GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-10-04 21:53:44 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4 SAMSUNG_HD501LJ rev.CR100-12 465,76GB Running: pctegmzx.exe; Driver: C:\Users\Szef\AppData\Local\Temp\aftcraob.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xCA421AD6] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0xCA4DE83C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xCA4225B4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xCA42E6B8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xCA42E704] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xCA42E89E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xCA42E626] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0xCA4DEC16] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xCA42E66E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0xCA4DEEA6] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0xCA4DEF90] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xCA42E858] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xCA4233A2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xCA421B3C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwDuplicateObject [0xCA4DF094] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0xCA4DE914] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwLoadDriver [0xCA4DBAA4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xCA4DECF6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xCA421BA2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xCA426FE8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xCA423EE6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xCA42E6E2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xCA42E726] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xCA42E8C2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xCA42E64C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xCA4264EA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xCA42E7D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xCA42E696] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xCA4268D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xCA42E87C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xCA4DEA94] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xCA423CFE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0xCA423A0C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xCA421C08] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xCA421C6E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0xCA4DEDF2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xCA4217C2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xCA421994] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xCA421922] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xCA42356C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xCA4236CE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xCA421A1C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0xCA4DEB62] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xCA4231FC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0xCA4DBAD4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xCA421CD4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0xCA4DE9C6] INT 0x51 ? BD8F0558 INT 0x52 ? BD2807D8 INT 0x62 ? BC991058 INT 0x71 ? BD8F07D8 INT 0x72 ? BC991558 INT 0x82 ? BD280CD8 INT 0x92 ? BC99A7D8 INT 0xA2 ? BD280A58 INT 0xB1 ? BC99ACD8 INT 0xB2 ? BC991A58 ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwReplaceKey + 1525 E2E92B55 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 E2ECCBB2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB E2ED3FB0 4 Bytes [D6, 1A, 42, CA] {SALC ; SBB AL, [EDX-0x36]} .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 E2ED3FD8 4 Bytes CALL E2DE0A2A .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 E2ED4038 4 Bytes [B4, 25, 42, CA] .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 E2ED408C 8 Bytes [B8, E6, 42, CA, 04, E7, 42, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 E2ED4098 4 Bytes CALL 8D3F0ADF .text ... .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0xC136D774] .vmp2 C:\Windows\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0xCC59469D] .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xCC59D300, 0x3B6D8, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xCC5E0300, 0x1BEE, 0xE8000020] ? \Program Files\Alcohol Soft\Alcohol 120\Alcoholx.dll System nie może odnaleźć określonej ścieżki. ! ? \Program Files\DAEMON Tools Lite\Engine.dll System nie może odnaleźć określonej ścieżki. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1352] kernel32.dll!SetUnhandledExceptionFilter 7548F5FB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3528] kernel32.dll!SetUnhandledExceptionFilter 7548F5FB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs BBC5D1F8 AttachedDevice \FileSystem\Ntfs \Ntfs AFPAnsi.sys AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 NBVolUp.sys AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 NBVolUp.sys Device \Driver\usbuhci \Device\USBPDO-0 BCEE81F8 Device \Driver\usbuhci \Device\USBPDO-1 BCEE81F8 Device \Driver\usbuhci \Device\USBPDO-2 BCEE81F8 Device \Driver\usbehci \Device\USBPDO-3 BCEC8440 Device \Driver\usbuhci \Device\USBPDO-4 BCEE81F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{7C48A9C6-D795-4397-86B1-39F4E4A2B96D} BCE5C1F8 Device \Driver\usbuhci \Device\USBPDO-5 BCEE81F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{6F468DF3-9FC6-4D52-8807-B755750CA70A} BCE5C1F8 