIS.SYS!NdisSendPackets B7DBC9A3 5 Bytes JMP B7DDD88A fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) PAGENDSP NDIS.SYS!NdisTransferData B7DBC9BE 5 Bytes JMP B7DDCF36 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) PAGENDCO NDIS.SYS!NdisCoCreateVc B7DC3186 5 Bytes JMP B7DDBF92 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) PAGENDCO NDIS.SYS!NdisCoDeleteVc B7DC4557 5 Bytes JMP B7DDC000 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) PAGENDCO NDIS.SYS!NdisCoSendPackets B7DC4AF1 5 Bytes JMP B7DDD5A2 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB66BF380, 0x550AF5, 0xE8000020] init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xA97A0A00] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[188] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 006B000C .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[188] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 006B100C .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[188] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006B200C .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[188] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 006B300C .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[188] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 006B700C .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[188] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 006B500C .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[188] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 006B600C .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[188] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 006B800C .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[188] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 006B400C .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[188] USER32.dll!DdeConnect 7E3A81C3 5 Bytes JMP 006B900C .text C:\Program Files\Java\jre6\bin\jqs.exe[576] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01FF000C .text C:\Program Files\Java\jre6\bin\jqs.exe[576] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 01FF100C .text C:\Program Files\Java\jre6\bin\jqs.exe[576] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01FF200C .text C:\Program Files\Java\jre6\bin\jqs.exe[576] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 01FF300C .text C:\Program Files\Java\jre6\bin\jqs.exe[576] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 01FF700C .text C:\Program Files\Java\jre6\bin\jqs.exe[576] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 01FF500C .text C:\Program Files\Java\jre6\bin\jqs.exe[576] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 01FF600C .text C:\Program Files\Java\jre6\bin\jqs.exe[576] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 01FF800C .text C:\Program Files\Java\jre6\bin\jqs.exe[576] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 01FF900C .text C:\Program Files\Java\jre6\bin\jqs.exe[576] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01FF400C .text C:\Program Files\Java\jre6\bin\jqs.exe[576] USER32.dll!DdeConnect 7E3A81C3 5 Bytes JMP 01FFA00C .text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 014B000C .text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 014B100C .text C:\WINDOWS\system32\winlogon.exe[676] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 014B200C .text C:\WINDOWS\system32\winlogon.exe[676] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 014B300C .text C:\WINDOWS\system32\winlogon.exe[676] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 014B700C .text C:\WINDOWS\system32\winlogon.exe[676] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 014B500C .text C:\WINDOWS\system32\winlogon.exe[676] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 014B600C .text C:\WINDOWS\system32\winlogon.exe[676] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 014B800C .text C:\WINDOWS\system32\winlogon.exe[676] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 014B400C .text C:\WINDOWS\system32\winlogon.exe[676] USER32.dll!DdeConnect 7E3A81C3 5 Bytes JMP 014BA00C .text C:\WINDOWS\system32\winlogon.exe[676] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 014B900C .text C:\WINDOWS\system32\lsass.exe[732] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C4000C .text C:\WINDOWS\system32\lsass.exe[732] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00C4100C .text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C4200C .text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00C4300C .text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 00C4700C .text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 00C4500C .text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 00C4600C .text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00C4800C .text C:\WINDOWS\system32\lsass.exe[732] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00C4400C .text C:\WINDOWS\system32\lsass.exe[732] USER32.dll!DdeConnect 7E3A81C3 5 Bytes JMP 00C4A00C .text C:\WINDOWS\system32\lsass.exe[732] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 00C4900C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[800] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 007A000C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[800] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 007A100C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[800] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007A200C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[800] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 007A300C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[800] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 007A700C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[800] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 007A500C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[800] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 007A600C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[800] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 007A800C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[800] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 007A400C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[800] USER32.dll!DdeConnect 7E3A81C3 5 Bytes JMP 007A900C .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1160] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 013C000C .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1160] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 013C100C .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1160] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 013C200C .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1160] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 013C300C .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1160] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 013C700C .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1160] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 013C500C .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1160] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 013C600C .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1160] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 013C800C .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1160] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 013C400C .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1160] USER32.dll!DdeConnect 7E3A81C3 5 Bytes JMP 013CA00C .