GMER 2.0.18444 - http://www.gmer.net Rootkit scan 2013-01-12 18:40:39 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925082 rev.3.AH 232,89GB Running: fw86oq50.exe; Driver: C:\DOCUME~1\WOOSZC~1\USTAWI~1\Temp\pxtdipow.sys ---- System - GMER 2.0 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xAE813004] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xAE8130D4] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xAE812D76] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xAE812E1E] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xAE812EBA] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xAE812F56] ---- Kernel code sections - GMER 2.0 ---- .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xAE73A300, 0x3AE88, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB9A0A300, 0x1B7E, 0xE8000020] ---- User code sections - GMER 2.0 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[640] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01654470 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[640] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 018A047C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[640] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 018A0459 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[640] kernel32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 0165F972 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[640] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 018A03DA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\ControlSet001\Services\bcbkbze@DisplayName Manager Center Reg HKLM\SYSTEM\ControlSet001\Services\bcbkbze@Type 32 Reg HKLM\SYSTEM\ControlSet001\Services\bcbkbze@Start 2 Reg HKLM\SYSTEM\ControlSet001\Services\bcbkbze@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet001\Services\bcbkbze@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet001\Services\bcbkbze@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet001\Services\bcbkbze@Description Manages the PDF document production process. A primary task is to enable the routing of documents from the print spooler to the user. If this service is stopped, PDF documents will be unavailable. Reg HKLM\SYSTEM\ControlSet001\Services\bcbkbze\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\bcbkbze\Parameters@ServiceDll C:\WINDOWS\system32\pxeqog.dll Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000a3a5b73ad (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000a3a5b73ad@00178313eb0f 0x8B 0x70 0xFD 0x09 ... Reg HKLM\SYSTEM\ControlSet001\Services\gkepo@DisplayName Config Center Reg HKLM\SYSTEM\ControlSet001\Services\gkepo@Type 32 Reg HKLM\SYSTEM\ControlSet001\Services\gkepo@Start 2 Reg HKLM\SYSTEM\ControlSet001\Services\gkepo@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet001\Services\gkepo@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet001\Services\gkepo@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet001\Services\gkepo@Description Manages the event trace messages for all the components of Intel(R) PROSet/Wireless software. Reg HKLM\SYSTEM\ControlSet001\Services\gkepo\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\gkepo\Parameters@ServiceDll C:\WINDOWS\system32\pxeqog.dll Reg HKLM\SYSTEM\ControlSet001\Services\gqvdkb@DisplayName ijknb Reg HKLM\SYSTEM\ControlSet001\Services\gqvdkb@Type 32 Reg HKLM\SYSTEM\ControlSet001\Services\gqvdkb@Start 2 Reg HKLM\SYSTEM\ControlSet001\Services\gqvdkb@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet001\Services\gqvdkb@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet001\Services\gqvdkb@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet001\Services\gqvdkb@Description ?ledzi zdarzenia systemowe, takie jak zdarzenia zwi?zane z logowaniem do systemu Windows, sieci? i zasilaniem. Zawiadamia o tych zdarzeniach subskrybent?w systemu zdarze? COM+. Reg HKLM\SYSTEM\ControlSet001\Services\gqvdkb\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\gqvdkb\Parameters@ServiceDll