GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-03-20 15:56:40 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD2500BEVE-00WZT0 rev.01.01A01 Running: tyj2rgek.exe; Driver: C:\DOCUME~1\Komputer\USTAWI~1\Temp\kxtdqpog.sys ---- System - GMER 1.0.15 ---- SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwAddBootEntry [0xA96A6724] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xA967A610] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwConnectPort [0xA96A7D04] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwCreateKey [0xA96A727E] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwCreateSection [0xA96A7920] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwCreateThread [0xA96A5CF4] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xA967AC10] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwDeleteBootEntry [0xA96A67A8] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwDeleteFile [0xA96A6F16] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwDeviceIoControlFile [0xA96A5DC8] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xA967A730] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwFsControlFile [0xA96A6EB6] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwImpersonateClientOfPort [0xA96A6E72] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwImpersonateThread [0xA96A6E24] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwLoadDriver [0xA96A7608] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwMapViewOfSection [0xA96A715C] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwModifyBootEntry [0xA96A6766] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xA967A4B0] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwOpenSection [0xA96A7712] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xA967A570] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xA967A6D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwQueueApcThread [0xA967A790] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwReplaceKey [0xA96A68F4] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwRequestWaitReplyPort [0xA96A8C24] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwRestoreKey [0xA96A682C] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwSecureConnectPort [0xA96A7E08] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwSetBootOptions [0xA96A67EA] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xA967A690] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwSetInformationFile [0xA96A6F7A] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xA967A650] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xA967A7D0] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwSetSystemInformation [0xA96A6044] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwShutdownSystem [0xA96A66D2] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xA967A510] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xA967A590] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwSystemDebugControl [0xA96A6280] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xA967A4D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xA967A5D0] SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xA8DF775C] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xA967A750] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 26D4 80501F0C 8 Bytes JMP 90A96A67 .text ntkrnlpa.exe!ZwCallbackReturn + 2778 80501FB0 12 Bytes [10, A5, 67, A9, 90, A5, 67, ...] .Shltr1 C:\Program Files\SpyShelter Personal Free\SpyShelter.sys entry point in ".Shltr1" section [0xA96DF018] .text win32k.sys!EngAcquireSemaphore + 20EE BF8082C7 5 Bytes JMP A969B850 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngFreeUserMem + 674 BF8098F2 5 Bytes JMP A969D2E0 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngFreeUserMem + 5BD5 BF80EE53 5 Bytes JMP A969BA76 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngDeleteSurface + 45 BF8138E6 5 Bytes JMP A9699882 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C550 5 Bytes JMP A96995D2 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngCreateBitmap + F9C BF828A2A 5 Bytes JMP A969A020 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngCreateBitmap + 2C65 BF82A6F3 5 Bytes JMP A969A516 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngUnmapFontFileFD + 2C50 BF831475 5 Bytes JMP A969A5CE \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngUnmapFontFileFD + 43FD BF832C22 5 Bytes JMP A969B756 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngUnmapFontFileFD + B68E BF839EB3 5 Bytes JMP A9699806 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC6A 5 Bytes JMP A96994E2 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!XLATEOBJ_iXlate + 2EDB BF85DC2E 5 Bytes JMP A969B8B6 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngCreatePalette + 88 BF85F5D2 5 Bytes JMP A9699106 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngCreatePalette + 5457 BF8649A1 5 Bytes JMP A969A6B0 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngCreateDeviceSurface + 2767 BF86E5CD 5 Bytes JMP A96A48CE \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngGetCurrentCodePage + 77AA BF877372 5 Bytes JMP A969AA30 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngGetLastError + 1606 BF890FA2 5 Bytes JMP A969A944 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngGradientFill + 26EE BF89454D 5 Bytes JMP A969B164 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngStretchBltROP + 583 BF895025 5 Bytes JMP A969A188 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngCopyBits + 3857 BF89C3CB 5 Bytes JMP A9699428 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngCopyBits + 4DEC BF89D960 5 Bytes JMP A969B03A \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngEraseSurface + A9E0 BF8C1EE0 5 Bytes JMP A969967E \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngFillPath + 1517 BF8CA342 5 Bytes JMP A96998EA \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngFillPath + 1797 BF8CA5C2 5 Bytes JMP A9699D18 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC017 5 Bytes JMP A9699EFA \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngDeleteSemaphore + CB3D BF8F5016 5 Bytes JMP A9699BC8 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngCreateClip + 25B3 BF91413A 5 Bytes JMP A969AACC \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngCreateClip + 4913 BF91649A 5 Bytes JMP A9699258 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngPlgBlt + 1940 BF946632 5 Bytes JMP A969A0F0 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[348] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027000 C:\Program Files\SpyShelter Personal Free\klhelper.dll ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 01018DB0 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 01018D60 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 01014BF0 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 01015CC0 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 01017AB0 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 01016360 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 01015FA0 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 010170B0 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 01018AC0 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 01018B00 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 01018E40 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 01018970 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 01017A10 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 01016940 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 01016230 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 01016680 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 010193C0 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 01017400 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 01017870 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 01017F70 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 01017CC0 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 01017EF0 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 01018430 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 01018120 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 01016100 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 010167F0 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 01018B80 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 01017E40 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 010179B0 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 01017830 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 01017BC0 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 01018E60 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 01017C00 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 01019100 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 010190A0 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 010192F0 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 01019390 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1208] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 010191C0 ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Classes\CLSID\{F5F9B44C-528A-26D3-B2CE-1730ACC8FD16}\culo@ LcHTo^t_tQWAoCHZN|?P{ Reg HKLM\SOFTWARE\Classes\CLSID\{F5F9B44C-528A-26D3-B2CE-1730ACC8FD16}\nuYscBt@ g~~XmG@XJ}k\MpfDjPuIVp Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F@_AutorunStatus 0x01 0x01 0xFF 0xFF ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\_Autorun Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\_Autorun\DefaultIcon Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{019e6116-f469-11de-9086-00166fca6027} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{019e6116-f469-11de-9086-00166fca6027}@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{019e6116-f469-11de-9086-00166fca6027}@_AutorunStatus 0x01 0x01 0xFF 0xFF ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13a2e470-3292-11de-8dec-0016d4c4e6d2} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13a2e470-3292-11de-8dec-0016d4c4e6d2}@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13a2e470-3292-11de-8dec-0016d4c4e6d2}@_AutorunStatus 0x01 0x00 0x01 