GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-13 22:01:54 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST31000524AS rev.JC4B 931,51GB Running: jj12qdti.exe; Driver: C:\Users\pc\AppData\Local\Temp\uglcraoc.sys ---- System - GMER 2.1 ---- SSDT \??\C:\Users\pc\AppData\Local\Temp\A2FFE6FB.sys ZwCreateSection [0xE4FA87E8] SSDT \??\C:\Users\pc\AppData\Local\Temp\A2FFE6FB.sys ZwCreateThread [0xE4FA896C] SSDT \??\C:\Users\pc\AppData\Local\Temp\A2FFE6FB.sys ZwCreateThreadEx [0xE4FA89FA] SSDT \??\C:\Users\pc\AppData\Local\Temp\A2FFE6FB.sys ZwMakeTemporaryObject [0xE4FA875E] SSDT \??\C:\Users\pc\AppData\Local\Temp\A2FFE6FB.sys ZwQueueApcThread [0xE4FA8A8A] SSDT \??\C:\Users\pc\AppData\Local\Temp\A2FFE6FB.sys ZwQueueApcThreadEx [0xE4FA8B1A] SSDT \??\C:\Users\pc\AppData\Local\Temp\A2FFE6FB.sys ZwSetContextThread [0xE4FA8BAA] SSDT \??\C:\Users\pc\AppData\Local\Temp\A2FFE6FB.sys ZwSetSystemInformation [0xE4FA52A8] SSDT \??\C:\Users\pc\AppData\Local\Temp\A2FFE6FB.sys ZwSetSystemTime [0xE4FA545E] SSDT \??\C:\Users\pc\AppData\Local\Temp\A2FFE6FB.sys ZwUnmapViewOfSection [0xE4FA86D0] SSDT \??\C:\Users\pc\AppData\Local\Temp\A2FFE6FB.sys ZwWriteVirtualMemory [0xE4FA698A] INT 0x51 ? C399B2D8 INT 0x52 ? C399BA58 INT 0x61 ? C399B558 INT 0x62 ? C399BCD8 INT 0x72 ? C332D058 INT 0xA2 ? C332D2D8 INT 0xB1 ? C332DCD8 INT 0xB2 ? C4194CD8 ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D E3677A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 E36B1212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 E36B858C 4 Bytes [E8, 87, FA, E4] .text ntkrnlpa.exe!KeRemoveQueueEx + 1203 E36B8598 8 Bytes [6C, 89, FA, E4, FA, 89, FA, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 1337 E36B86CC 4 Bytes [5E, 87, FA, E4] .text ntkrnlpa.exe!KeRemoveQueueEx + 14DB E36B8870 8 Bytes [8A, 8A, FA, E4, 1A, 8B, FA, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 1597 E36B892C 4 Bytes [AA, 8B, FA, E4] .text ... ? System32\Drivers\sphp.sys System nie może odnaleźć określonej ścieżki. ! ? C:\Users\pc\AppData\Local\Temp\A2FFE6FB.sys Nie można odnaleźć określonego pliku. ! ? C:\Users\pc\AppData\Local\Temp\A3F4D53A.sys Nie można odnaleźć określonego pliku. ! ? \Program Files\DAEMON Tools Lite\Engine.dll System nie może odnaleźć określonej ścieżki. ! ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\services.exe[576] services.exe 009C1608 4 Bytes [E0, 2B, 1E, 73] .text C:\Windows\system32\services.exe[576] services.exe 009C1618 4 Bytes [00, 2E, 1E, 73] .text C:\Windows\system32\services.exe[576] services.exe 009C1624 4 Bytes [10, 31, 1E, 73] .text C:\Windows\system32\services.exe[576] services.exe 009C1638 4 Bytes [30, 2B, 1E, 73] .text C:\Windows\system32\services.exe[576] services.exe 009C1648 4 Bytes [90, 2C, 1E, 73] .text ... .text C:\Program Files\Mozilla Firefox\firefox.exe[3348] ntdll.dll!NtCreateFile 77C25608 5 Bytes JMP 58B79AE0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3348] ntdll.dll!NtFlushBuffersFile 77C25998 5 Bytes JMP 58B5C434 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3348] ntdll.dll!NtQueryFullAttributesFile 77C26028 5 Bytes JMP 58B5C150 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3348] ntdll.dll!NtReadFile 77C262F8 5 Bytes JMP 58B5C330 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3348] ntdll.dll!NtReadFileScatter 77C26308 5 Bytes JMP 5957F60F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3348] ntdll.dll!NtWriteFile 77C26AA8 5 Bytes JMP 58B7A9F0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3348] ntdll.dll!NtWriteFileGather 77C26AB8 5 Bytes JMP 5957F5BE C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3348] ntdll.dll!LdrLoadDll 77C422AE 5 Bytes JMP 63B01F42 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3348] kernel32.dll!CopyFileExW 76B2B280 6 Bytes JMP 71AF000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3348] kernel32.dll!MoveFileWithProgressW 76B38DD4 6 Bytes JMP 71A8000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3348] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 76B3941E 7 Bytes JMP 594A4AA0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3348] kernel32.dll!QueryPerformanceCounter + 13 76B3C425 7 Bytes JMP 594A4AC3 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3348] kernel32.dll!LoadAppInitDlls + 355 76B3F4E6 7 Bytes JMP 58B763D0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3348] kernel32.dll!MoveFileWithProgressA 76B53F88 6 Bytes JMP 71A5000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3348] USER32.dll!GetWindowInfo 76364B5E 5 Bytes JMP 5939B991 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3348] GDI32.dll!GetViewportOrgEx + 26C 7687884B 7 Bytes JMP 594A4A21 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3432] kernel32.dll!SetUnhandledExceptionFilter 76B3F4EB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Users\pc\AppData\Roaming\Spotify\spotify.exe[3444] ntdll.dll!DbgBreakPoint 