C:\WINDOWS\system32\pxeqog.dll Reg HKLM\SYSTEM\ControlSet001\Services\ijqraldoy@DisplayName Time Windows Reg HKLM\SYSTEM\ControlSet001\Services\ijqraldoy@Type 32 Reg HKLM\SYSTEM\ControlSet001\Services\ijqraldoy@Start 2 Reg HKLM\SYSTEM\ControlSet001\Services\ijqraldoy@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet001\Services\ijqraldoy@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet001\Services\ijqraldoy@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet001\Services\ijqraldoy@Description Zapewnia us?ugi pozyskiwania obraz?w dla skaner?w i aparat?w fotograficznych. Reg HKLM\SYSTEM\ControlSet001\Services\ijqraldoy\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\ijqraldoy\Parameters@ServiceDll C:\WINDOWS\system32\pxeqog.dll Reg HKLM\SYSTEM\ControlSet001\Services\ritakg@DisplayName Boot Helper Reg HKLM\SYSTEM\ControlSet001\Services\ritakg@Type 32 Reg HKLM\SYSTEM\ControlSet001\Services\ritakg@Start 2 Reg HKLM\SYSTEM\ControlSet001\Services\ritakg@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet001\Services\ritakg@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet001\Services\ritakg@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet001\Services\ritakg@Description Umo?liwia raportowanie b??d?w dla us?ug i aplikacji dzia?aj?cych w niestandardowych ?rodowiskach. Reg HKLM\SYSTEM\ControlSet001\Services\ritakg\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\ritakg\Parameters@ServiceDll C:\WINDOWS\system32\pxeqog.dll Reg HKLM\SYSTEM\ControlSet001\Services\rtrbh@DisplayName Server Support Reg HKLM\SYSTEM\ControlSet001\Services\rtrbh@Type 32 Reg HKLM\SYSTEM\ControlSet001\Services\rtrbh@Start 2 Reg HKLM\SYSTEM\ControlSet001\Services\rtrbh@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet001\Services\rtrbh@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet001\Services\rtrbh@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet001\Services\rtrbh@Description Umo?liwia rodzajowy dost?p do urz?dze? interfejsu HID, kt?ry uaktywnia i obs?uguje u?ywanie wst?pnie zdefiniowanych przycisk?w akcji na klawiaturze i innych urz?dze? multimedialnych. Je?li ta us?uga zostanie zatrzymana, przyciski akcji sterowane przez t? us?ug? nie b?d? dzia?a?. Je?li ta us?uga zostanie wy??czona, wszelkie us?ugi jawnie od niej zale?ne przestan? si? uruchamia?. Reg HKLM\SYSTEM\ControlSet001\Services\rtrbh\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\rtrbh\Parameters@ServiceDll C:\WINDOWS\system32\pxeqog.dll Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFA 0x65 0x52 0x79 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1F 0xCF 0x9E 0x8D ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4A 0x98 0x0A 0xD3 ... Reg HKLM\SYSTEM\ControlSet001\Services\yhellqg@DisplayName Monitor Image Reg HKLM\SYSTEM\ControlSet001\Services\yhellqg@Type 32 Reg HKLM\SYSTEM\ControlSet001\Services\yhellqg@Start 2 Reg HKLM\SYSTEM\ControlSet001\Services\yhellqg@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet001\Services\yhellqg@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet001\Services\yhellqg@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet001\Services\yhellqg@Description Zapewnia us?ugi pozyskiwania obraz?w dla skaner?w i aparat?w fotograficznych. Reg HKLM\SYSTEM\ControlSet001\Services\yhellqg\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\yhellqg\Parameters@ServiceDll C:\WINDOWS\system32\pxeqog.dll Reg HKLM\SYSTEM\ControlSet001\Services\zkyep@DisplayName Shell Network Reg HKLM\SYSTEM\ControlSet001\Services\zkyep@Type 32 Reg HKLM\SYSTEM\ControlSet001\Services\zkyep@Start 2 Reg HKLM\SYSTEM\ControlSet001\Services\zkyep@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet001\Services\zkyep@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet001\Services\zkyep@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet001\Services\zkyep@Description Zachowuje synchronizacj? daty i godziny na wszystkich klientach i serwerach w sieci. Je?li ta us?uga zostanie zatrzymana, synchronizacja daty i godziny stanie si? niedost?pna. Je?li ta us?uga zostanie wy??czona, wszelkie us?ugi jawnie od niej zale?ne przestan? si? uruchamia?. Reg HKLM\SYSTEM\ControlSet001\Services\zkyep\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\zkyep\Parameters@ServiceDll C:\WINDOWS\system32\pxeqog.