GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-04-03 23:19:24 Windows 5.1.2600 Dodatek Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST9120822A rev.3.ALC 111,79GB Running: 7ulldu3f.exe; Driver: D:\DOCUME~1\JA\USTAWI~1\Temp\uxloypow.sys ---- System - GMER 2.1 ---- SSDT splv.sys ZwCreateKey [0xF83820E0] SSDT splv.sys ZwEnumerateKey [0xF839ADA4] SSDT splv.sys ZwEnumerateValueKey [0xF839B132] SSDT splv.sys ZwOpenKey [0xF83820C0] SSDT splv.sys ZwQueryKey [0xF839B20A] SSDT splv.sys ZwQueryValueKey [0xF839B08A] SSDT splv.sys ZwSetValueKey [0xF839B29C] INT 0x62 ? 82DE2BF8 INT 0x63 ? 82C5EBF8 INT 0x73 ? 82C5EBF8 INT 0x94 ? 82C5EBF8 INT 0xB4 ? 82C5EBF8 ---- Kernel code sections - GMER 2.1 ---- ? splv.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 2.1 ---- .text D:\WINDOWS\system32\csrss.exe[380] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00EF6390 .text D:\WINDOWS\system32\csrss.exe[380] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00EF6640 .text D:\WINDOWS\system32\csrss.exe[380] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00EF53D0 .text D:\WINDOWS\system32\csrss.exe[380] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00EF5300 .text D:\WINDOWS\system32\csrss.exe[380] KERNEL32.dll!CreateFileA 7C801A24 5 Bytes JMP 00EF11C0 .text D:\WINDOWS\system32\csrss.exe[380] KERNEL32.dll!CreateFileW 7C810780 5 Bytes JMP 00EF1290 .text D:\WINDOWS\system32\csrss.exe[380] KERNEL32.dll!MoveFileW 7C8211D1 5 Bytes JMP 00EF2570 .text D:\WINDOWS\system32\csrss.exe[380] KERNEL32.dll!CopyFileA 7C82865E 5 Bytes JMP 00EF1000 .text D:\WINDOWS\system32\csrss.exe[380] KERNEL32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 00EF10A0 .text D:\WINDOWS\system32\csrss.exe[380] KERNEL32.dll!MoveFileA 7C835E17 5 Bytes JMP 00EF2510 .text D:\WINDOWS\system32\csrss.exe[380] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00EF1D10 .text D:\WINDOWS\system32\winlogon.exe[404] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01836390 .text D:\WINDOWS\system32\winlogon.exe[404] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01836640 .text D:\WINDOWS\system32\winlogon.exe[404] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 018353D0 .text D:\WINDOWS\system32\winlogon.exe[404] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01835300 .text D:\WINDOWS\system32\winlogon.exe[404] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 018311C0 .text D:\WINDOWS\system32\winlogon.exe[404] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 01831290 .text D:\WINDOWS\system32\winlogon.exe[404] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 01832570 .text D:\WINDOWS\system32\winlogon.exe[404] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 01831000 .text D:\WINDOWS\system32\winlogon.exe[404] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 018310A0 .text D:\WINDOWS\system32\winlogon.exe[404] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 01832510 .text D:\WINDOWS\system32\winlogon.exe[404] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01831D10 .text D:\WINDOWS\system32\services.exe[448] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00C16390 .text D:\WINDOWS\system32\services.exe[448] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00C16640 .text D:\WINDOWS\system32\services.exe[448] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00C153D0 .text D:\WINDOWS\system32\services.exe[448] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00C15300 .text D:\WINDOWS\system32\services.exe[448] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C111C0 .text D:\WINDOWS\system32\services.exe[448] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00C11290 .text D:\WINDOWS\system32\services.exe[448] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 00C12570 .text D:\WINDOWS\system32\services.exe[448] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 00C11000 .text D:\WINDOWS\system32\services.exe[448] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 00C110A0 .text D:\WINDOWS\system32\services.exe[448] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 00C12510 .text D:\WINDOWS\system32\services.exe[448] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00C11D10 .text