GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-03-30 01:07:46 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-1a WDC_WD5000AAJS-00YFA0 rev.12.01C02 465,76GB Running: 53sugij0.exe; Driver: C:\DOCUME~1\anna\USTAWI~1\Temp\pxtdipow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xAD4FCA9C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xAD4FD57A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xAD54185D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xAD5095C4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xAD509610] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xAD5097AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xAD541211] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xAD509532] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xAD509654] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xAD50957A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xAD4FDAB0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xAD509764] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xAD4FE368] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xAD4FCB02] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xAD541F23] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xAD5421D9] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xAD501B3C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xAD541D8E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xAD541BF9] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xAD4FC6EE] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xAD8457A2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xAD4FCB68] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xAD501F32] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xAD4FEE50] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xAD5095EE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xAD509632] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xAD5097CE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xAD54156D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xAD509558] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xAD501436] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xAD5096E2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xAD5095A2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xAD50181E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xAD509788] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xAD845546] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xAD541A74] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xAD4FECC4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xAD5418C6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xAD4FE81A] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xAD8534F6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xAD540857] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xAD4FCBCE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xAD4FCC34] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xAD4FE1E2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xAD4FC788] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xAD4FC95A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xAD54202A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xAD4FC8E8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xAD4FE532] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xAD4FE694] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xAD4FC9E2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xAD4FE020] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xAD4FE1C2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xAD4FCC9A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xAD4FD5D6] INT 0x62 ? 8A989CC8 INT 0x73 ? 8A989CC8 INT 0x73 ? 8A989CC8 INT 0x73 ? 8A829F00 INT 0x73 ? 8A989CC8 INT 0xB4 ? 8A829F00 ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2F58 80504840 4 Bytes CALL D030F594 .text ntkrnlpa.exe!ZwCallbackReturn + 2FD4 805048BC 12 Bytes [CE, CB, 4F, AD, 34, CC, 4F, ...] {INTO ; RETF ; DEC EDI; LODSD ; XOR AL, 0xcc; DEC EDI; LODSD ; LOOP 0xffffffeb; DEC EDI; LODSD } .text ntkrnlpa.exe!ZwCallbackReturn + 306C 80504954 4 Bytes CALL F0FD9921 .text ntkrnlpa.exe!ZwCallbackReturn + 307C 80504964 12 Bytes [32, E5, 4F, AD, 94, E6, 4F, ...] {XOR AH, CH; DEC EDI; LODSD ; XCHG ESP, EAX; OUT 0x4f, AL; LODSD ; LOOP 0xffffffd3; DEC EDI; LODSD } .sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xB7F8D346] .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB63AC3C0, 0x95B7EA, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[148] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[148] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[176] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[176] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\AVG\AVG2014\avgidsagent.exe[196] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVG\AVG2014\avgidsagent.exe[196] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\AVG\AVG2014\avgwdsvc.exe[212] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVG\AVG2014\avgwdsvc.exe[212] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[324] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[324] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE[388] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE[388] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\CTsvcCDA.exe[396] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\CTsvcCDA.exe[396] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe[416] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe[416] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe[428] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe[428] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[460] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[460] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[512] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[512] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text c:\program files\teamviewer\version9\TeamViewer.exe[564] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text c:\program files\teamviewer\version9\TeamViewer.exe[564] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\AVG\AVG2014\avgnsx.exe[576] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVG\AVG2014\avgnsx.exe[576] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[624] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\PROGRA~1\AVG\AVG2014\avgrsx.exe[660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVG\AVG2014\avgcsrvx.exe[696] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\RunDLL32.exe[712] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\RunDLL32.exe[712] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[856] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[856] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[880] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[880] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\SYSTEM32\winlogon.exe[904] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\SYSTEM32\winlogon.exe[904] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] ? C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[924] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[924] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 698F1986 C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ushata.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[924] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] ? C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[924] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[924] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[924] USER32.dll!AlignRects 7E362A78 4 Bytes [F0, 28, 8F, 69] .text C:\WINDOWS\system32\services.exe[948] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[952] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[952] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[960] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1152] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1308] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\AVG\AVG2014\avgemcx.exe[1332] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVG\AVG2014\avgemcx.exe[1332] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1432] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1432] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1452] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1476] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1508] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1508] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\SYSTEM32\CTXFISPI.EXE[1588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\SYSTEM32\CTXFISPI.EXE[1588] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[1620] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00461FFD C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1620] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[1620] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 004503FC .text C:\Program Files\Mozilla Firefox\firefox.exe[1620] KERNEL32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01B10455 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1620] KERNEL32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01B1049D C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1620] KERNEL32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 01725A06 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1620] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[1620] user32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 01E15984 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1620] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01B104C4 