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1160] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 013C900C .text C:\WINDOWS\Explorer.EXE[1384] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0164000C .text C:\WINDOWS\Explorer.EXE[1384] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0164100C .text C:\WINDOWS\Explorer.EXE[1384] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0164200C .text C:\WINDOWS\Explorer.EXE[1384] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0164300C .text C:\WINDOWS\Explorer.EXE[1384] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 0164700C .text C:\WINDOWS\Explorer.EXE[1384] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 0164500C .text C:\WINDOWS\Explorer.EXE[1384] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 0164600C .text C:\WINDOWS\Explorer.EXE[1384] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 0164800C .text C:\WINDOWS\Explorer.EXE[1384] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 0164400C .text C:\WINDOWS\Explorer.EXE[1384] USER32.dll!DdeConnect 7E3A81C3 5 Bytes JMP 0164A00C .text C:\WINDOWS\Explorer.EXE[1384] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0164900C .text C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe[1624] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0275000C .text C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe[1624] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0275100C .text C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe[1624] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0275200C .text C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe[1624] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0275300C .text C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe[1624] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 0275400C .text C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe[1624] USER32.dll!DdeConnect 7E3A81C3 5 Bytes JMP 0275A00C .text C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe[1624] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 0275700C .text C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe[1624] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 0275500C .text C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe[1624] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 0275600C .text C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe[1624] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 0275800C .text C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe[1624] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0275900C .text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1632] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E9000C .text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1632] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00E9100C .text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1632] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E9200C .text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1632] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00E9300C .text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1632] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 00E9700C .text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1632] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 00E9500C .text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1632] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 00E9600C .text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1632] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00E9800C .text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1632] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00E9400C .text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1632] USER32.dll!DdeConnect 7E3A81C3 5 Bytes JMP 00E9A00C .text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1632] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 00E9900C .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1664] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00D4000C .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1664] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00D4100C .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1664] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D4200C .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1664] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00D4300C .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1664] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 00D4700C .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1664] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 00D4500C .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1664] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 00D4600C .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1664] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00D4800C .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1664] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00D4400C .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1664] USER32.dll!DdeConnect 7E3A81C3 5 Bytes JMP 00D4A00C .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1664] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 00D4900C .text C:\WINDOWS\system32\RUNDLL32.EXE[1708] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E2000C .text C:\WINDOWS\system32\RUNDLL32.EXE[1708] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00E2100C .text C:\WINDOWS\system32\RUNDLL32.EXE[1708] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E2200C .text C:\WINDOWS\system32\RUNDLL32.EXE[1708] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00E2300C .text C:\WINDOWS\system32\RUNDLL32.EXE[1708] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00E2400C .text C:\WINDOWS\system32\RUNDLL32.EXE[1708] USER32.dll!DdeConnect 7E3A81C3 5 Bytes JMP 00E2A00C .text C:\WINDOWS\system32\RUNDLL32.EXE[1708] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 00E2700C .text C:\WINDOWS\system32\RUNDLL32.EXE[1708] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 00E2500C .text C:\WINDOWS\system32\RUNDLL32.EXE[1708] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 00E2600C .text C:\WINDOWS\system32\RUNDLL32.EXE[1708] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00E2800C .text C:\WINDOWS\system32\RUNDLL32.EXE[1708] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 00E2900C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1716] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BD000C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1716] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00BD100C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1716] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BD200C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1716] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00BD300C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1716] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 00BD700C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1716] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 00BD500C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1716] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 00BD600C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1716] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00BD800C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1716] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00BD400C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1716] USER32.dll!DdeConnect 7E3A81C3 5 Bytes JMP 00BDA00C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1716] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 00BD900C .text C:\Program Files\F-Secure\Common\FSM32.EXE[1816] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02EA000C .text C:\Program Files\F-Secure\Common\FSM32.EXE[1816] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 02EA100C .text C:\Documents and Settings\Administrator\Dane aplikacji\SanDisk\Sansa Updater\SansaDispatch.exe[1844] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 