D:\WINDOWS\system32\svchost.exe[616] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00976390 .text D:\WINDOWS\system32\svchost.exe[616] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00976640 .text D:\WINDOWS\system32\svchost.exe[616] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 009753D0 .text D:\WINDOWS\system32\svchost.exe[616] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00975300 .text D:\WINDOWS\system32\svchost.exe[616] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009711C0 .text D:\WINDOWS\system32\svchost.exe[616] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00971290 .text D:\WINDOWS\system32\svchost.exe[616] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 00972570 .text D:\WINDOWS\system32\svchost.exe[616] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 00971000 .text D:\WINDOWS\system32\svchost.exe[616] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 009710A0 .text D:\WINDOWS\system32\svchost.exe[616] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 00972510 .text D:\WINDOWS\system32\svchost.exe[616] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00971D10 .text D:\WINDOWS\system32\svchost.exe[660] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00A56390 .text D:\WINDOWS\system32\svchost.exe[660] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00A56640 .text D:\WINDOWS\system32\svchost.exe[660] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00A553D0 .text D:\WINDOWS\system32\svchost.exe[660] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00A55300 .text D:\WINDOWS\system32\svchost.exe[660] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A511C0 .text D:\WINDOWS\system32\svchost.exe[660] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00A51290 .text D:\WINDOWS\system32\svchost.exe[660] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 00A52570 .text D:\WINDOWS\system32\svchost.exe[660] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 00A51000 .text D:\WINDOWS\system32\svchost.exe[660] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 00A510A0 .text D:\WINDOWS\system32\svchost.exe[660] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 00A52510 .text D:\WINDOWS\system32\svchost.exe[660] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00A51D10 .text D:\WINDOWS\System32\svchost.exe[692] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01956390 .text D:\WINDOWS\System32\svchost.exe[692] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01956640 .text D:\WINDOWS\System32\svchost.exe[692] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 019553D0 .text D:\WINDOWS\System32\svchost.exe[692] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01955300 .text D:\WINDOWS\System32\svchost.exe[692] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 019511C0 .text D:\WINDOWS\System32\svchost.exe[692] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 01951290 .text D:\WINDOWS\System32\svchost.exe[692] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 01952570 .text D:\WINDOWS\System32\svchost.exe[692] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 01951000 .text D:\WINDOWS\System32\svchost.exe[692] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 019510A0 .text D:\WINDOWS\System32\svchost.exe[692] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 01952510 .text D:\WINDOWS\System32\svchost.exe[692] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01951D10 .text D:\Documents and Settings\JA\Pulpit\7ulldu3f.exe[900] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00166390 .text D:\Documents and Settings\JA\Pulpit\7ulldu3f.exe[900] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00166640 .text D:\Documents and Settings\JA\Pulpit\7ulldu3f.exe[900] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 001653D0 .text D:\Documents and Settings\JA\Pulpit\7ulldu3f.exe[900] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00165300 .text D:\Documents and Settings\JA\Pulpit\7ulldu3f.exe[900] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001611C0 .text D:\Documents and Settings\JA\Pulpit\7ulldu3f.exe[900] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00161290 .text D:\Documents and