GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-09-04 14:00:43 Windows 6.1.7264 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 WDC_WD2500KS-00MJB0 rev.02.01C03 232,88GB Running: uj4jlwy3.exe; Driver: C:\Users\msti\AppData\Local\Temp\aftciaoc.sys ---- Kernel code sections - GMER 2.2 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83095579 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830B9F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ? System32\Drivers\spqb.sys System nie może odnaleźć określonej ścieżki. ! .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8EE22000, 0x227A14, 0xE8000020] ---- User code sections - GMER 2.2 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtCreateFile + 6 772B4A16 4 Bytes [28, 18, 3A, 00] {SUB [EAX], BL; CMP AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtCreateFile + B 772B4A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtMapViewOfSection + 6 772B5076 4 Bytes [28, 1B, 3A, 00] {SUB [EBX], BL; CMP AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtMapViewOfSection + B 772B507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenFile + 6 772B5126 4 Bytes [68, 18, 3A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenFile + B 772B512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenProcess + 6 772B51D6 4 Bytes [A8, 19, 3A, 00] {TEST AL, 0x19; CMP AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenProcess + B 772B51DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenProcessToken + B 772B51EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenProcessTokenEx + 6 772B51F6 4 Bytes [A8, 1A, 3A, 00] {TEST AL, 0x1a; CMP AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenProcessTokenEx + B 772B51FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenThread + 6 772B5256 4 Bytes [68, 19, 3A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenThread + B 772B525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenThreadToken + 6 772B5266 4 Bytes [68, 1A, 3A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenThreadToken + B 772B526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenThreadTokenEx + B 772B527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtQueryAttributesFile + 6 772B5386 4 Bytes [A8, 18, 3A, 00] {TEST AL, 0x18; CMP AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtQueryAttributesFile + B 772B538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtQueryFullAttributesFile + B 772B543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtSetInformationFile + 6 772B5A86 4 Bytes [28, 19, 3A, 00] {SUB [ECX], BL; CMP AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtSetInformationFile + B 772B5A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtSetInformationThread + 6 772B5AE6 4 Bytes [28, 1A, 3A, 00] {SUB [EDX], BL; CMP AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtSetInformationThread + B 772B5AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtUnmapViewOfSection + 6 772B5E06 4 Bytes [68, 1B, 3A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtUnmapViewOfSection + B 772B5E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtCreateFile + 6 772B4A16 4 Bytes [28, 30, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtCreateFile + B 772B4A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtMapViewOfSection + 6 772B5076 4 Bytes [28, 33, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtMapViewOfSection + B 772B507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtOpenFile + 6 772B5126 4 Bytes [68, 30, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtOpenFile + B 772B512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtOpenProcess + 6 772B51D6 4 Bytes [A8, 31, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtOpenProcess + B 772B51DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtOpenProcessToken + B 772B51EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtOpenProcessTokenEx + 6 772B51F6 4 Bytes [A8, 32, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtOpenProcessTokenEx + B 772B51FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtOpenThread + 6 772B5256 4 Bytes [68, 31, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtOpenThread + B 772B525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtOpenThreadToken + 6 772B5266 4 Bytes [68, 32, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtOpenThreadToken + B 772B526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtOpenThreadTokenEx + B 772B527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtQueryAttributesFile + 6 772B5386 4 Bytes [A8, 30, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtQueryAttributesFile + B 