77C14108 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4372] USER32.dll!RegisterMessagePumpHook + 2F1 76358B9E 7 Bytes JMP 58E40102 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4372] USER32.dll!IsDialogMessageW + 340 76364444 7 Bytes JMP 58E40173 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4372] USER32.dll!GetWindowInfo 76364B5E 5 Bytes JMP 58E4261E C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4372] USER32.dll!ToUnicodeEx + 71 76372223 7 Bytes JMP 58E3D8F6 C:\Program Files\Mozilla Firefox\xul.dll CODE C:\Users\pc\AppData\Roaming\System32\svchost.exe[4492] C:\Users\pc\AppData\Roaming\System32\svchost.exe entry point in "CODE" section [0x00419BC4] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtCreateFile + 6 77C2560E 4 Bytes [28, 60, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtCreateFile + B 77C25613 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtCreateKey + 6 77C2564E 4 Bytes [68, 61, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtCreateKey + B 77C25653 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtCreateMutant + 6 77C2568E 4 Bytes [68, 62, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtCreateMutant + B 77C25693 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtCreateSection + 6 77C2572E 4 Bytes [A8, 62, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtCreateSection + B 77C25733 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtMapViewOfSection + 6 77C25C6E 4 Bytes CALL 76C273D7 C:\Windows\system32\ole32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtMapViewOfSection + B 77C25C73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtOpenFile + 6 77C25D1E 4 Bytes [68, 60, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtOpenFile + B 77C25D23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtOpenKey + 6 77C25D4E 4 Bytes [A8, 61, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtOpenKey + B 77C25D53 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtOpenKeyEx + 6 77C25D5E 4 Bytes CALL 76C274C4 C:\Windows\system32\ole32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtOpenKeyEx + B 77C25D63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtOpenMutant + 6 77C25D9E 4 Bytes [28, 62, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtOpenMutant + B 77C25DA3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtOpenProcess + 6 77C25DCE 4 Bytes [68, 63, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtOpenProcess + B 77C25DD3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtOpenProcessToken + 6 77C25DDE 4 Bytes [A8, 63, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtOpenProcessToken + B 77C25DE3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtOpenProcessTokenEx + 6 77C25DEE 4 Bytes [68, 64, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtOpenProcessTokenEx + B 77C25DF3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtOpenSection + 6 77C25E0E 4 Bytes CALL 76C27575 C:\Windows\system32\ole32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtOpenSection + B 77C25E13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtOpenThread + 6 77C25E4E 4 Bytes [28, 63, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtOpenThread + B 77C25E53 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtOpenThreadToken + 6 77C25E5E 4 Bytes [28, 64, 17, 00] {SUB [EDI+EDX+0x0], AH} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtOpenThreadToken + B 77C25E63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtOpenThreadTokenEx + 6 77C25E6E 4 Bytes [A8, 64, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtOpenThreadTokenEx + B 77C25E73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtQueryAttributesFile + 6 77C25F7E 4 Bytes [A8, 60, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtQueryAttributesFile + B 77C25F83 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtQueryFullAttributesFile + 6 77C2602E 4 Bytes CALL 76C27793 C:\Windows\system32\ole32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtQueryFullAttributesFile + B 77C26033 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtSetInformationFile + 6 77C2667E 4 Bytes [28, 61, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtSetInformationFile + B 77C26683 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtSetInformationThread + 6 77C266DE 4 Bytes CALL 76C27E46 C:\Windows\system32\ole32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtSetInformationThread + B 77C266E3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtUnmapViewOfSection + 6 77C269FE 4 Bytes [28, 65, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ntdll.dll!NtUnmapViewOfSection + B 77C26A03 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] kernel32.dll!CreateProcessW 76AF204D 5 Bytes JMP 00180030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] kernel32.dll!CreateProcessA 76AF2082 5 Bytes JMP 