Settings\JA\Pulpit\7ulldu3f.exe[900] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 00162570 .text D:\Documents and Settings\JA\Pulpit\7ulldu3f.exe[900] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 00161000 .text D:\Documents and Settings\JA\Pulpit\7ulldu3f.exe[900] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 001610A0 .text D:\Documents and Settings\JA\Pulpit\7ulldu3f.exe[900] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 00162510 .text D:\Documents and Settings\JA\Pulpit\7ulldu3f.exe[900] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text D:\WINDOWS\Explorer.EXE[948] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01F56390 .text D:\WINDOWS\Explorer.EXE[948] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01F56640 .text D:\WINDOWS\Explorer.EXE[948] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 01F553D0 .text D:\WINDOWS\Explorer.EXE[948] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01F55300 .text D:\WINDOWS\Explorer.EXE[948] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01F511C0 .text D:\WINDOWS\Explorer.EXE[948] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 01F51290 .text D:\WINDOWS\Explorer.EXE[948] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 01F52570 .text D:\WINDOWS\Explorer.EXE[948] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 01F51000 .text D:\WINDOWS\Explorer.EXE[948] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 01F510A0 .text D:\WINDOWS\Explorer.EXE[948] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 01F52510 .text D:\WINDOWS\Explorer.EXE[948] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01F51D10 .text D:\Documents and Settings\JA\Moje dokumenty\LClock\lclock.exe[1088] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00A16390 .text D:\Documents and Settings\JA\Moje dokumenty\LClock\lclock.exe[1088] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00A16640 .text D:\Documents and Settings\JA\Moje dokumenty\LClock\lclock.exe[1088] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00A153D0 .text D:\Documents and Settings\JA\Moje dokumenty\LClock\lclock.exe[1088] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00A15300 .text D:\Documents and Settings\JA\Moje dokumenty\LClock\lclock.exe[1088] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A111C0 .text D:\Documents and Settings\JA\Moje dokumenty\LClock\lclock.exe[1088] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00A11290 .text D:\Documents and Settings\JA\Moje dokumenty\LClock\lclock.exe[1088] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 00A12570 .text D:\Documents and Settings\JA\Moje dokumenty\LClock\lclock.exe[1088] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 00A11000 .text D:\Documents and Settings\JA\Moje dokumenty\LClock\lclock.exe[1088] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 00A110A0 .text D:\Documents and Settings\JA\Moje dokumenty\LClock\lclock.exe[1088] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 00A12510 .text D:\Documents and Settings\JA\Moje dokumenty\LClock\lclock.exe[1088] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00A11D10 ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 82DE11F8 Device \FileSystem\Fastfat \FatCdrom 824641F8 Device \Driver\usbuhci \Device\USBPDO-0 82CEF1F8 Device \Driver\usbuhci \Device\USBPDO-1 82CEF1F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 82D751F8 Device \Driver\dmio \Device\DmControl\DmConfig 82D751F8 Device \Driver\dmio \Device\DmControl\DmPnP 82D751F8 Device \Driver\dmio \Device\DmControl\DmInfo 82D751F8 Device \Driver\usbuhci \Device\USBPDO-2 82CEF1F8 Device \Driver\usbuhci \Device\USBPDO-3 82CEF1F8 Device \Driver\usbehci \Device\USBPDO-4 82CE91F8 Device \Driver\Ftdisk \Device\HarddiskVolume1 82DE31F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 82DE31F8 Device \Driver\Cdrom \Device\CdRom0 82AEF1F8 Device \Driver\Ftdisk \Device\HarddiskVolume3 82DE31F8 Device \Driver\atapi \Device\Ide\IdePort0 82DE21F8 Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 82DE21F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 sfsync02.sys Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 82DE21F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c sfsync02.sys