GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-01-01 20:59:48 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP5T0L0-31 WDC_WD3200AAKS-00VYA0 rev.12.01B01 298,09GB Running: 21etgmt0.exe; Driver: C:\DOCUME~1\Artur\USTAWI~1\Temp\kwpoifog.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwAdjustPrivilegesToken [0xF3770090] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwConnectPort [0xF3770040] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateProcess [0xF3770020] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateProcessEx [0xF3770030] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateSection [0xF3770000] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateSymbolicLinkObject [0xF3770190] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateThread [0xF37700F0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwDebugActiveProcess [0xF3770130] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwDeleteKey [0xF3770280] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwDeleteValueKey [0xF37702A0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwDeviceIoControlFile [0xF37702F0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwDuplicateObject [0xF3770160] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwEnumerateKey [0xF37702B0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwEnumerateValueKey [0xF37702C0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwLoadDriver [0xF3770140] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwLoadKey [0xF3770240] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwLoadKey2 [0xF3770250] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwMapViewOfSection [0xF3770170] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwOpenProcess [0xF3770070] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwOpenSection [0xF3770060] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwOpenThread [0xF3770080] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwPlugPlayControl [0xF37701A0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwProtectVirtualMemory [0xF37700B0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwQueryIntervalProfile [0xF3770560] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwQueryKey [0xF37702D0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwQueryMultipleValueKey [0xF3770290] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwQueryValueKey [0xF3770270] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwQueueApcThread [0xF3770110] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwRenameKey [0xF37702E0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwReplaceKey [0xF3770230] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwRequestWaitReplyPort [0xF37701E0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwRestoreKey [0xF3770220] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwResumeProcess [0xF3770580] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwResumeThread [0xF37701B0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSaveKey [0xF37701F0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSaveKeyEx [0xF3770200] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSaveMergedKeys [0xF3770210] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSecureConnectPort [0xF3770050] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetContextThread [0xF3770100] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetInformationObject [0xF37700A0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetInformationToken [0xF3770010] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetSystemInformation [0xF3770150] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetValueKey [0xF3770260] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSuspendProcess [0xF37701D0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSuspendThread [0xF37701C0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSystemDebugControl [0xF3770120] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwTerminateProcess [0xF37700C0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwTerminateThread [0xF37700D0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwUnmapViewOfSection [0xF3770180] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwWriteVirtualMemory [0xF37700E0] INT 0x63 ? 8B519CB8 INT 0x63 ? 8B519CB8 INT 0x63 ? 8B519CB8 INT 0x73 ? 8B5CCCB8 INT 0x84 ? 8B519CB8 INT 0x84 ? 8B519CB8 INT 0x84 ? 8B519CB8 INT 0x94 ? 8B5CCCB8 INT 0x94 ? 8B5CCCB8 INT 0x94 ? 8B5CCCB8 INT 0x94 ? 8B5CCCB8 INT 0x94 ? 8B519CB8 INT 0x94 ? 8B519CB8 INT 0x94 ? 8B5CCCB8 ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2E0C 805046F4 12 Bytes [40, 01, 77, F3, 40, 02, 77, ...] {INC EAX; ADD [EDI-0xd], ESI; INC EAX; ADD DH, [EDI-0xd]; PUSH EAX; ADD DH, [EDI-0xd]} .text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 805048A0 28 Bytes [20, 02, 77, F3, 80, 05, 77, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 307C 80504964 12 Bytes [D0, 01, 77, F3, C0, 01, 77, ...] {ROL BYTE [ECX], 0x1; JA 0xfffffff7; ROL BYTE [ECX], 0x77; AND [ECX], AL; JA 0xffffffff} .sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xF6E45774] .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5F2E3C0, 0x843A2A, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB78E5300, 0x3B6D8, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF7837300, 0x1BEE, 0xE8000020] ---- User code sections - GMER 2.1 ---- ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe[1856] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe[1856] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 6A342DF0 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\ushata.dll ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe[1856] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe[1856] C:\WINDOWS\system32\ADVAPI32.dll time/date stamp mismatch; unknown module: WINTRUST.