GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-11-28 14:29:46 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD5000AAKS-65A7B0 rev.01.03B01 465,76GB Running: fzq42njj.exe; Driver: C:\Users\KOMP\AppData\Local\Temp\aftcaaoc.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwAdjustPrivilegesToken [0x8CF090A0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwAlpcConnectPort [0x8CF09020] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwAlpcSendWaitReceivePort [0x8CF09030] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwConnectPort [0x8CF09050] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateSection [0x8CF09000] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateSymbolicLinkObject [0x8CF09410] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateThread [0x8CF09100] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateThreadEx [0x8CF09040] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwDebugActiveProcess [0x8CF09140] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwDeviceIoControlFile [0x8CF091E0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwDuplicateObject [0x8CF09170] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwLoadDriver [0x8CF09150] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwMapViewOfSection [0x8CF09180] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwOpenProcess [0x8CF09080] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwOpenSection [0x8CF09070] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwOpenThread [0x8CF09090] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwPlugPlayControl [0x8CF09430] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwProtectVirtualMemory [0x8CF090C0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwQueryIntervalProfile [0x8CF09490] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwQueueApcThread [0x8CF09120] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwRequestWaitReplyPort [0x8CF091D0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwResumeThread [0x8CF091A0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSecureConnectPort [0x8CF09060] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetContextThread [0x8CF09110] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetInformationObject [0x8CF090B0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetInformationToken [0x8CF09010] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetSystemInformation [0x8CF09160] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSuspendProcess [0x8CF091C0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSuspendThread [0x8CF091B0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSystemDebugControl [0x8CF09130] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwTerminateProcess [0x8CF090D0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwTerminateThread [0x8CF090E0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwUnmapViewOfSection [0x8CF09190] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwWriteVirtualMemory [0x8CF090F0] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackTransaction + 13F9 82E56829 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E7B132 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 230 82E82910 4 Bytes [A0, 90, F0, 8C] .text ntkrnlpa.exe!RtlSidHashLookup + 258 82E82938 4 Bytes [20, 90, F0, 8C] .text ntkrnlpa.exe!RtlSidHashLookup + 29C 82E8297C 4 Bytes [30, 90, F0, 8C] .text ntkrnlpa.exe!RtlSidHashLookup + 2EC 82E829CC 4 Bytes [50, 90, F0, 8C] .text ntkrnlpa.exe!RtlSidHashLookup + 350 82E82A30 4 Bytes [00, 90, F0, 8C] .text ... ? system32\drivers\FD1EFDEB.sys System nie może odnaleźć określonej ścieżki. ! .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x8912BCF2] ? C:\Windows\System32\Drivers\awx8u9ia.SYS suspicious PE modification ? C:\Windows\System32\Drivers\a81o8ve6.SYS suspicious PE modification .text C:\Program Files\DAEMON Tools Lite\Engine.dll section is writeable [0x76EC1000, 0xB5772, 0xE0000020] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtCreateFile + 6 772B46B6 4 Bytes [28, 00, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtCreateFile + B 772B46BB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtCreateKey + 6 772B46F6 4 Bytes [68, 01, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtCreateKey + B 772B46FB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtCreateMutant + 6 772B4736 4 Bytes [68, 02, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtCreateMutant + B 772B473B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtCreateSection + 6 772B47D6 4 Bytes [A8, 02, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtCreateSection + B 772B47DB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtMapViewOfSection + B 772B4D1B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtOpenFile + 6 772B4DC6 4 Bytes [68, 00, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtOpenFile + B 