Device \Driver\NetBT \Device\NetBt_Wins_Export 8247E1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{EA3B92CF-3CA9-4886-AD9B-CAF902FD377B} 8247E1F8 Device \Driver\usbuhci \Device\USBFDO-0 82CEF1F8 Device \Driver\usbuhci \Device\USBFDO-1 82CEF1F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 824651F8 Device \Driver\usbuhci \Device\USBFDO-2 82CEF1F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 824651F8 Device \Driver\usbuhci \Device\USBFDO-3 82CEF1F8 Device \Driver\usbehci \Device\USBFDO-4 82CE91F8 Device \Driver\Ftdisk \Device\FtControl 82DE31F8 Device \FileSystem\Fastfat \Fat 824641F8 Device \FileSystem\Cdfs \Cdfs 82AB8500 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys >>UNKNOWN [0x82de21f8]<< 82de21f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82d5b030] 82d5b030 Trace 3 CLASSPNP.SYS[f85a605b] -> nt!IofCallDriver -> \Device\00000077[0x82cbeae8] 82cbeae8 Trace 5 ACPI.sys[f8340620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82d2f1d0] 82d2f1d0 Trace \Driver\atapi[0x82d2fb18] -> IRP_MJ_CREATE -> 0x82de21f8 82de21f8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5E 0x1E 0xAC 0xC1 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5E 0x1E 0xAC 0xC1 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5E 0x1E 0xAC 0xC1 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5E 0x1E 0xAC 0xC1 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5E 0x1E 0xAC 0xC1 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION 215A0FF2860733C1C6A2113B2044AFBBEFB0E30182B95B65E888C42AAB5B99F4E189B0E3914219D0D8C6E0C14CB8D30C86AA4C284E849C43E0F6BF0A3089BDBAB20585F38CB8A55737669A6BE753295ED3C675152B774D9052A95BB832852C083C6DCA0C62CB5CEFB4A8ECCB5688F10A74CF1F27163D927FC2B10A0567CD8A8B8CB6C287226C81E70A860B6B20DF38FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A6A0AC4980AC79338EDD5E5BE2F6E667D319D8A7210FD2C9209674E1E38B34B209A3065AE4FA820E370CD2CBCAD8FC942A68C84A44DB3E3CADBF93F9E16178FD9C3E0C5243E98BA172F1E9781520E21A36234D24DC78A4F72AB19B9513D5B465D28AA39D92478236492B17AFD4522E83DF30540F7D4DF1DC1BF97E0237C8E80870626396DF8D9DCBDA78B77C832069CFC5599F67AE63A40C3B0E808C043F2AC76980359E2BD725267B7FFA70105FB1C436CCC0106AEB4F6C76C33E079F5F9F4DEA075A19EA69F5CDB1CA6520D90C3B6CB71E246E9FB71B276ED52349A676060251F8626D06A5031039C5CD243A414B9380C384EBB1BDC1ABF9E5712E2AF22E17B0BF36075C15CF7B02C2DF19F9C23CCAFE167275F79A13ABA1F5BF93ACEAFB7E4E278FD53C6676E4AFF79B9F5576FB675 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@Fhhehj D:\Documents and Settings\JA\Dane aplikacji\Fhhehj.exe Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@D:\Documents and Settings\JA\Dane aplikacji\Fhhehj.exe Fhhehj Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@d:\Program Files\Microsoft Silverlight\5.1.20913.0\Silverlight.Configuration.exe Microsoft? Silverlight Configuration Utility Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@D:\WINDOWS\system32\SHELL32.dll,-22912 Pokazuje skr?ty do witryn sieci Web, komputer?w sieciowych i witryn FTP. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@D:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_8_800_94_Plugin.exe Adobe? Flash? Player Installer/Uninstaller 11.8 r800 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Inne\Informatyka\Software\Adobe pliki\install_flash_player_32bit.exe Adobe? Flash? Player Installer/Uninstaller 11.2 r202 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@D:\Documents and Settings\JA\Pulpit\FirefoxPortableTest_28.0_Beta_1_Polish.paf.exe Mozilla Firefox, Portable Edition (Beta) Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@D:\Documents and Settings\JA\Pulpit\Restorator2007_Trial_1747.exe Restorator 2007 Trial Setup Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@%SystemRoot%\system32\xpsp1res.dll,-10078 Wybiera programy domy?lne dla pewnych czynno?ci, takich jak przegl?danie sieci Web lub wysy?anie poczty e-mail i okre?la, kt?re programy s? dost?pne w menu Start, na pulpicie i w innych lokalizacjach. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@%SystemRoot%\system32\shell32.dll,-22567 Wy?wietla wykresy wydajno?ci systemu i pozwala konfigurowa? dzienniki danych i alerty. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@%SystemRoot%\system32\shell32.dll,-22535 Zarz?dza dyskami i zapewnia dost?p do innych narz?dzi w celu zarz?dzania lokalnymi i zdalnymi komputerami. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@%SystemRoot%\system32\shell32.dll,-22552 Pozwala wy?wietla? i modyfikowa? zasady zabezpiecze? lokalnych, takie jak prawa u?ytkownik?w i zasady inspekcji. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@%SystemRoot%\system32\shell32.dll,-22537 Pozwala dodawa?, usuwa? i konfigurowa? ?r?d?a danych i sterowniki Open Database Connectivity (ODBC). Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@%SystemRoot%\system32\shell32.dll,-22578 Steruje poziomem g?o?no?ci nagrywanych i odtwarzanych d?wi?k?w. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@%SystemRoot%\system32\shell32.dll,-22539 Defragmentuje woluminy dysku, tak aby komputer dzia?a? szybciej i wydajniej. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@%SystemRoot%\system32\shell32.dll,-22570 U?ywaj Harmonogramu zada? do planowania automatycznego uruchamiania zada? na komputerze. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@%systemroot%\system32\hnetwiz.dll,-3086 Pomaga skonfigurowa? sie? na potrzeby domu lub ma?ej firmy. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@%systemroot%\system32\netshell.dll,-1011 Pomaga skonfigurowa? po??czenie internetowe, po??czy? si? z sieci? prywatn? lub skonfigurowa? sie? w domu lub ma?ej firmie. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@%SystemRoot%\system32\xpsp2res.dll,-16202 Konfiguruj sie? bezprzewodow? w domu lub w biurze. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@D:\WINDOWS\system32\mstsc.exe,-4001 Po??cz si? z pulpitem komputera z lokalizacji zdalnej i uruchamiaj aplikacje, jakby dzia?o si? to przy jego konsoli. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@%systemroot%\system32\netshell.dll,-1201 ??czy z innymi komputerami, sieciami i Internetem. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@%systemroot%\system32\rcbdyctl.dll,-151 Pozwala zaprosi? przyjaciela, aby po??czy? si? z tym komputerem i udzieli? pomocy w rozwi?zywaniu problem?w. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@%SystemRoot%\system32\shell32.dll,-22579 Wy?wietla pliki i foldery znajduj?ce si? na komputerze. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@%SystemRoot%\system32\shell32.dll,-22563 Pozwala tworzy? i edytowa? pliki tekstowe o prostym formatowaniu tekstu. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@%SystemRoot%\system32\shell32.dll,-22534 Wykonuje funkcje tekstowe (wiersza polecenia). Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@D:\Documents and Settings\JA\Pulpit\7ulldu3f.exe 7ulldu3f ---- Files - GMER 2.1 ---- File D:\Documents and Settings\JA\Dane aplikacji\Fhhehj.exe 171197 bytes executable File D:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Xenocode\Sandbox\LdR_Alcohol_r.exe\2.0.1.2033\2010.09.18T21.28\Virtual\SXS\Alcohol Soft Development Team@1.0.0.\Alcohol Soft Development Team.manifest 588 bytes File D:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Xenocode\Sandbox\LdR_Alcohol_r.exe\2.0.1.2033\2010.09.18T21.28\Virtual\SXS\Alcohol Soft Development Team@1.0.0.\Alcohol Soft Development Team@1.0.0..manifest 588 bytes File D:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Xenocode\Sandbox\LdR_Alcohol_r.exe\2.0.1.2033\2010.09.18T21.28\Virtual\SXS\Alcohol Soft Development Team@1.9.7.\Alcohol Soft Development Team.manifest 588 bytes File D:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Xenocode\Sandbox\LdR_Alcohol_r.exe\2.0.1.2033\2010.09.18T21.28\Virtual\SXS\Alcohol Soft Development Team@1.9.7.\Alcohol Soft Development Team@1.9.7..manifest 588 bytes File D:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Xenocode\Sandbox\LdR_Alcohol_r.exe\2.0.1.2033\2010.09.18T21.28\Virtual\SXS\Alcohol Soft Development Team@1.9.9.\Alcohol Soft Development Team.manifest 588 bytes File D:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Xenocode\Sandbox\LdR_Alcohol_r.exe\2.0.1.2033\2010.09.18T21.28\Virtual\SXS\Alcohol Soft Development Team@1.9.9.\Alcohol Soft Development Team@1.9.9..manifest 588 bytes ---- EOF - GMER 2.1 ----