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a5b73ad Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a5b73ad@00178313eb0f 0x8B 0x70 0xFD 0x09 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFA 0x65 0x52 0x79 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1F 0xCF 0x9E 0x8D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4A 0x98 0x0A 0xD3 ... Reg HKLM\SYSTEM\ControlSet003\Services\bcbkbze@DisplayName Manager Center Reg HKLM\SYSTEM\ControlSet003\Services\bcbkbze@Type 32 Reg HKLM\SYSTEM\ControlSet003\Services\bcbkbze@Start 2 Reg HKLM\SYSTEM\ControlSet003\Services\bcbkbze@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet003\Services\bcbkbze@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet003\Services\bcbkbze@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet003\Services\bcbkbze@Description Manages the PDF document production process. A primary task is to enable the routing of documents from the print spooler to the user. If this service is stopped, PDF documents will be unavailable. Reg HKLM\SYSTEM\ControlSet003\Services\bcbkbze\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\bcbkbze\Parameters@ServiceDll C:\WINDOWS\system32\pxeqog.dll Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a3a5b73ad (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a3a5b73ad@00178313eb0f 0x8B 0x70 0xFD 0x09 ... Reg HKLM\SYSTEM\ControlSet003\Services\gkepo@DisplayName Config Center Reg HKLM\SYSTEM\ControlSet003\Services\gkepo@Type 32 Reg HKLM\SYSTEM\ControlSet003\Services\gkepo@Start 2 Reg HKLM\SYSTEM\ControlSet003\Services\gkepo@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet003\Services\gkepo@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet003\Services\gkepo@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet003\Services\gkepo@Description Manages the event trace messages for all the components of Intel(R) PROSet/Wireless software. Reg HKLM\SYSTEM\ControlSet003\Services\gkepo\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\gkepo\Parameters@ServiceDll C:\WINDOWS\system32\pxeqog.dll Reg HKLM\SYSTEM\ControlSet003\Services\gqvdkb@DisplayName ijknb Reg HKLM\SYSTEM\ControlSet003\Services\gqvdkb@Type 32 Reg HKLM\SYSTEM\ControlSet003\Services\gqvdkb@Start 2 Reg HKLM\SYSTEM\ControlSet003\Services\gqvdkb@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet003\Services\gqvdkb@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet003\Services\gqvdkb@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet003\Services\gqvdkb@Description ?ledzi zdarzenia systemowe, takie jak zdarzenia zwi?zane z logowaniem do systemu Windows, sieci? i zasilaniem. Zawiadamia o tych zdarzeniach subskrybent?w systemu zdarze? COM+. Reg HKLM\SYSTEM\ControlSet003\Services\gqvdkb\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\gqvdkb\Parameters@ServiceDll C:\WINDOWS\system32\pxeqog.dll Reg HKLM\SYSTEM\ControlSet003\Services\ijqraldoy@DisplayName Time Windows Reg HKLM\SYSTEM\ControlSet003\Services\ijqraldoy@Type 32 Reg HKLM\SYSTEM\ControlSet003\Services\ijqraldoy@Start 2 Reg HKLM\SYSTEM\ControlSet003\Services\ijqraldoy@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet003\Services\ijqraldoy@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet003\Services\ijqraldoy@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet003\Services\ijqraldoy@Description Zapewnia us?ugi pozyskiwania obraz?w dla skaner?w i aparat?w fotograficznych. Reg HKLM\SYSTEM\ControlSet003\Services\ijqraldoy\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\ijqraldoy\Parameters@ServiceDll C:\WINDOWS\system32\pxeqog.dll