GMER 2.0.18444 - http://www.gmer.net Rootkit scan 2013-01-21 16:20:16 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HDP725032GLA360 rev.GM3OA52A 298,09GB Running: 1cxr198r.exe; Driver: C:\DOCUME~1\Kamil\USTAWI~1\Temp\uflyapob.sys ---- Kernel code sections - GMER 2.0 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB96A0360, 0x348C87, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB6170300, 0x3B6D8, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA3A0300, 0x1BEE, 0xE8000020] ---- User code sections - GMER 2.0 ---- .text C:\WINDOWS\Explorer.EXE[144] WS2_32.DLL!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\WINDOWS\Explorer.EXE[144] C:\WINDOWS\system32\WS2_32.DLL section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\WINDOWS\Explorer.EXE[144] C:\WINDOWS\system32\WS2_32.DLL section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text E:\screenSHU\screenSHU.exe[168] WS2_32.DLL!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text E:\screenSHU\screenSHU.exe[168] WS2_32.DLL!connect 71A54A07 8 Bytes [B8, 30, 13, 00, 10, FF, E0, ...] {MOV EAX, 0x10001330; JMP EAX; NOP } .text E:\screenSHU\screenSHU.exe[168] C:\WINDOWS\system32\WS2_32.DLL section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc E:\screenSHU\screenSHU.exe[168] C:\WINDOWS\system32\WS2_32.DLL section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe[176] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe[176] WS2_32.dll!connect 71A54A07 8 Bytes [B8, 30, 13, 00, 10, FF, E0, ...] {MOV EAX, 0x10001330; JMP EAX; NOP } .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe[176] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe[176] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text G:\Alcohol 52\StarWind\StarWindServiceAE.exe[504] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text G:\Alcohol 52\StarWind\StarWindServiceAE.exe[504] WS2_32.dll!connect 71A54A07 8 Bytes [B8, 30, 13, 00, 10, FF, E0, ...] {MOV EAX, 0x10001330; JMP EAX; NOP } .text G:\Alcohol 52\StarWind\StarWindServiceAE.exe[504] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc G:\Alcohol 52\StarWind\StarWindServiceAE.exe[504] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\WINDOWS\system32\winlogon.exe[692] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\WINDOWS\system32\winlogon.exe[692] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\WINDOWS\system32\winlogon.exe[692] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\WINDOWS\system32\services.exe[740] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\WINDOWS\system32\lsass.exe[752] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\WINDOWS\system32\svchost.exe[924] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 6F, 00, FF, E0, ...] {MOV EAX, 0x6f1057; JMP EAX; NOP ; NOP } .text C:\WINDOWS\system32\svchost.exe[924] c:\windows\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\WINDOWS\system32\svchost.exe[924] c:\windows\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\WINDOWS\system32\svchost.exe[976] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 6F, 00, FF, E0, ...] {MOV EAX, 0x6f1057; JMP EAX; NOP ; NOP } .text C:\WINDOWS\system32\svchost.exe[976] WS2_32.dll!connect 71A54A07 8 Bytes [B8, 30, 13, 6F, 00, FF, E0, ...] {MOV EAX, 0x6f1330; JMP EAX; NOP } .text C:\WINDOWS\system32\svchost.exe[976] c:\windows\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\WINDOWS\system32\svchost.exe[976] c:\windows\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\WINDOWS\System32\svchost.exe[1004] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\WINDOWS\System32\svchost.exe[1004] WS2_32.dll!connect 71A54A07 8 Bytes [B8, 30, 13, 00, 10, FF, E0, ...] {MOV EAX, 0x10001330; JMP EAX; NOP } .text C:\WINDOWS\System32\svchost.exe[1004] c:\windows\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\WINDOWS\System32\svchost.exe[1004] c:\windows\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\WINDOWS\system32\svchost.exe[1184] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 6F, 00, FF, E0, ...] {MOV EAX, 0x6f1057; JMP EAX; NOP ; NOP } .text C:\WINDOWS\system32\svchost.exe[1184] c:\windows\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\WINDOWS\system32\svchost.exe[1184] c:\windows\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\WINDOWS\system32\spoolsv.exe[1364] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\WINDOWS\system32\spoolsv.exe[1364] WS2_32.dll!connect 71A54A07 8 Bytes [B8, 30, 13, 00, 10, FF, E0, ...] {MOV EAX, 0x10001330; JMP EAX; NOP } .text C:\WINDOWS\system32\spoolsv.exe[1364] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\WINDOWS\system32\spoolsv.exe[1364] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\WINDOWS\system32\svchost.exe[1472] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 70, 00, FF, E0, ...] {MOV EAX, 0x701057; JMP EAX; NOP ; NOP } .text C:\WINDOWS\system32\svchost.exe[1472] c:\windows\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\WINDOWS\system32\svchost.exe[1472] c:\windows\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\Program Files\Bonjour\mDNSResponder.exe[1532] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\Program Files\Bonjour\mDNSResponder.exe[1532] WS2_32.dll!connect 71A54A07 8 Bytes [B8, 30, 13, 00, 10, FF, E0, ...] {MOV EAX, 0x10001330; JMP EAX; NOP } .text C:\Program Files\Bonjour\mDNSResponder.exe[1532] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\Program Files\Bonjour\mDNSResponder.exe[1532] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\Program Files\Java\jre7\bin\jqs.exe[1624] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\Program Files\Java\jre7\bin\jqs.exe[1624] WS2_32.dll!connect 71A54A07 8 Bytes [B8, 30, 13, 00, 10, FF, E0, ...] {MOV EAX, 0x10001330; JMP EAX; NOP } .text C:\Program Files\Java\jre7\bin\jqs.exe[1624] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\Program Files\Java\jre7\bin\jqs.exe[1624] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\WINDOWS\system32\wuauclt.exe[1692] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 6B, 00, FF, E0, ...] {MOV EAX, 0x6b1057; JMP EAX; NOP ; NOP } .text C:\WINDOWS\system32\wuauclt.exe[1692] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\WINDOWS\system32\wuauclt.exe[1692] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text