772B4DCB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtOpenKey + 6 772B4DF6 4 Bytes [A8, 01, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtOpenKey + B 772B4DFB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtOpenKeyEx + B 772B4E0B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtOpenMutant + 6 772B4E46 4 Bytes [28, 02, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtOpenMutant + B 772B4E4B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtOpenProcess + 6 772B4E76 1 Byte [68] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtOpenProcess + 6 772B4E76 4 Bytes [68, 03, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtOpenProcess + B 772B4E7B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtOpenProcessToken + 6 772B4E86 1 Byte [A8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtOpenProcessToken + 6 772B4E86 4 Bytes [A8, 03, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtOpenProcessToken + B 772B4E8B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtOpenProcessTokenEx + 6 772B4E96 4 Bytes [68, 04, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtOpenProcessTokenEx + B 772B4E9B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtOpenSection + B 772B4EBB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtOpenThread + 6 772B4EF6 1 Byte [28] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtOpenThread + 6 772B4EF6 4 Bytes [28, 03, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtOpenThread + B 772B4EFB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtOpenThreadToken + 6 772B4F06 4 Bytes [28, 04, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtOpenThreadToken + B 772B4F0B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtOpenThreadTokenEx + 6 772B4F16 4 Bytes [A8, 04, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtOpenThreadTokenEx + B 772B4F1B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtQueryAttributesFile + 6 772B5026 4 Bytes [A8, 00, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtQueryAttributesFile + B 772B502B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtQueryFullAttributesFile + B 772B50DB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtSetInformationFile + 6 772B5726 4 Bytes [28, 01, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtSetInformationFile + B 772B572B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtSetInformationThread + 6 772B5786 1 Byte [E8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtSetInformationThread + B 772B578B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtUnmapViewOfSection + 6 772B5AA6 4 Bytes [28, 05, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ntdll.dll!NtUnmapViewOfSection + B 772B5AAB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] kernel32.dll!CreateProcessW 75EB202D 5 Bytes JMP 00180030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] kernel32.dll!CreateProcessA 75EB2062 5 Bytes JMP 00180070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!SelectObject 762D61D0 5 Bytes JMP 003705F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!SetTextColor 762D6622 5 Bytes JMP 00370A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!SetBkMode 762D66CD 5 Bytes JMP 003708F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!DeleteObject 762D68B4 5 Bytes JMP 003701B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!DeleteDC 762D6A2C 5 Bytes JMP 00370170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!ExtSelectClipRgn 762D6C72 5 Bytes JMP 003702F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!SelectClipRgn 762D6D84 5 Bytes JMP 003705B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!GetDeviceCaps 762D6E03 5 Bytes JMP 003703B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!SetStretchBltMode 762D73CE 5 Bytes JMP 003706B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!GetCurrentObject 762D777C 5 Bytes JMP 00370370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!GetTextMetricsW 762D798F 5 Bytes JMP 00370E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!IntersectClipRect 762D7CCA 5 Bytes JMP 003703F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!GetTextAlign 762D7D15 5 Bytes JMP 00370D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!SetTextAlign 762D7F92 5 Bytes JMP 003709F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!ExtTextOutW 762D8053 5 Bytes JMP 00370970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!GetClipBox 762D81F2 5 Bytes JMP 00370330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!MoveToEx 762D8A16 5 Bytes JMP 00370470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!CreateDCA 762D9975 5 Bytes JMP 003700B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!RestoreDC 762D9A10 5 Bytes JMP 00370530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!SaveDC 762D9AD2 5 Bytes JMP 00370570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!StretchDIBits 762DAC38 5 Bytes JMP 