Reg HKLM\SYSTEM\ControlSet003\Services\ritakg@DisplayName Boot Helper Reg HKLM\SYSTEM\ControlSet003\Services\ritakg@Type 32 Reg HKLM\SYSTEM\ControlSet003\Services\ritakg@Start 2 Reg HKLM\SYSTEM\ControlSet003\Services\ritakg@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet003\Services\ritakg@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet003\Services\ritakg@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet003\Services\ritakg@Description Umo?liwia raportowanie b??d?w dla us?ug i aplikacji dzia?aj?cych w niestandardowych ?rodowiskach. Reg HKLM\SYSTEM\ControlSet003\Services\ritakg\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\ritakg\Parameters@ServiceDll C:\WINDOWS\system32\pxeqog.dll Reg HKLM\SYSTEM\ControlSet003\Services\rtrbh@DisplayName Server Support Reg HKLM\SYSTEM\ControlSet003\Services\rtrbh@Type 32 Reg HKLM\SYSTEM\ControlSet003\Services\rtrbh@Start 2 Reg HKLM\SYSTEM\ControlSet003\Services\rtrbh@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet003\Services\rtrbh@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet003\Services\rtrbh@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet003\Services\rtrbh@Description Umo?liwia rodzajowy dost?p do urz?dze? interfejsu HID, kt?ry uaktywnia i obs?uguje u?ywanie wst?pnie zdefiniowanych przycisk?w akcji na klawiaturze i innych urz?dze? multimedialnych. Je?li ta us?uga zostanie zatrzymana, przyciski akcji sterowane przez t? us?ug? nie b?d? dzia?a?. Je?li ta us?uga zostanie wy??czona, wszelkie us?ugi jawnie od niej zale?ne przestan? si? uruchamia?. Reg HKLM\SYSTEM\ControlSet003\Services\rtrbh\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\rtrbh\Parameters@ServiceDll C:\WINDOWS\system32\pxeqog.dll Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFA 0x65 0x52 0x79 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1F 0xCF 0x9E 0x8D ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4A 0x98 0x0A 0xD3 ... Reg HKLM\SYSTEM\ControlSet003\Services\yhellqg@DisplayName Monitor Image Reg HKLM\SYSTEM\ControlSet003\Services\yhellqg@Type 32 Reg HKLM\SYSTEM\ControlSet003\Services\yhellqg@Start 2 Reg HKLM\SYSTEM\ControlSet003\Services\yhellqg@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet003\Services\yhellqg@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet003\Services\yhellqg@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet003\Services\yhellqg@Description Zapewnia us?ugi pozyskiwania obraz?w dla skaner?w i aparat?w fotograficznych. Reg HKLM\SYSTEM\ControlSet003\Services\yhellqg\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\yhellqg\Parameters@ServiceDll C:\WINDOWS\system32\pxeqog.dll Reg HKLM\SYSTEM\ControlSet003\Services\zkyep@DisplayName Shell Network Reg HKLM\SYSTEM\ControlSet003\Services\zkyep@Type 32 Reg HKLM\SYSTEM\ControlSet003\Services\zkyep@Start 2 Reg HKLM\SYSTEM\ControlSet003\Services\zkyep@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet003\Services\zkyep@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet003\Services\zkyep@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet003\Services\zkyep@Description Zachowuje synchronizacj? daty i godziny na wszystkich klientach i serwerach w sieci. Je?li ta us?uga zostanie zatrzymana, synchronizacja daty i godziny stanie si? niedost?pna. Je?li ta us?uga zostanie wy??czona, wszelkie us?ugi jawnie od niej zale?ne przestan? si? uruchamia?. Reg HKLM\SYSTEM\ControlSet003\Services\zkyep\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\zkyep\Parameters@ServiceDll C:\WINDOWS\system32\pxeqog.dll Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\000a3a5b73ad (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\000a3a5b73ad@00178313eb0f 0x8B 0x70 0xFD 0x09 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFA 0x65 0x52 0x79 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1F 0xCF 0x9E 0x8D ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4A 0x98 0x0A 0xD3 ... ---- EOF - GMER 2.0 ----