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13a2e470-3292-11de-8dec-0016d4c4e6d2}\shell Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13a2e470-3292-11de-8dec-0016d4c4e6d2}\shell@ None Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13a2e470-3292-11de-8dec-0016d4c4e6d2}\shell\Autoplay Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13a2e470-3292-11de-8dec-0016d4c4e6d2}\shell\Autoplay@MUIVerb @shell32.dll,-8504 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13a2e470-3292-11de-8dec-0016d4c4e6d2}\shell\Autoplay\DropTarget Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13a2e470-3292-11de-8dec-0016d4c4e6d2}\shell\Autoplay\DropTarget@CLSID {f26a669a-bcbb-4e37-abf9-7325da15f931} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d774cc1-ab41-11dd-8bca-806d6172696f} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d774cc1-ab41-11dd-8bca-806d6172696f}@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d774cc1-ab41-11dd-8bca-806d6172696f}@_AutorunStatus 0x01 0x01 0xFF 0xFF ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e308a07-63f9-11df-ada1-0016d4c4e6d2} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e308a07-63f9-11df-ada1-0016d4c4e6d2}@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e308a07-63f9-11df-ada1-0016d4c4e6d2}@_AutorunStatus 0x01 0x01 0xFF 0xFF ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30323ed2-bd54-11de-8fcd-00166fca6027} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30323ed2-bd54-11de-8fcd-00166fca6027}@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30323ed2-bd54-11de-8fcd-00166fca6027}@_AutorunStatus 0x01 0x01 0xFF 0xFF ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{395cbec7-e6ed-11dd-8cbd-00166fca6027} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{395cbec7-e6ed-11dd-8cbd-00166fca6027}@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{395cbec7-e6ed-11dd-8cbd-00166fca6027}@_AutorunStatus 0x01 0x00 0x01 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{395cbec7-e6ed-11dd-8cbd-00166fca6027}\shell Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{395cbec7-e6ed-11dd-8cbd-00166fca6027}\shell@ None Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{395cbec7-e6ed-11dd-8cbd-00166fca6027}\shell\Autoplay Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{395cbec7-e6ed-11dd-8cbd-00166fca6027}\shell\Autoplay@MUIVerb @shell32.dll,-8504 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{395cbec7-e6ed-11dd-8cbd-00166fca6027}\shell\Autoplay\DropTarget Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{395cbec7-e6ed-11dd-8cbd-00166fca6027}\shell\Autoplay\DropTarget@CLSID {f26a669a-bcbb-4e37-abf9-7325da15f931} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43206faa-3f9a-11de-8e1a-00166fca6027} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43206faa-3f9a-11de-8e1a-00166fca6027}@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43206faa-3f9a-11de-8e1a-00166fca6027}@_AutorunStatus 0x01 0x01 0xFF 0xFF ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44c79fcb-4afa-11de-8e49-0016d4c4e6d2} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44c79fcb-4afa-11de-8e49-0016d4c4e6d2}@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44c79fcb-4afa-11de-8e49-0016d4c4e6d2}@_AutorunStatus 0x01 0x01 0xFF 0xFF ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44c79fcb-4afa-11de-8e49-0016d4c4e6d2}@_CommentFromDesktopINI Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{594dc2ee-29c5-11df-9150-0016d4c4e6d2} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{594dc2ee-29c5-11df-9150-0016d4c4e6d2}@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{594dc2ee-29c5-11df-9150-0016d4c4e6d2}@_AutorunStatus 0x01 0x01 0xFF 0xFF ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67001647-e6d2-11dd-8cbc-0016d4c4e6d2} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67001647-e6d2-11dd-8cbc-0016d4c4e6d2}@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67001647-e6d2-11dd-8cbc-0016d4c4e6d2}@_AutorunStatus 0x01 0x01 0xFF 0xFF ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f547e99-aa6f-11de-8f7d-0016d4c4e6d2} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f547e99-aa6f-11de-8f7d-0016d4c4e6d2}@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f547e99-aa6f-11de-8f7d-0016d4c4e6d2}@_AutorunStatus 0x01 0x01 0xFF 0xFF ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f547e99-aa6f-11de-8f7d-0016d4c4e6d2}\Shell Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f547e99-aa6f-11de-8f7d-0016d4c4e6d2}\Shell@ AutoRun Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f547e99-aa6f-11de-8f7d-0016d4c4e6d2}\Shell\AutoRun Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f547e99-aa6f-11de-8f7d-0016d4c4e6d2}\Shell\AutoRun@ &Autoodtwarzanie Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f547e99-aa6f-11de-8f7d-0016d4c4e6d2}\Shell\AutoRun\command Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f547e99-aa6f-11de-8f7d-0016d4c4e6d2}\_Autorun Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f547e99-aa6f-11de-8f7d-0016d4c4e6d2}\_Autorun\DefaultIcon Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f547e99-aa6f-11de-8f7d-0016d4c4e6d2}\_Autorun\DefaultIcon@ F:\LaunchU3.exe,0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f547e9a-aa6f-11de-8f7d-0016d4c4e6d2} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f547e9a-aa6f-11de-8f7d-0016d4c4e6d2}@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f547e9a-aa6f-11de-8f7d-0016d4c4e6d2}@_AutorunStatus 0x01 0x01 0xFF 0xFF ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b770cf2-b313-11de-8fa1-00166fca6027} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b770cf2-b313-11de-8fa1-00166fca6027}@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b770cf2-b313-11de-8fa1-00166fca6027}@_AutorunStatus 0x01 0x01 0xFF 0xFF ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8527afb7-ac11-11dd-8bd9-0016d4c4e6d2} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8527afb7-ac11-11dd-8bd9-0016d4c4e6d2}@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8527afb7-ac11-11dd-8bd9-0016d4c4e6d2}@_AutorunStatus 0x01 0x01 0xFF 0xFF ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1a8a1f8-ac60-11dd-8bde-0016d4c4e6d2} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1a8a1f8-ac60-11dd-8bde-0016d4c4e6d2}@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1a8a1f8-ac60-11dd-8bde-0016d4c4e6d2}@_AutorunStatus 0x01 0x00 0x01 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1a8a1f8-ac60-11dd-8bde-0016d4c4e6d2}\shell Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1a8a1f8-ac60-11dd-8bde-0016d4c4e6d2}\shell@ None Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1a8a1f8-ac60-11dd-8bde-0016d4c4e6d2}\shell\Autoplay Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1a8a1f8-ac60-11dd-8bde-0016d4c4e6d2}\shell\Autoplay@MUIVerb @shell32.dll,-8504 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1a8a1f8-ac60-11dd-8bde-0016d4c4e6d2}\shell\Autoplay\DropTarget Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1a8a1f8-ac60-11dd-8bde-0016d4c4e6d2}\shell\Autoplay\DropTarget@CLSID {f26a669a-bcbb-4e37-abf9-7325da15f931} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1a8a1fa-ac60-11dd-8bde-0016d4c4e6d2} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1a8a1fa-ac60-11dd-8bde-0016d4c4e6d2}@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1a8a1fa-ac60-11dd-8bde-0016d4c4e6d2}@_AutorunStatus 0x01 0x01 0xFF 0xFF ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7eebc0e-ae62-11de-8f8e-0016d4c4e6d2} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7eebc0e-ae62-11de-8f8e-0016d4c4e6d2}@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7eebc0e-ae62-11de-8f8e-0016d4c4e6d2}@_AutorunStatus 0x01 0x01 0xFF 0xFF ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa68287-ab3a-11dd-8bcc-cb2b3c8c9cb5} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa68287-ab3a-11dd-8bcc-cb2b3c8c9cb5}@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa68287-ab3a-11dd-8bcc-cb2b3c8c9cb5}@_AutorunStatus 0x01 0x00 0x01 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa68287-ab3a-11dd-8bcc-cb2b3c8c9cb5}\shell Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa68287-ab3a-11dd-8bcc-cb2b3c8c9cb5}\shell@ None Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa68287-ab3a-11dd-8bcc-cb2b3c8c9cb5}\shell\Autoplay Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa68287-ab3a-11dd-8bcc-cb2b3c8c9cb5}\shell\Autoplay@MUIVerb @shell32.dll,-8504 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa68287-ab3a-11dd-8bcc-cb2b3c8c9cb5}\shell\Autoplay\DropTarget Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa68287-ab3a-11dd-8bcc-cb2b3c8c9cb5}\shell\Autoplay\DropTarget@CLSID {f26a669a-bcbb-4e37-abf9-7325da15f931} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e25c46ce-63ee-11df-ada0-806d6172696f} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e25c46ce-63ee-11df-ada0-806d6172696f}@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e25c46ce-63ee-11df-ada0-806d6172696f}@_AutorunStatus 0x01 0x01 0xFF 0xFF ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e27c19ba-d80a-11de-9022-0016d4c4e6d2} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e27c19ba-d80a-11de-9022-0016d4c4e6d2}@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e27c19ba-d80a-11de-9022-0016d4c4e6d2}@_AutorunStatus 0x01 0x01 0xFF 0xFF ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2d25bef-ab37-11dd-930a-806d6172696f} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2d25bef-ab37-11dd-930a-806d6172696f}@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2d25bf0-ab37-11dd-930a-806d6172696f} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2d25bf0-ab37-11dd-930a-806d6172696f}@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2d25bf0-ab37-11dd-930a-806d6172696f}@_AutorunStatus 0x01 0x00 0x01 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb52cc12-876f-11df-ae1c-0016d4c4e6d2} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb52cc12-876f-11df-ae1c-0016d4c4e6d2}@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb52cc12-876f-11df-ae1c-0016d4c4e6d2}@_AutorunStatus 0x01 0x01 0xFF 0xFF ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{504ACAF6-6DFA-DEF4-37B1-A10C06B52D4D} ---- EOF - GMER 1.0.15 ----