00180070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] user32.DLL!ActivateKeyboardLayout 76358203 5 Bytes JMP 003304F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] user32.DLL!ScreenToClient 7635A506 7 Bytes JMP 00330670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] user32.DLL!RegisterClipboardFormatA 7635C091 5 Bytes JMP 003302F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] user32.DLL!RegisterClipboardFormatW 7635DF8D 5 Bytes JMP 003302B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] user32.DLL!SetCursor 76363075 5 Bytes JMP 00330530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] user32.DLL!MonitorFromWindow 76363622 7 Bytes JMP 00330630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] user32.DLL!PostMessageW 7636447B 5 Bytes JMP 003305F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] user32.DLL!IsWindowVisible 76364D69 7 Bytes JMP 003306B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] user32.DLL!GetClientRect 763654DD 7 Bytes JMP 003305B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] user32.DLL!MapWindowPoints 76365CAA 5 Bytes JMP 00330570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] user32.DLL!GetParent 76366029 7 Bytes JMP 003306F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] user32.DLL!EmptyClipboard 7637290C 5 Bytes JMP 00330130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] user32.DLL!SetClipboardData 76372962 5 Bytes JMP 00330170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] user32.DLL!GetClipboardData 76372BA7 5 Bytes JMP 00330030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] user32.DLL!GetClipboardFormatNameW 76375FD2 5 Bytes JMP 00330230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] user32.DLL!SetClipboardViewer 76376FF6 5 Bytes JMP 003304B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] user32.DLL!GetClipboardFormatNameA 7637700A 5 Bytes JMP 00330270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] user32.DLL!ChangeClipboardChain 7638147C 5 Bytes JMP 00330430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] user32.DLL!GetTopWindow 763824D9 7 Bytes JMP 00330730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] user32.DLL!CloseClipboard 7638446C 5 Bytes JMP 003300B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] user32.DLL!OpenClipboard 7638447E 5 Bytes JMP 00330070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] user32.DLL!IsClipboardFormatAvailable 763844FF 5 Bytes JMP 003300F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] user32.DLL!GetClipboardSequenceNumber 76384513 5 Bytes JMP 00330330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] user32.DLL!GetClipboardOwner 76384525 5 Bytes JMP 00330370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] user32.DLL!CountClipboardFormats 7638470A 5 Bytes JMP 003301F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] user32.DLL!EnumClipboardFormats 763847EC 5 Bytes JMP 003301B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] user32.DLL!GetOpenClipboardWindow 7638480B 5 Bytes JMP 003303F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] user32.DLL!SetCursorPos 7639C1B0 5 Bytes JMP 00330770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] user32.DLL!GetClipboardViewer 763B4AF7 5 Bytes JMP 00330470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] user32.DLL!GetPriorityClipboardFormat 763B4BF9 5 Bytes JMP 003303B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!DeleteObject 76875F14 5 Bytes JMP 003401B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!SelectObject 76876640 5 Bytes JMP 003405F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!SetTextColor 76876906 5 Bytes JMP 00340A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!SetBkMode 768769B1 5 Bytes JMP 003408F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!DeleteDC 76876EAA 5 Bytes JMP 00340170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!GetDeviceCaps 76876F7F 5 Bytes JMP 003403B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!ExtSelectClipRgn 76877114 5 Bytes JMP 003402F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!SelectClipRgn 76877242 5 Bytes JMP 003405B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!SetStretchBltMode 76877705 5 Bytes JMP 003406B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!GetCurrentObject 76877917 5 Bytes JMP 00340370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!GetTextMetricsW 76877B8F 5 Bytes JMP 00340E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!GetTextAlign 76877DAF 5 Bytes JMP 00340D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!IntersectClipRect 76877DFE 5 Bytes JMP 003403F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!ExtTextOutW 76878192 5 Bytes JMP 00340970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!SetTextAlign 7687828E 5 Bytes JMP 003409F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!GetClipBox 76878525 5 Bytes JMP 