772B538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtQueryFullAttributesFile + B 772B543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtSetInformationFile + 6 772B5A86 4 Bytes [28, 31, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtSetInformationFile + B 772B5A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtSetInformationThread + 6 772B5AE6 4 Bytes [28, 32, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtSetInformationThread + B 772B5AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtUnmapViewOfSection + 6 772B5E06 4 Bytes [68, 33, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtUnmapViewOfSection + B 772B5E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtCreateFile + 6 772B4A16 4 Bytes [28, 68, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtCreateFile + B 772B4A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtMapViewOfSection + 6 772B5076 4 Bytes [28, 6B, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtMapViewOfSection + B 772B507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenFile + 6 772B5126 4 Bytes [68, 68, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenFile + B 772B512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenProcess + 6 772B51D6 4 Bytes [A8, 69, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenProcess + B 772B51DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenProcessToken + B 772B51EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenProcessTokenEx + 6 772B51F6 4 Bytes [A8, 6A, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenProcessTokenEx + B 772B51FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenThread + 6 772B5256 4 Bytes [68, 69, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenThread + B 772B525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenThreadToken + 6 772B5266 4 Bytes [68, 6A, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenThreadToken + B 772B526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenThreadTokenEx + B 772B527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtQueryAttributesFile + 6 772B5386 4 Bytes [A8, 68, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtQueryAttributesFile + B 772B538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtQueryFullAttributesFile + B 772B543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtSetInformationFile + 6 772B5A86 4 Bytes [28, 69, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtSetInformationFile + B 772B5A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtSetInformationThread + 6 772B5AE6 4 Bytes [28, 6A, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtSetInformationThread + B 772B5AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtUnmapViewOfSection + 6 772B5E06 4 Bytes [68, 6B, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtUnmapViewOfSection + B 772B5E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtMapViewOfSection + 6 772B5076 4 Bytes [18, 00, DA, 6C] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtMapViewOfSection + B 772B507B 1 Byte [E2] ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\Explorer.EXE[3012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7405250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7264.0_none_52ed4ec104c5e3d9\gdiplus.dll IAT C:\Windows\Explorer.EXE[3012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74052494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7264.0_none_52ed4ec104c5e3d9\gdiplus.dll IAT C:\Windows\Explorer.EXE[3012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74035624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7264.0_none_52ed4ec104c5e3d9\gdiplus.dll IAT C:\Windows\Explorer.EXE[3012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [740356E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7264.0_none_52ed4ec104c5e3d9\gdiplus.dll IAT C:\Windows\Explorer.EXE[3012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74048573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7264.0_none_52ed4ec104c5e3d9\gdiplus.dll IAT C:\Windows\Explorer.EXE[3012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74044D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7264.0_none_52ed4ec104c5e3d9\gdiplus.dll IAT C:\Windows\Explorer.EXE[3012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [740450CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7264.0_none_52ed4ec104c5e3d9\gdiplus.dll IAT C:\Windows\Explorer.EXE[3012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [740451A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7264.0_none_52ed4ec104c5e3d9\gdiplus.dll IAT C:\Windows\Explorer.EXE[3012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [740466D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7264.0_none_52ed4ec104c5e3d9\gdiplus.dll