E:\ESET\Nod32\nod32krn.exe[1728] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text E:\ESET\Nod32\nod32krn.exe[1728] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc E:\ESET\Nod32\nod32krn.exe[1728] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\WINDOWS\system32\nvsvc32.exe[2008] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\WINDOWS\system32\nvsvc32.exe[2008] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\WINDOWS\system32\nvsvc32.exe[2008] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe[2024] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 3C, 00, FF, E0, ...] {MOV EAX, 0x3c1057; JMP EAX; NOP ; NOP } .text C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe[2024] WS2_32.dll!connect 71A54A07 8 Bytes [B8, 30, 13, 3C, 00, FF, E0, ...] {MOV EAX, 0x3c1330; JMP EAX; NOP } .text C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe[2024] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe[2024] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\WINDOWS\system32\PnkBstrA.exe[2040] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\WINDOWS\system32\PnkBstrA.exe[2040] WS2_32.dll!connect 71A54A07 8 Bytes [B8, 30, 13, 00, 10, FF, E0, ...] {MOV EAX, 0x10001330; JMP EAX; NOP } .text C:\WINDOWS\system32\PnkBstrA.exe[2040] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\WINDOWS\system32\PnkBstrA.exe[2040] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2188] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 82, 00, FF, E0, ...] {MOV EAX, 0x821057; JMP EAX; NOP ; NOP } .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2188] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\WINDOWS\system32\wbem\wmiapsrv.exe[2188] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] WS2_32.dll!connect 71A54A07 8 Bytes [B8, 30, 13, 00, 10, FF, E0, ...] {MOV EAX, 0x10001330; JMP EAX; NOP } .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2604] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, B0, 00, FF, E0, ...] {MOV EAX, 0xb01057; JMP EAX; NOP ; NOP } .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2604] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2604] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9 .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2660] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 8E, 00, FF, E0, ...] {MOV EAX, 0x8e1057; JMP EAX; NOP ; NOP } .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2660] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2660] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe[2736] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 39, 00, FF, E0, ...] {MOV EAX, 0x391057; JMP EAX; NOP ; NOP } .text C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe[2736] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe[2736] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text G:\Mozilla Firefox\firefox.exe[2772] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 61, 02, FF, E0, ...] {MOV EAX, 0x2611057; JMP EAX; NOP ; NOP } .text G:\Mozilla Firefox\firefox.exe[2772] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc G:\Mozilla Firefox\firefox.exe[2772] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9 .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3392] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 8E, 00, FF, E0, ...] {MOV EAX, 0x8e1057; JMP EAX; NOP ; NOP } .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3392] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3392] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9 .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3420] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3420] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 8E, 00, FF, E0, ...] {MOV EAX, 0x8e1057; JMP EAX; NOP ; NOP } .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3420] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3420] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3692] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3692] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3692] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe[4052] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe[4052] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe[4052] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] ---- User IAT/EAT - GMER 2.0 ---- IAT C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2660] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 IAT C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3392] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 IAT C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3420] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA0 0xB6 0xBA 0x9B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 G:\Alcohol 52\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9F 0xC4 0x6F 0x16 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 G:\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1B 0x90 0xFE 0x76 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDD 0x02 0xC4 0x3C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x76 0x8A 0x9D 0xA4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5B 0x92 0x77 0x0E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1A 0xC1 0x6D 0x3E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x3B 0x74 0x40 0x30 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x36 0x5B 0x22 0x2B ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 2 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA0 0xB6 0xBA 0x9B ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 G:\Alcohol 52\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9F 0xC4 0x6F 0x16 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 G:\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1B 0x90 0xFE 0x76 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDD 0x02 0xC4 0x3C ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x76 0x8A 0x9D 0xA4 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5B 0x92 0x77 0x0E ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1A 0xC1 0x6D 0x3E ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x3B 0x74 0x40 0x30 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x36 0x5B 0x22 0x2B ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 3 ---- EOF - GMER 2.0 ----