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1664] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1664] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1664] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1684] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1684] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[1756] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[1756] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1808] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1808] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1848] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1940] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1940] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\TeamViewer\Version9\tv_w32.exe[2212] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\TeamViewer\Version9\tv_w32.exe[2212] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2396] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2396] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\V0420Mon.exe[2464] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\V0420Mon.exe[2464] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe[2496] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe[2496] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe[2532] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe[2532] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe[2556] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe[2556] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\CTXFIHLP.EXE[2892] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\CTXFIHLP.EXE[2892] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[3120] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[3120] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\rundll32.exe[3244] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\rundll32.exe[3244] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3368] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3368] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3368] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\CTHELPER.EXE[3412] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\CTHELPER.EXE[3412] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[3432] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[3432] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[3432] SHELL32.dll!StrStrW 7C9CEF18 8 Bytes [E0, 10, 60, 19, 00, 11, 60, ...] {LOOPNZ 0x12; PUSHA ; SBB [EAX], EAX; ADC [EAX+0x19], ESP} .text C:\Documents and Settings\anna\Moje dokumenty\Downloads\Compressed\Internet Download Manager 6.08.9\Internet Download Manager 6.08.9\Crack\IEMonitor.exe[3548] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\anna\Moje dokumenty\Downloads\Compressed\Internet Download Manager 6.08.9\Internet Download Manager 6.08.9\Crack\IEMonitor.exe[3548] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3552] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3552] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3576] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3576] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\TeamViewer\Version9\TeamViewer_Desktop.exe[3624] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\TeamViewer\Version9\TeamViewer_Desktop.exe[3624] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[3916] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[3916] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[4024] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[4024] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Real\RealPlayer\update\realsched.exe[4236] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Real\RealPlayer\update\realsched.exe[4236] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\Real\RealPlayer\update\realsched.exe[4236] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[4252] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[4252] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\AVG\AVG2014\avgui.exe[4508] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVG\AVG2014\avgui.exe[4508] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[4516] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[4516] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Skype\Phone\Skype.exe[4584] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Skype\Phone\Skype.exe[4584] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4816] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4816] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Documents and Settings\anna\Dane aplikacji\Adobe\Playpanel\Adobe Playpanel.exe[4820] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\anna\Dane aplikacji\Adobe\Playpanel\Adobe Playpanel.exe[4820] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[5020] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[5020] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe[5768] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe[5768] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Documents and Settings\anna\Moje dokumenty\Downloads\Programs\53sugij0.exe[6008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\anna\Moje dokumenty\Downloads\Programs\53sugij0.exe[6008] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Documents and Settings\anna\Moje dokumenty\Downloads\Compressed\Internet Download Manager 6.08.9\Internet Download Manager 6.08.9\Crack\IDMan.exe[6108] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\anna\Moje dokumenty\Downloads\Compressed\Internet Download Manager 6.08.9\Internet Download Manager 6.08.9\Crack\IDMan.exe[6108] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] ? C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[6116] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[6116] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 698F1986 C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ushata.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[6116] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] ? C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[6116] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[6116] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[6116] USER32.dll!AlignRects 7E362A78 4 Bytes [F0, 28, 8F, 69] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[948] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[948] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 8A9881F8 Device \FileSystem\Udfs \UdfsCdRom 888291F8 Device \FileSystem\Udfs \UdfsDisk 888291F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{08EBD46C-F7F4-4DD6-872E-198443930753} 8896C1F8 AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys Device \Driver\usbohci \Device\USBPDO-0 8A820430 Device \Driver\usbehci \Device\USBPDO-1 8A81F430 AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.sys AttachedDevice \Driver\Tcpip \Device\Tcp idmtdi.sys Device \Driver\Cdrom \Device\CdRom0 8A7DA1F8 Device \Driver\atapi \Device\Ide\IdePort0 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Cdrom \Device\CdRom1 8A7DA1F8 Device \Driver\usbstor \Device\00000080 8893A1F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 8896C1F8 Device \Driver\usbstor \Device\00000077 8893A1F8 Device \Driver\NetBT \Device\NetbiosSmb 8896C1F8 AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\Udp aswRdr.sys AttachedDevice \Driver\Tcpip \Device\Udp idmtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswRdr.sys AttachedDevice \Driver\Tcpip \Device\RawIp idmtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys Device \Driver\usbohci \Device\USBFDO-0 8A820430 Device \Driver\usbehci \Device\USBFDO-1 8A81F430 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 889401F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 889401F8 Device \Driver\usbstor \Device\0000007d 8893A1F8 Device \Driver\usbstor \Device\0000007e 8893A1F8 Device \Driver\usbstor \Device\0000007f 8893A1F8 Device \FileSystem\Cdfs \Cdfs 888241F8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE4 0x0D 0xF9 0xA3 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x43 0x2B 0x96 0x34 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA6 0xD6 0xB1 0x4D ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xC7 0x5C 0x10 0x1E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015833d0a57 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015833d0a57@f0cba1bb0bfc 0x37 0x10 0xE5 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB3 0xFF 0xF9 0x6C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBE 0xB9 0xC0 0xE3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6B 0x89 0x2E 0x61 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x06 0x58 0x43 0x9F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x38 0x1F 0x32 0xEC ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0015833d0a57 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0015833d0a57@f0cba1bb0bfc 0x37 0x10 0xE5 0x80 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB3 0xFF 0xF9 0x6C ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBE 0xB9 0xC0 0xE3 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6B 0x89 0x2E 0x61 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x06 0x58 0x43 0x9F ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x38 0x1F 0x32 0xEC ... Reg HKLM\SOFTWARE\Classes\CLSID\{1b97b407-a789-403c-90e7-6d95d7490cd8}@Model 270 Reg HKLM\SOFTWARE\Classes\CLSID\{1b97b407-a789-403c-90e7-6d95d7490cd8}@Therad 30 Reg HKLM\SOFTWARE\Classes\CLSID\{1b97b407-a789-403c-90e7-6d95d7490cd8}@MData 0x2B 0x8F 0x78 0x29 ... Reg HKLM\SOFTWARE\Classes\CLSID\{375b3082-76b4-439b-9729-0f23f72439ec}@Model 157 Reg HKLM\SOFTWARE\Classes\CLSID\{375b3082-76b4-439b-9729-0f23f72439ec}@Therad 22 Reg HKLM\SOFTWARE\Classes\CLSID\{375b3082-76b4-439b-9729-0f23f72439ec}@MData 0x48 0x69 0xD8 0x22 ... Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0x11 0x20 0x1E 0xDF ... Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0xDC 0x57 0x20 0xBE ... ---- EOF - GMER 2.1 ----