00370770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!GetTextFaceW 762DB4CC 5 Bytes JMP 00370D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!GetTextExtentPoint32W 762DB535 5 Bytes JMP 00370670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!GetFontData 762DB8E8 5 Bytes JMP 00370C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!CreateDCW 762DBD21 5 Bytes JMP 003700F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!CreateICW 762DC660 5 Bytes JMP 00370130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!LineTo 762DCA20 5 Bytes JMP 00370430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!SetWorldTransform 762DCB42 5 Bytes JMP 003706F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!GetTextMetricsA 762DCE46 5 Bytes JMP 00370DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!Rectangle 762DF5BE 5 Bytes JMP 003709B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!SetICMMode 762DF8D4 5 Bytes JMP 00370DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!ExtTextOutA 762E0158 5 Bytes JMP 00370930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!GetTextExtentPoint32A 762E08BB 5 Bytes JMP 00370630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!Escape 762E0B0D 5 Bytes JMP 00370270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!ExtEscape 762E3472 5 Bytes JMP 003702B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!GetTextFaceA 762E3E49 5 Bytes JMP 00370CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!SetPolyFillMode 762E6CE1 5 Bytes JMP 00370B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!SetMiterLimit 762E6E54 5 Bytes JMP 00370B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!ResetDCW 762F031C 5 Bytes JMP 00370AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!EndPage 762F07CD 5 Bytes JMP 00370230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!GetGlyphOutlineW 762FC292 5 Bytes JMP 00370CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!CreateScalableFontResourceW 762FE8EF 5 Bytes JMP 00370BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!AddFontResourceW 762FECEB 5 Bytes JMP 00370BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!RemoveFontResourceW 762FF1E1 5 Bytes JMP 00370C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!AbortDoc 76304D37 5 Bytes JMP 00370030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!EndDoc 7630517E 5 Bytes JMP 003701F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!StartPage 76305269 5 Bytes JMP 00370730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!StartDocW 76305BB6 5 Bytes JMP 003707F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!BeginPath 7630635D 5 Bytes JMP 00370830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!SelectClipPath 763063B4 5 Bytes JMP 00370AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!CloseFigure 7630640F 5 Bytes JMP 00370070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!EndPath 76306466 5 Bytes JMP 00370A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!StrokePath 76306699 5 Bytes JMP 003707B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!FillPath 76306726 5 Bytes JMP 00370870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!PolylineTo 76306B94 5 Bytes JMP 003704F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!PolyBezierTo 76306C25 5 Bytes JMP 003704B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] GDI32.dll!PolyDraw 76306CD7 5 Bytes JMP 003708B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] USER32.dll!ActivateKeyboardLayout 75BF817D 5 Bytes JMP 003804F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] USER32.dll!ScreenToClient 75BFC1F2 7 Bytes JMP 00380670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] USER32.dll!RegisterClipboardFormatA 75BFE6B1 5 Bytes JMP 003802F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] USER32.dll!RegisterClipboardFormatW 75BFEDFD 5 Bytes JMP 003802B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] USER32.dll!SetCursor 75C052EA 5 Bytes JMP 00380530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] USER32.dll!MonitorFromWindow 75C0590A 7 Bytes JMP 00380630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] USER32.dll!PostMessageW 75C06225 5 Bytes JMP 003805F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] USER32.dll!IsWindowVisible 75C06939 7 Bytes JMP 003806B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] USER32.dll!GetClientRect 75C074B1 7 Bytes JMP 003805B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] USER32.dll!MapWindowPoints 75C07915 5 Bytes JMP 00380570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] USER32.dll!GetParent 75C07AB3 7 Bytes JMP 003806F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] USER32.dll!SetClipboardData 75C14979 5 Bytes JMP 00380170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] USER32.dll!EmptyClipboard 75C14A28 5 Bytes JMP 00380130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] USER32.dll!GetClipboardData 