IAT C:\Windows\Explorer.EXE[3012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [740482CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7264.0_none_52ed4ec104c5e3d9\gdiplus.dll IAT C:\Windows\Explorer.EXE[3012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74048819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7264.0_none_52ed4ec104c5e3d9\gdiplus.dll IAT C:\Windows\Explorer.EXE[3012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7404907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7264.0_none_52ed4ec104c5e3d9\gdiplus.dll IAT C:\Windows\Explorer.EXE[3012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7404E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7264.0_none_52ed4ec104c5e3d9\gdiplus.dll IAT C:\Windows\Explorer.EXE[3012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74044C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7264.0_none_52ed4ec104c5e3d9\gdiplus.dll ---- Devices - GMER 2.2 ---- Device \FileSystem\Ntfs \Ntfs 852791F8 Device \FileSystem\fastfat \FatCdrom 872881F8 Device \Driver\volmgr \Device\VolMgrControl 852751F8 Device \Driver\usbuhci \Device\USBPDO-0 863011F8 Device \Driver\usbuhci \Device\USBPDO-1 863011F8 Device \Driver\usbuhci \Device\USBPDO-2 863011F8 Device \Driver\usbehci \Device\USBPDO-3 862E6500 Device \Driver\usbuhci \Device\USBPDO-4 863011F8 Device \Driver\usbuhci \Device\USBPDO-5 863011F8 Device \Driver\usbuhci \Device\USBPDO-6 863011F8 Device \Driver\volmgr \Device\HarddiskVolume1 852751F8 Device \Driver\usbehci \Device\USBPDO-7 862E6500 Device \Driver\volmgr \Device\HarddiskVolume2 852751F8 Device \Driver\cdrom \Device\CdRom0 861B4500 Device \Driver\USBSTOR \Device\00000065 861EB1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 852771F8 Device \Driver\atapi \Device\Ide\IdePort0 852771F8 Device \Driver\atapi \Device\Ide\IdePort1 852771F8 Device \Driver\atapi \Device\Ide\IdePort2 852771F8 Device \Driver\atapi \Device\Ide\IdePort3 852771F8 Device \Driver\atapi \Device\Ide\IdePort4 852771F8 Device \Driver\atapi \Device\Ide\IdePort5 852771F8 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-3 852771F8 Device \Driver\USBSTOR \Device\00000066 861EB1F8 Device \Driver\volmgr \Device\HarddiskVolume3 852751F8 Device \Driver\cdrom \Device\CdRom1 861B4500 Device \Driver\USBSTOR \Device\00000067 861EB1F8 Device \Driver\volmgr \Device\HarddiskVolume4 852751F8 Device \Driver\cdrom \Device\CdRom2 861B4500 Device \Driver\USBSTOR \Device\00000068 861EB1F8 Device \Driver\volmgr \Device\HarddiskVolume5 852751F8 Device \Driver\USBSTOR \Device\00000069 861EB1F8 Device \Driver\volmgr \Device\HarddiskVolume6 852751F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 86248500 Device \Driver\PCI_PNP9296 \Device\0000004a spqb.sys Device \Driver\usbuhci \Device\USBFDO-0 863011F8 Device \Driver\sptd \Device\1720897297 spqb.sys Device \Driver\usbuhci \Device\USBFDO-1 863011F8 Device \Driver\usbuhci \Device\USBFDO-2 863011F8 Device \Driver\usbehci \Device\USBFDO-3 862E6500 Device \Driver\usbuhci \Device\USBFDO-4 863011F8 Device \Driver\usbuhci \Device\USBFDO-5 863011F8 Device \Driver\usbuhci \Device\USBFDO-6 863011F8 Device \Driver\usbehci \Device\USBFDO-7 862E6500 Device \Driver\NetBT \Device\NetBT_Tcpip_{E01E36C2-8B5E-4B98-9686-A4E1D24E5F15} 86248500 Device \Driver\any2hia8 \Device\Scsi\any2hia81Port6Path0Target0Lun0 8634E2F8 Device \Driver\any2hia8 \Device\Scsi\any2hia81Port6Path0Target1Lun0 8634E2F8 Device \Driver\any2hia8 \Device\Scsi\any2hia81 8634E2F8 Device \FileSystem\fastfat \Fat 872881F8 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Trace I/O - GMER 2.2 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x852771f8]<< 852771f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860ec030] 860ec030 Trace 3 CLASSPNP.SYS[8959859e] -> nt!IofCallDriver -> [0x85ff5918] 85ff5918 Trace 5 ACPI.sys[837993b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0x86018030] 86018030 Trace \Driver\atapi[0x85feee80] -> IRP_MJ_CREATE -> 0x852771f8 852771f8 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x15 0x22 0x1D 0x1F ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE9 0x7B 0x7D 0x35 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF9 0xA4 0x4B 0x5B ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xDF 0x7D 0x54 0xA9 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x15 0x22 0x1D 0x1F ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE9 0x7B 0x7D 0x35 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF9 0xA4 0x4B 0x5B ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF9 0xA4 0x4B 0x5B ... ---- EOF - GMER 2.2 ----