GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-09-25 21:24:26 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0005 465,76GB Running: s7yyu5jn.exe; Driver: C:\Users\Waldek\AppData\Local\Temp\ufdoypob.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff960001e8d00 15 bytes [00, 2E, F7, 01, 80, FC, 6F, ...] .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff960001e8d10 11 bytes [00, F8, FB, FF, 00, 09, C3, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Windows Defender\MsMpEng.exe[1724] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffcc075169a 4 bytes [75, C0, FC, 7F] .text C:\Program Files\Windows Defender\MsMpEng.exe[1724] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffcc07516a2 4 bytes [75, C0, FC, 7F] .text C:\Program Files\Windows Defender\MsMpEng.exe[1724] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffcc075181a 4 bytes [75, C0, FC, 7F] .text C:\Program Files\Windows Defender\MsMpEng.exe[1724] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffcc0751832 4 bytes [75, C0, FC, 7F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3220] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffcc075169a 4 bytes [75, C0, FC, 7F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3220] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffcc07516a2 4 bytes [75, C0, FC, 7F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3220] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffcc075181a 4 bytes [75, C0, FC, 7F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3220] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffcc0751832 4 bytes [75, C0, FC, 7F] .text C:\Windows\System32\igfxpers.exe[5204] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffcc075169a 4 bytes [75, C0, FC, 7F] .text C:\Windows\System32\igfxpers.exe[5204] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffcc07516a2 4 bytes [75, C0, FC, 7F] .text C:\Windows\System32\igfxpers.exe[5204] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffcc075181a 4 bytes [75, C0, FC, 7F] .text C:\Windows\System32\igfxpers.exe[5204] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffcc0751832 4 bytes [75, C0, FC, 7F] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5372] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffcc075169a 4 bytes [75, C0, FC, 7F] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5372] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffcc07516a2 4 bytes [75, C0, FC, 7F] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5372] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffcc075181a 4 bytes [75, C0, FC, 7F] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5372] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffcc0751832 4 bytes [75, C0, FC, 7F] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1988] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffcc075169a 4 bytes [75, C0, FC, 7F] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1988] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffcc07516a2 4 bytes [75, C0, FC, 7F] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1988] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffcc075181a 4 bytes [75, C0, FC, 7F] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1988] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffcc0751832 4 bytes [75, C0, FC, 7F] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [524:552] fffff960008e7b90 ---- Services - GMER 2.1 ---- Service System32\drivers\dtsoftbus01.sys (*** hidden *** ) [SYSTEM] dtsoftbus01 <-- ROOTKIT !!! ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 32556956 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01@Tag 72 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01@ImagePath \SystemRoot\System32\drivers\dtsoftbus01.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01@DisplayName @oem16.inf,%DTSoftBus.SVCDESC%;DAEMON Tools Virtual Bus Driver Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01@Group SCSI Miniport Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01@Owners oem16.inf? Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01@mask 0x26 0xF7 0x3F 0x83 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01@AdapterStatus 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01@client 0x41 0x3B 0x13 0x40 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit0 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit0@data 0xDF 0x69 0xC4 0xE5 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit1 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit1@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit10 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit10@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit100 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit100@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit101 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit101@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit102 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit102@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit103 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit103@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit104 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit104@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit105 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit105@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit106 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit106@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit107 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit107@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit108 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit108@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit109 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit109@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit11 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit11@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit110 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit110@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit111 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit111@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit112 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit112@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit113 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit113@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit114 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit114@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit115 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit115@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit116 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit116@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit117 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit117@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit118 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit118@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit119 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit119@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit12 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit12@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit120 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit120@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit121 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit121@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit122 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit122@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit123 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit123@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit124 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit124@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit125 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit125@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit126 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit126@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit13 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit13@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit14 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit14@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit15 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit15@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit16 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit16@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit17 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit17@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit18 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit18@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit19 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit19@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit2 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit2@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit20 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit20@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit21 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit21@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit22 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit22@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit23 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit23@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit24 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit24@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit25 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit25@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit26 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit26@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit27 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit27@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit28 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit28@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit29 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit29@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit3 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit3@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit30 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit30@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit31 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit31@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit32 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit32@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit33 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit33@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit34 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit34@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit35 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit35@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit36 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit36@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit37 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit37@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit38 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit38@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit39 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit39@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit4 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit4@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit40 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit40@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit41 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit41@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit42 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit42@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit43 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit43@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit44 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit44@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit45 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit45@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit46 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit46@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit47 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit47@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit48 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit48@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit49 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit49@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit5 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit5@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit50 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit50@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit51 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit51@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit52 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit52@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit53 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit53@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit54 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit54@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit55 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit55@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit56 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit56@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit57 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit57@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit58 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit58@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit59 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit59@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit6 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit6@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit60 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit60@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit61 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit61@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit62 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit62@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit63 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit63@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit64 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit64@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit65 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit65@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit66 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit66@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit67 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit67@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit68 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit68@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit69 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit69@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit7 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit7@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit70 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit70@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit71 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit71@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit72 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit72@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit73 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit73@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit74 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit74@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit75 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit75@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit76 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit76@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit77 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit77@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit78 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit78@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit79 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit79@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit8 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit8@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit80 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit80@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit81 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit81@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit82 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit82@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit83 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit83@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit84 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit84@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit85 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit85@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit86 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit86@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit87 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit87@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit88 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit88@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit89 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit89@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit9 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit9@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit90 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit90@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit91 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit91@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit92 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit92@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit93 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit93@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit94 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit94@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit95 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit95@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit96 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit96@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit97 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit97@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit98 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit98@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit99 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit99@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\00-12-2a-d6-eb-21@ClientLocalPort 60848 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\00-12-2a-d6-eb-21@AddressCreationTimestamp 0xD9 0xB0 0x34 0x0A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\00-12-2a-d6-eb-21@TeredoAddress 2001:0:9d38:90d7:204b:124f:a832:b5ed Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 13149 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 6855 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile@EnableFirewall 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile@EnableFirewall 1 Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{7a940e83-0683-11e4-803c-ec9a743cf7ca} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{7a940e83-0683-11e4-803c-ec9a743cf7ca}@Drive Type 1048593 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{7a940e83-0683-11e4-803c-ec9a743cf7ca}@IsImapiDataBurnSupported 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo\Volume{7a940e83-0683-11e4-803c-ec9a743cf7ca}@Active 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband@FavoritesChanges 128 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0xD0 0x3E 0xD0 0x09 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@DAEMON Tools Lite "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\SHC@0 C:\Users\Waldek\AppData\Roaming\Microsoft\Windows\Start Menu\Pobierz system Windows.lnk?C:\Users\Waldek\AppData\Local\Microsoft\WebSetup\Sources\WebSetup.exe?/late elevate? Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\SHC@1 C:\Users\Waldek\AppData\Roaming\Microsoft\Windows\Start Menu\Pobierz system Windows.lnk?C:\Users\Waldek\AppData\Local\Microsoft\WebSetup\Sources\WebSetup.exe?/late elevate? Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\SHC@2 C:\Users\Waldek\AppData\Roaming\Microsoft\Windows\Start Menu\Zainstaluj system Windows.lnk?C:\Users\Waldek\AppData\Local\Microsoft\WebSetup\Sources\WebSetup.exe?/late elevate? Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\SHC@3 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk?C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe?? ---- Files - GMER 2.1 ---- File C:\Users\Waldek\AppData\Local\Microsoft\Windows\Explorer\TileCacheLogo-1018234_100.dat 716800 bytes ---- EOF - GMER 2.1 ----