75C14B47 5 Bytes JMP 00380030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] USER32.dll!EnumClipboardFormats 75C14D98 5 Bytes JMP 003801B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] USER32.dll!GetClipboardFormatNameW 75C17EB2 5 Bytes JMP 00380230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] USER32.dll!SetClipboardViewer 75C18F4D 5 Bytes JMP 003804B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] USER32.dll!GetClipboardFormatNameA 75C18F61 5 Bytes JMP 00380270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] USER32.dll!GetOpenClipboardWindow 75C1902F 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] USER32.dll!GetOpenClipboardWindow 75C1902F 5 Bytes JMP 003803F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] USER32.dll!ChangeClipboardChain 75C23425 5 Bytes JMP 00380430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] USER32.dll!GetTopWindow 75C23A5D 7 Bytes JMP 00380730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] USER32.dll!CloseClipboard 75C25BA7 5 Bytes JMP 003800B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] USER32.dll!OpenClipboard 75C25BB9 5 Bytes JMP 00380070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] USER32.dll!IsClipboardFormatAvailable 75C25C3A 5 Bytes JMP 003800F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] USER32.dll!GetClipboardSequenceNumber 75C25C4E 5 Bytes JMP 00380330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] USER32.dll!GetClipboardOwner 75C25C60 5 Bytes JMP 00380370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] USER32.dll!CountClipboardFormats 75C25DC9 5 Bytes JMP 003801F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] USER32.dll!SetCursorPos 75C3C1D8 5 Bytes JMP 00380770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] USER32.dll!GetClipboardViewer 75C54B57 5 Bytes JMP 00380470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] USER32.dll!GetPriorityClipboardFormat 75C54C59 5 Bytes JMP 003803B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ole32.dll!OleSetClipboard 75D1F2FE 5 Bytes JMP 00390030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ole32.dll!OleIsCurrentClipboard 75D22489 5 Bytes JMP 00390070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[1096] ole32.dll!OleGetClipboard 75D4F825 5 Bytes JMP 003900B0 ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe[1968] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe[1968] ntdll.dll!NtProtectVirtualMemory 772B5000 5 Bytes JMP 71B42DD0 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\ushata.dll ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe[1968] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe[1968] USER32.dll!NotifyWinEvent + 38F 75C0F628 4 Bytes [10, 3D, B4, 71] .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe[1968] USER32.dll!NotifyWinEvent + 48B 75C0F724 4 Bytes [C0, 3C, B4, 71] {SAR BYTE [ESP+ESI*4], 0x71} ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe[2892] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe[2892] C:\Windows\system32\user32.dll time/date stamp mismatch; unknown module: CFGMGR32.dllunknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe[2892] user32.dll!DeviceEventWorker + BC 75BF166F 5 Bytes JMP 71B44670 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\ushata.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe[2892] user32.dll!GetUserObjectInformationA + 697 75BF7B12 5 Bytes JMP 71B44AE0 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\ushata.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe[2892] user32.dll!NotifyWinEvent + 38F 75C0F628 4 Bytes [10, 3D, B4, 71] .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe[2892] user32.dll!NotifyWinEvent + 48B 75C0F724 4 Bytes [C0, 3C, B4, 71] {SAR BYTE [ESP+ESI*4], 0x71} .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe[2892] user32.dll!SetWindowsHookExA + 21 75C26E1B 5 Bytes JMP 71B44A60 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\ushata.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe[2892] user32.dll!SendMessageTimeoutA + 2A 75C26EC1 5 Bytes JMP 71B445E0 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\ushata.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe[2892] user32.dll!GetRawInputDeviceInfoW + 10 75C3CA3E 5 Bytes JMP 71B448B0 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\ushata.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe[2892] user32.dll!GetRawInputDeviceInfoA + E7 75C53CE0 5 Bytes JMP 71B44820 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\ushata.