00340330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!MoveToEx 76878C21 5 Bytes JMP 00340470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!StretchDIBits 7687A53E 5 Bytes JMP 00340770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!RestoreDC 7687A67B 5 Bytes JMP 00340530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!SaveDC 7687A74B 5 Bytes JMP 00340570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!GetTextExtentPoint32W 7687B4B5 5 Bytes JMP 00340670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!GetTextFaceW 7687B73A 2 Bytes JMP 00340D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!GetTextFaceW + 3 7687B73D 2 Bytes [AC, 89] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!GetFontData 7687BCC4 5 Bytes JMP 00340C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!SetWorldTransform 7687C90A 5 Bytes JMP 003406F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!CreateDCA 7687CCA9 5 Bytes JMP 003400B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!CreateDCW 7687CF79 5 Bytes JMP 003400F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!CreateICW 7687CFD0 5 Bytes JMP 00340130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!GetTextMetricsA 7687D0F2 5 Bytes JMP 00340DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!Rectangle 7687F1FF 5 Bytes JMP 003409B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!LineTo 7687F59B 5 Bytes JMP 00340430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!SetICMMode 7687FAA4 5 Bytes JMP 00340DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!ExtTextOutA 76880D20 5 Bytes JMP 00340930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!GetTextExtentPoint32A 7688117F 5 Bytes JMP 00340630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!ExtEscape 76882D49 5 Bytes JMP 003402B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!Escape 76883400 5 Bytes JMP 00340270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!ResetDCW 76883A9B 5 Bytes JMP 00340AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!EndPage 768840DA 5 Bytes JMP 00340230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!SetPolyFillMode 768867E1 5 Bytes JMP 00340B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!SetMiterLimit 7688699D 5 Bytes JMP 00340B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!GetTextFaceA 76890D22 5 Bytes JMP 00340CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!GetGlyphOutlineW 7689C2DA 5 Bytes JMP 00340CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!CreateScalableFontResourceW 7689E937 5 Bytes JMP 00340BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!AddFontResourceW 7689ED33 5 Bytes JMP 00340BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!RemoveFontResourceW 7689F229 5 Bytes JMP 00340C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!AbortDoc 768A4E29 5 Bytes JMP 00340030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!EndDoc 768A5270 5 Bytes JMP 003401F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!StartPage 768A535B 5 Bytes JMP 00340730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!StartDocW 768A5D76 5 Bytes JMP 003407F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!BeginPath 768A651D 5 Bytes JMP 00340830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!SelectClipPath 768A6574 5 Bytes JMP 00340AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!CloseFigure 768A65CF 5 Bytes JMP 00340070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!EndPath 768A6626 5 Bytes JMP 00340A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!StrokePath 768A6859 5 Bytes JMP 003407B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!FillPath 768A68E6 5 Bytes JMP 00340870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!PolylineTo 768A6D54 5 Bytes JMP 003404F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!PolyBezierTo 768A6DE5 5 Bytes JMP 003404B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] GDI32.dll!PolyDraw 768A6E97 5 Bytes JMP 003408B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ole32.dll!OleSetClipboard 76C30045 5 Bytes JMP 00360030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ole32.dll!OleIsCurrentClipboard 76C336B2 5 Bytes JMP 00360070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4812] ole32.dll!OleGetClipboard 76C5FDCD 5 Bytes JMP 003600B0 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [745024CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [744E562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [744E56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74502546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [744F85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [744F4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [744F5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [744F51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [744F6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [744F8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [744F8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [744F90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [744FE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [744F4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs C256A1F8 AttachedDevice \FileSystem\Ntfs \Ntfs A2FFE6FB.sys Device \FileSystem\fastfat \FatCdrom C4994500 Device \Driver\USBSTOR \Device\0000008e C56021F8 Device \Driver\volmgr \Device\VolMgrControl C25661F8 Device \Driver\usbehci \Device\USBPDO-0 C382E1F8 Device \Driver\usbehci \Device\USBPDO-1 C382E1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{133E055B-9495-43BF-AA97-1628247D128E} C36981F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{1FD6EE1B-B33F-4D82-BB17-52355E42FFC5} C36981F8 Device \FileSystem\458717F0C8F21B0A \Device\458717F0C8F21B0A A2FFE6FB.sys Device \Driver\PCI_PNP5005 \Device\00000055 sphp.sys Device \Driver\PCI_PNP5005 \Device\00000055 sphp.sys AttachedDevice \Driver\tdx \Device\Tcp A2FFE6FB.sys Device \Driver\volmgr \Device\HarddiskVolume1 C25661F8 Device \Driver\volmgr \Device\HarddiskVolume2 C25661F8 Device \Driver\cdrom \Device\CdRom0 C35C31F8 Device \Driver\volmgr \Device\HarddiskVolume3 C25661F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 C25681F8 Device \Driver\atapi \Device\Ide\IdePort0 C25681F8 Device \Driver\atapi \Device\Ide\IdePort1 C25681F8 Device \Driver\atapi \Device\Ide\IdePort2 C25681F8 Device \Driver\atapi \Device\Ide\IdePort3 C25681F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 C25681F8 Device \Driver\cdrom \Device\CdRom1 C35C31F8 Device \Driver\volmgr \Device\HarddiskVolume6 C25661F8 Device \Driver\NetBT \Device\NetBt_Wins_Export C36981F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{AD2A0145-81A7-4827-8301-BA541C65CFC8} C36981F8 AttachedDevice \Driver\tdx \Device\Udp A2FFE6FB.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{B02C7331-5C60-437A-A427-0D600400579E} C36981F8 AttachedDevice \Driver\tdx \Device\RawIp A2FFE6FB.sys Device \Driver\usbehci \Device\USBFDO-0 C382E1F8 Device \Driver\usbehci \Device\USBFDO-1 C382E1F8 Device \Driver\a1eto8hw \Device\Scsi\a1eto8hw1Port4Path0Target0Lun0 C373C500 Device \Driver\a1eto8hw \Device\Scsi\a1eto8hw1 C373C500 Device \Driver\USBSTOR \Device\0000008d C56021F8 Device \Driver\sptd \Device\2377427005 sphp.sys Device \FileSystem\fastfat \Fat C4994500 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat A2FFE6FB.sys ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0xc25681f8]<< c25681f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xc33fa030] c33fa030 Trace 3 CLASSPNP.SYS[c918d59e] -> nt!IofCallDriver -> [0xc328d918] c328d918 Trace 5 ACPI.sys[c89bf3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xc32ce030] c32ce030 Trace \Driver\atapi[0xc32cd030] -> IRP_MJ_CREATE -> 0xc25681f8 c25681f8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ????st??S31B0808 USB DISK USB Device????usb\vid_0e8f&pid_0003????????????e????????????I\????Samsung M3 Portable USB Device???????????????????????????????????I??????????????????????????????????????????????{5ece638d-a170-11e3-8dfd-14dae9b32177}?????????????????????,?,??{745a17a0-74d3-11d0-b6fe-00a0c90f57da}?????????????????????s????????????????????@%systemroot%\system32\rascfg.dll,-32002????@disk.inf,%genmanufacturer%;(Standardowe stacje dysk?w)?,*??acpi.inf_x86_neutral_ddd3c514822f1b21?????????????????????????????N??????.????Dtan??????????????????????v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=D:\program files\duelofchampions\mmdoc-pdclive\gamedata\game.exe|Name=Might & Magic : Duel of Champions|Desc=Might & Magic : Duel of Champions|?D9???&???????z???????????????????????&???????3???????????????????9???&???????o???????????????????????&???????t???????????????????????????????|??? ??@volume.inf,%storage\volume.devicedesc%;Wolumin uniwersalny?82????^??????t???????t??? ??????????????????sys Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB1 0x7C 0xF3 0x63 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF8 0xAE 0x14 0x0A ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xED 0x9F 0x39 0x02 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB1 0x7C 0xF3 0x63 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF8 0xAE 0x14 0x0A ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xED 0x9F 0x39 0x02 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Superfetch@VirtualStoreSize 2409 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Program Files\ChomikPobrane\FarCry 3 \x2013 Black Box (SilverTorrent)\Setup.exe 1 ---- Files - GMER 2.1 ---- File C:\Users\pc\AppData\Local\Mozilla\Firefox\Profiles\dw3u2l0v.default-1407754046384\cache2\doomed\553 14095 bytes File C:\Users\pc\AppData\Local\Mozilla\Firefox\Profiles\dw3u2l0v.default-1407754046384\cache2\entries\E3C498FAB25B19DAA97A18BB5B07741DCF065CC6 6727 bytes ---- EOF - GMER 2.1 ----