GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2011-08-14 07:40:26 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdePort0 TOSHIBA_MK8037GSX rev.DL240D 74,53GB Running: GMER.exe; Driver: C:\DOCUME~1\STAR\USTAWI~1\Temp\kgryypoc.sys ---- User code sections - GMER 2.1 ---- .text c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[192] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10010920 C:\WINDOWS\system32\StarInsecure.dll .text c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[192] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 10010910 C:\WINDOWS\system32\StarInsecure.dll .text c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[232] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10010920 C:\WINDOWS\system32\StarInsecure.dll .text c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[232] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 10010910 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\spoolsv.exe[352] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10010920 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\spoolsv.exe[352] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 10010910 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\System32\SCardSvr.exe[372] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10010920 C:\WINDOWS\System32\StarInsecure.dll .text C:\WINDOWS\System32\SCardSvr.exe[372] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 10010910 C:\WINDOWS\System32\StarInsecure.dll .text C:\WINDOWS\system32\svchost.exe[476] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10010920 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\svchost.exe[476] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 10010910 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10010920 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\svchost.exe[520] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 10010910 C:\WINDOWS\system32\StarInsecure.dll .text c:\programme\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe[540] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10010920 C:\WINDOWS\system32\StarInsecure.dll .text c:\programme\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe[540] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 10010910 C:\WINDOWS\system32\StarInsecure.dll .text C:\PROGRA~1\SDCONN~1\bin\TKServer.exe[564] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00370920 C:\WINDOWS\system32\StarInsecure.dll .text C:\PROGRA~1\SDCONN~1\bin\TKServer.exe[564] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 00370910 C:\WINDOWS\system32\StarInsecure.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[624] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10010920 C:\WINDOWS\system32\StarInsecure.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[624] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 10010910 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\ctfmon.exe[652] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10010920 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\ctfmon.exe[652] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 10010910 C:\WINDOWS\system32\StarInsecure.dll .text C:\Program Files\EWA net\server\bin\tomcat.exe[680] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00990920 C:\WINDOWS\system32\StarInsecure.dll .text C:\Program Files\EWA net\server\bin\tomcat.exe[680] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 00990910 C:\WINDOWS\system32\StarInsecure.dll .text c:\programme\hardwareassistent\hwassistentservice.exe[716] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 10010920 C:\WINDOWS\system32\StarInsecure.dll .text c:\programme\hardwareassistent\hwassistentservice.exe[716] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 10010910 C:\WINDOWS\system32\StarInsecure.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[740] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10010920 C:\WINDOWS\system32\StarInsecure.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[740] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 10010910 C:\WINDOWS\system32\StarInsecure.dll .text C:\Programme\OnlineUpdateBG\schedservicemain.exe[836] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10010920 C:\WINDOWS\system32\StarInsecure.dll .text C:\Programme\OnlineUpdateBG\schedservicemain.exe[836] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 10010910 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\zak\service.exe[888] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10010920 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\zak\service.exe[888] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 10010910 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\winlogon.exe[920] ntdll.dll!NtLockProductActivationKeys 7C90D4AE 5 Bytes JMP 01BB1000 C:\WINDOWS\system32\antiwpa.dll .text C:\WINDOWS\system32\winlogon.exe[920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10010920 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\winlogon.exe[920] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 10010910 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\winlogon.exe[920] USER32.dll!GetSystemMetrics 7E368F9C 5 Bytes JMP 01BB1018 C:\WINDOWS\system32\antiwpa.dll .text C:\WINDOWS\system32\services.exe[964] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10010920 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\services.exe[964] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 10010910 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\lsass.exe[976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10010920 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\lsass.exe[976] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 10010910 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\igfxpers.exe[1116] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10010920 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\igfxpers.exe[1116] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 10010910 C:\WINDOWS\system32\StarInsecure.dll .text c:\programme\starusersetter\service\starusersetterservice.exe[1132] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 10010920 C:\WINDOWS\system32\StarInsecure.dll .text c:\programme\starusersetter\service\starusersetterservice.exe[1132] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 10010910 C:\WINDOWS\system32\StarInsecure.dll .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[1168] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00960920 C:\WINDOWS\system32\StarInsecure.dll .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[1168] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 00960910 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\rundll32.exe[1172] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10010920 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\rundll32.exe[1172] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 10010910 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10010920 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 10010910 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10010920 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 10010910 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10010920 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 10010910 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10010920 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 10010910 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10010920 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 10010910 C:\WINDOWS\system32\StarInsecure.dll .text C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe[1604] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10010920 C:\WINDOWS\system32\StarInsecure.dll .text C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe[1604] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 10010910 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\rundll32.exe[1616] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10010920 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\rundll32.exe[1616] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 10010910 C:\WINDOWS\system32\StarInsecure.dll .text C:\Program Files\SDconnect Toolkit\bin\TKTray.exe[1752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00370920 C:\WINDOWS\system32\StarInsecure.dll .text C:\Program Files\SDconnect Toolkit\bin\TKTray.exe[1752] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 00370910 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1756] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10010920 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1756] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 10010910 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\hkcmd.exe[1792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00380920 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\hkcmd.exe[1792] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 00380910 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\igfxsrvc.exe[1796] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10010920 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\igfxsrvc.exe[1796] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 10010910 C:\WINDOWS\system32\StarInsecure.dll .text C:\Programme\SDNetControl\SDNC.exe[1820] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 10010920 C:\WINDOWS\system32\StarInsecure.dll .text C:\Programme\SDNetControl\SDNC.exe[1820] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 10010910 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\Explorer.EXE[1952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10010920 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\Explorer.EXE[1952] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 10010910 C:\WINDOWS\system32\StarInsecure.dll .text C:\Programme\SDNetControl\NetworkFilter.exe[2176] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 10010920 C:\WINDOWS\system32\StarInsecure.dll .text C:\Programme\SDNetControl\NetworkFilter.exe[2176] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 10010910 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2200] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10010920 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2200] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 10010910 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2268] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10010920 C:\WINDOWS\system32\StarInsecure.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2268] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 10010910 C:\WINDOWS\system32\StarInsecure.dll .text I:\GMER.exe[2820] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10010920 C:\WINDOWS\system32\StarInsecure.dll .text I:\GMER.exe[2820] ADVAPI32.dll!CryptVerifySignatureA 77DEC841 5 Bytes JMP 10010910 C:\WINDOWS\system32\StarInsecure.dll ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001641764cdb (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00164195be1a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0016419d47da (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0016419dd80c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0016419e2fa7 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0016419e7f73 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001641b3c06d (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001641fc6ffe (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001a6b766ea1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0A 0x40 0xC2 0x24 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xA0 0x67 0xC3 0x52 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xA7 0xDE 0x1A 0xEB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641764cdb Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00164195be1a Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016419d47da Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016419dd80c Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016419e2fa7 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016419e7f73 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641b3c06d Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641fc6ffe Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6b766ea1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x82 0xD2 0x00 0xAB ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001641764cdb (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00164195be1a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016419d47da (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016419dd80c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016419e2fa7 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016419e7f73 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001641b3c06d (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001641fc6ffe (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6b766ea1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3A 0xB3 0xE0 0xB8 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\ Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-507921405-1897051121-1417001333-1004\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeLo -658506960 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-507921405-1897051121-1417001333-1004\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeHi 30169634 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-507921405-1897051121-1417001333-1004\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeLo -658350710 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-507921405-1897051121-1417001333-1004\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeHi 30169634 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----