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3572] USER32.dll!GetWindowInfo 75C06A82 5 Bytes JMP 645CBB64 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3572] USER32.dll!MenuItemFromPoint + F 75C24B36 7 Bytes JMP 645C52C7 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4044] ntdll.dll!NtCreateFile 772B46B0 5 Bytes JMP 6435C6E0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4044] ntdll.dll!NtFlushBuffersFile 772B4A40 5 Bytes JMP 6405D3A3 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4044] ntdll.dll!NtQueryFullAttributesFile 772B50D0 5 Bytes JMP 6405D620 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4044] ntdll.dll!NtReadFile 772B53A0 5 Bytes JMP 6405D400 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4044] ntdll.dll!NtReadFileScatter 772B53B0 5 Bytes JMP 64C86F6A C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4044] ntdll.dll!NtWriteFile 772B5B50 5 Bytes JMP 6435D5B0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4044] ntdll.dll!NtWriteFileGather 772B5B60 5 Bytes JMP 64C86F19 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4044] ntdll.dll!LdrLoadDll 772CF425 5 Bytes JMP 670A1F43 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4044] kernel32.dll!K32GetDeviceDriverBaseNameW + 16F 75EFC0A7 7 Bytes JMP 64BEEAD2 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4044] kernel32.dll!CloseHandle + 38 75F005CF 7 Bytes JMP 64BEEAF5 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4044] kernel32.dll!GetExitCodeProcess + 2C 75F0311D 7 Bytes JMP 6435913E C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4044] USER32.dll!GetWindowInfo 75C06A82 5 Bytes JMP 64AF5F20 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4044] GDI32.dll!GetViewportOrgEx + 21C 762D85EB 7 Bytes JMP 64BEEA53 C:\Program Files\Mozilla Firefox\xul.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 8546F1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{99FEC47E-3078-416A-89FE-95DB532795E8} 86573440 Device \Driver\usbuhci \Device\USBPDO-0 867881F8 Device \Driver\usbuhci \Device\USBPDO-1 867881F8 Device \Driver\usbuhci \Device\USBPDO-2 867881F8 Device \Driver\usbuhci \Device\USBPDO-3 867881F8 Device \Driver\usbehci \Device\USBPDO-4 86793440 AttachedDevice \Driver\tdx \Device\Tcp kltdi.sys Device \Driver\cdrom \Device\CdRom0 864971F8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 8546C1F8 Device \Driver\atapi \Device\Ide\IdePort0 8546C1F8 Device \Driver\atapi \Device\Ide\IdePort1 8546C1F8 Device \Driver\atapi \Device\Ide\IdePort2 8546C1F8 Device \Driver\atapi \Device\Ide\IdePort3 8546C1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-3 8546C1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-7 8546C1F8 Device \Driver\cdrom \Device\CdRom1 864971F8 Device \Driver\cdrom \Device\CdRom2 864971F8 Device \Driver\USBSTOR \Device\00000074 864A61F8 Device \Driver\USBSTOR \Device\00000075 864A61F8 Device \Driver\USBSTOR \Device\00000076 864A61F8 Device \Driver\USBSTOR \Device\00000077 864A61F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 86573440 Device \Driver\USBSTOR \Device\00000078 864A61F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{7C98939A-718A-4E88-A9B3-48D6FE7A1894} 86573440 Device \Driver\PCI_PNP0422 \Device\0000005a sptd.sys Device \Driver\PCI_PNP0422 \Device\0000005b sptd.sys AttachedDevice \Driver\tdx \Device\Udp kltdi.sys AttachedDevice \Driver\tdx \Device\RawIp kltdi.sys Device \Driver\usbuhci \Device\USBFDO-0 867881F8 Device \Driver\usbuhci \Device\USBFDO-1 867881F8 Device \Driver\usbuhci \Device\USBFDO-2 867881F8 Device \Driver\usbuhci \Device\USBFDO-3 867881F8 Device \Driver\usbehci \Device\USBFDO-4 86793440 Device \Driver\NetBT \Device\NetBT_Tcpip_{B8E3AF25-7084-4BF2-89DB-84A7AC36A521} 86573440 Device \Driver\a81o8ve6 \Device\Scsi\a81o8ve61Port5Path0Target0Lun0 867EC1F8 Device \Driver\awx8u9ia \Device\Scsi\awx8u9ia1Port4Path0Target0Lun0 8684D1F8 Device \Driver\awx8u9ia \Device\Scsi\awx8u9ia1 8684D1F8 Device \Driver\a81o8ve6 \Device\Scsi\a81o8ve61 867EC1F8 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8546c1f8]<< 8546c1f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x862f8460] 862f8460 Trace 3 CLASSPNP.SYS[89bb259e] -> nt!IofCallDriver -> [0x861a5918] 861a5918 Trace 5 ACPI.sys[8973c3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x861ab030] 861ab030 Trace \Driver\atapi[0x86194318] -> IRP_MJ_CREATE -> 0x8546c1f8 8546c1f8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x1E 0x22 0xD5 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0F 0x01 0x1B 0xD5 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x73 0xB4 0xFE 0x97 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x01 0x80 0x35 0x60 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4A 0xC4 0x95 0x57 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3B 0xFD 0x52 0xC0 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x1E 0x22 0xD5 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0F 0x01 0x1B 0xD5 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x73 0xB4 0xFE 0x97 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x01 0x80 0x35 0x60 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4A 0xC4 0x95 0x57 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3B 0xFD 0x52 0xC0 ... ---- EOF - GMER 2.1 ----