Device \Driver\usbuhci \Device\USBPDO-6 BCEE81F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 NBVol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 NBVolUp.sys Device \Driver\usbehci \Device\USBPDO-7 BCEC8440 AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 NBVol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 NBVolUp.sys Device \Driver\cdrom \Device\CdRom0 BCE2A1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 BBC5B1F8 Device \Driver\atapi \Device\Ide\IdePort0 BBC5B1F8 Device \Driver\atapi \Device\Ide\IdePort1 BBC5B1F8 Device \Driver\atapi \Device\Ide\IdePort2 BBC5B1F8 Device \Driver\atapi \Device\Ide\IdePort3 BBC5B1F8 Device \Driver\atapi \Device\Ide\IdePort4 BBC5B1F8 Device \Driver\atapi \Device\Ide\IdePort5 BBC5B1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-4 BBC5B1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 NBVol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 NBVolUp.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 NBVol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 NBVolUp.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 NBVol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 NBVolUp.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 NBVol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 NBVolUp.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 NBVol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 NBVolUp.sys Device \Driver\NetBT \Device\NetBt_Wins_Export BCE5C1F8 Device \Driver\USBSTOR \Device\00000084 BCCE01F8 Device \Driver\USBSTOR \Device\00000085 BCCE01F8 Device \Driver\USBSTOR \Device\00000086 BCCE01F8 Device \Driver\USBSTOR \Device\00000087 BCCE01F8 Device \Driver\USBSTOR \Device\00000088 BCCE01F8 Device \Driver\usbuhci \Device\USBFDO-0 BCEE81F8 Device \Driver\usbuhci \Device\USBFDO-1 BCEE81F8 Device \Driver\usbuhci \Device\USBFDO-2 BCEE81F8 Device \Driver\usbehci \Device\USBFDO-3 BCEC8440 Device \Driver\usbuhci \Device\USBFDO-4 BCEE81F8 Device \Driver\usbuhci \Device\USBFDO-5 BCEE81F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{97CAEDFD-707E-4B2E-88A2-86625625E93A} BCE5C1F8 Device \Driver\usbuhci \Device\USBFDO-6 BCEE81F8 Device \Driver\usbehci \Device\USBFDO-7 BCEC8440 Device \FileSystem\cdfs \Cdfs BBD571F8 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0xbbc5b1f8]<< bbc5b1f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xbcb08880] bcb08880 Trace 3 CLASSPNP.SYS[c1a8559e] -> nt!IofCallDriver -> [0xbc98df08] bc98df08 Trace 5 ACPI.sys[c13923d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0xbc9c6030] bc9c6030 Trace \Driver\atapi[0xbc997610] -> IRP_MJ_CREATE -> 0xbbc5b1f8 bbc5b1f8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0B 0x9D 0x81 0x10 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x77 0x0D 0x59 0x01 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4A 0xF2 0x24 0xD8 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x32 0xD1 0x32 0x62 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xCA 0x01 0x95 0x3B ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x43 0xBB 0x3A 0x07 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF0 0xA8 0xD4 0xB6 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA9 0x68 0xF3 0xBC ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0xB7 0x25 0xAD 0x22 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\sdiagnhost.exe 0x30 0x98 0xBC 0xD7 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe 0x21 0x4F 0x91 0xDB ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe 0xCA 0x1C 0x4C 0xFF ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\CdRom1\LANLauncher.exe 0xA9 0x90 0x88 0x22 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\Intel 32\IDriver.exe 0xFA 0x4C 0x61 0xB9 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\ehome\RegisterMCEApp.exe 0x9E 0x29 0xFB 0xF8 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Users\Szef\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe 0x31 0x8F 0x81 0x53 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume2\Program Files\Tropico 5\language.changer.exe 0xFF 0x15 0xF8 0x0B ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Users\Szef\Downloads\kalypsotropico5hotfix\KalypsoTropico5Hotfix.exe 0xCA 0xD4 0xD3 0xA8 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0xEC 0xEE 0xFD 0x60 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\rundll32.exe 0x22 0xB2 0x69 0x02 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\msiexec.exe 0x3A 0x83 0x91 0xB9 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe 0x91 0x9D 0xB6 0x9C ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Program Files\Electronic Arts\The Sims Średniowiecze\Game\Bin\SimsMedievalLauncher.exe 0xE6 0xDF 0xAF 0x16 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe 0x3D 0x16 0xB2 0x1A ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\CdRom1\Game\Bin\SIMSMEDIEVALLAUNCHER.EXE 0xF9 0x88 0x36 0x4B ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Program Files\Electronic Arts\The Sims Średniowiecze Piraci i Bogaci\Game\Bin\SimsMedievalLauncher.exe 0x16 0x7A 0x01 0x4A ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\CdRom1\Setup.exe 0x70 0xB2 0xF5 0x2A ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\DNS Unlocker\dnskingston.exe 0x38 0xDD 0xBC 0x83 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Program Files\Tropico 5\AppData.exe 0x48 0x4D 0x22 0xBF ... ---- EOF - GMER 2.1 ----