023A000C .text C:\Documents and Settings\Administrator\Dane aplikacji\SanDisk\Sansa Updater\SansaDispatch.exe[1844] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 023A100C .text C:\Documents and Settings\Administrator\Dane aplikacji\SanDisk\Sansa Updater\SansaDispatch.exe[1844] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 023A200C .text C:\Documents and Settings\Administrator\Dane aplikacji\SanDisk\Sansa Updater\SansaDispatch.exe[1844] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 023A300C .text C:\Documents and Settings\Administrator\Dane aplikacji\SanDisk\Sansa Updater\SansaDispatch.exe[1844] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 023A700C .text C:\Documents and Settings\Administrator\Dane aplikacji\SanDisk\Sansa Updater\SansaDispatch.exe[1844] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 023A500C .text C:\Documents and Settings\Administrator\Dane aplikacji\SanDisk\Sansa Updater\SansaDispatch.exe[1844] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 023A600C .text C:\Documents and Settings\Administrator\Dane aplikacji\SanDisk\Sansa Updater\SansaDispatch.exe[1844] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 023A800C .text C:\Documents and Settings\Administrator\Dane aplikacji\SanDisk\Sansa Updater\SansaDispatch.exe[1844] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 023A400C .text C:\Documents and Settings\Administrator\Dane aplikacji\SanDisk\Sansa Updater\SansaDispatch.exe[1844] USER32.dll!DdeConnect 7E3A81C3 5 Bytes JMP 023AA00C .text C:\Documents and Settings\Administrator\Dane aplikacji\SanDisk\Sansa Updater\SansaDispatch.exe[1844] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 023A900C .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1952] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0120000C .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1952] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0120100C .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1952] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0120200C .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1952] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0120300C .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1952] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 0120700C .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1952] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 0120500C .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1952] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 0120600C .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1952] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 0120800C .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1952] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 0120400C .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1952] USER32.dll!DdeConnect 7E3A81C3 5 Bytes JMP 0120A00C .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1952] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0120900C .text C:\PROGRA~1\MICROS~4\rapimgr.exe[2004] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0135000C .text C:\PROGRA~1\MICROS~4\rapimgr.exe[2004] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0135100C .text C:\PROGRA~1\MICROS~4\rapimgr.exe[2004] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0135200C .text C:\PROGRA~1\MICROS~4\rapimgr.exe[2004] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0135300C .text C:\PROGRA~1\MICROS~4\rapimgr.exe[2004] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 0135700C .text C:\PROGRA~1\MICROS~4\rapimgr.exe[2004] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 0135500C .text C:\PROGRA~1\MICROS~4\rapimgr.exe[2004] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 0135600C .text C:\PROGRA~1\MICROS~4\rapimgr.exe[2004] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 0135800C .text C:\PROGRA~1\MICROS~4\rapimgr.exe[2004] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 0135400C .text C:\PROGRA~1\MICROS~4\rapimgr.exe[2004] USER32.dll!DdeConnect 7E3A81C3 5 Bytes JMP 0135A00C .text C:\PROGRA~1\MICROS~4\rapimgr.exe[2004] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0135900C .text C:\WINDOWS\System32\alg.exe[2424] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BB000C .text C:\WINDOWS\System32\alg.exe[2424] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00BB100C .text C:\WINDOWS\System32\alg.exe[2424] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BB200C .text C:\WINDOWS\System32\alg.exe[2424] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00BB300C .text C:\WINDOWS\System32\alg.exe[2424] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00BB400C .text C:\WINDOWS\System32\alg.exe[2424] USER32.dll!DdeConnect 7E3A81C3 5 Bytes JMP 00BBA00C .text C:\WINDOWS\System32\alg.exe[2424] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 00BB700C .text C:\WINDOWS\System32\alg.exe[2424] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 00BB500C .text C:\WINDOWS\System32\alg.exe[2424] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 00BB600C .text C:\WINDOWS\System32\alg.exe[2424] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00BB800C .text C:\WINDOWS\System32\alg.exe[2424] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 00BB900C ---- Devices - GMER 1.0.15 ---- Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) Device \Driver\Tcpip \Device\IPMULTICAST fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x62 0xC7 0xBA 0x1C ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC5 0xB1 0x1C 0x8D ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x05 0x4E 0x73 0x6F ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x14 0x77 0x5B 0xCE ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x3D 0xEB 0x9D 0x42 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x62 0xC7 0xBA 0x1C ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC5 0xB1 0x1C 0x8D ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x05 0x4E 0x73 0x6F ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x14 0x77 0x5B 0xCE ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x3D 0xEB 0x9D 0x42 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x62 0xC7 0xBA 0x1C ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2D 0x9F 0x77 0x89 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x05 0x4E 0x73 0x6F ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x14 0x77 0x5B 0xCE ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x3D 0xEB 0x9D 0x42 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x62 0xC7 0xBA 0x1C ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2D 0x9F 0x77 0x89 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x05 0x4E 0x73 0x6F ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x14 0x77 0x5B 0xCE ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x3D 0xEB 0x9D 0x42 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD6 0xB8 0x4C 0xBD ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA7 0xFC 0xD3 0xF8 ... Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\00116755913d (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\00116755913d@0018af3e8495 0xD7 0xCF 0xF1 0x5B ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD6 0xB8 0x4C 0xBD ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA7 0xFC 0xD3 0xF8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00116755913d Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00116755913d@0018af3e8495 0xD7 0xCF 0xF1 0x5B ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xEF 0xD4 0x3B 0xCE ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA7 0xFC 0xD3 0xF8 ... Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\00116755913d (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\00116755913d@0018af3e8495 0xD7 0xCF 0xF1 0x5B ... ---- EOF - GMER 1.0.15 ----