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe[1856] USER32.dll!AlignRects 7E362978 4 Bytes [60, 40, 34, 6A] {PUSHA ; INC EAX; XOR AL, 0x6a} .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe[1856] USER32.dll!AlignRects 7E362A78 4 Bytes [10, 40, 34, 6A] ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe[3920] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe[3920] C:\WINDOWS\system32\user32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe[3920] user32.dll!AlignRects 7E362978 4 Bytes [60, 40, 34, 6A] {PUSHA ; INC EAX; XOR AL, 0x6a} .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe[3920] user32.dll!AlignRects 7E362A78 4 Bytes [10, 40, 34, 6A] .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe[3920] user32.dll!MoveWindow + A3 7E37B341 5 Bytes JMP 6A344E30 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\ushata.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe[3920] user32.dll!UnhookWinEvent + 25 7E3818D1 5 Bytes JMP 6A344DB0 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\ushata.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe[3920] user32.dll!SetMenu + 1B 7E39F411 2 Bytes JMP 6A344930 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\ushata.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe[3920] user32.dll!SetMenu + 1E 7E39F414 2 Bytes [FA, EB] .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe[3920] user32.dll!GetRawInputDeviceInfoW + 10 7E3A6568 5 Bytes JMP 6A3449C0 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\ushata.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe[3920] user32.dll!GetRawInputDeviceInfoW + 68 7E3A65C0 5 Bytes JMP 6A344C00 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\ushata.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe[3920] user32.dll!GetRawInputDeviceInfoA + C1 7E3BAFCE 5 Bytes JMP 6A344B70 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\ushata.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 8B5EE1F8 Device \FileSystem\Fastfat \FatCdrom 8A3511F8 AttachedDevice \Driver\Tcpip \Device\Ip kltdi.sys Device \Driver\usbuhci \Device\USBPDO-0 8B35D440 Device \Driver\usbuhci \Device\USBPDO-1 8B35D440 Device \Driver\usbuhci \Device\USBPDO-2 8B35D440 Device \Driver\usbehci \Device\USBPDO-3 8B3981F8 Device \Driver\usbuhci \Device\USBPDO-4 8B35D440 AttachedDevice \Driver\Tcpip \Device\Tcp kltdi.sys Device \Driver\usbuhci \Device\USBPDO-5 8B35D440 Device \Driver\usbuhci \Device\USBPDO-6 8B35D440 Device \Driver\usbehci \Device\USBPDO-7 8B3981F8 Device \Driver\Cdrom \Device\CdRom0 8B4921F8 Device \Driver\Cdrom \Device\CdRom1 8B4921F8 Device \Driver\atapi \Device\Ide\IdePort0 [F6CCFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys Device \Driver\atapi \Device\Ide\IdePort1 [F6CCFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F6CCFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 sfsync02.sys Device \Driver\atapi \Device\Ide\IdePort2 [F6CCFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys Device \Driver\atapi \Device\Ide\IdePort3 [F6CCFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F6CCFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c sfsync02.sys Device \Driver\atapi \Device\Ide\IdePort4 [F6CCFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort4 sfsync02.sys Device \Driver\atapi \Device\Ide\IdePort5 [F6CCFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort5 sfsync02.sys Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-31 [F6CCFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-31 sfsync02.sys Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-26 [F6CCFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-26 sfsync02.sys Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-19 [F6CCFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-19 sfsync02.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{82268693-DED3-43ED-9769-39A4FE653FDC} 8A3A01F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 8A3A01F8 Device \Driver\NetBT \Device\NetbiosSmb 8A3A01F8 AttachedDevice \Driver\Tcpip \Device\Udp kltdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp kltdi.sys Device \Driver\usbuhci \Device\USBFDO-0 8B35D440 Device \Driver\usbuhci \Device\USBFDO-1 8B35D440 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A3931F8 Device \Driver\usbuhci \Device\USBFDO-2 8B35D440 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A3931F8 Device \Driver\usbehci \Device\USBFDO-3 8B3981F8 Device \Driver\usbuhci \Device\USBFDO-4 8B35D440 Device \Driver\usbuhci \Device\USBFDO-5 8B35D440 Device \Driver\usbuhci \Device\USBFDO-6 8B35D440 Device \Driver\usbehci \Device\USBFDO-7 8B3981F8 Device \FileSystem\Fastfat \Fat 8A3511F8 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys Device \FileSystem\Cdfs \Cdfs 87B901F8 Device \FileSystem\Cdfs \Cdfs B753FBCE ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x71 0x5A 0x8B 0x8A ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Alcohol 120%\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xB0 0x94 0x0D 0xAE ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x5C 0xEA 0x7A 0xD6 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7B 0xB3 0x48 0xC6 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Daemon Tools\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC4 0x35 0x8F 0x42 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x11 0xCE 0x88 0x2F ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x7E 0xB8 0xFC 0x3C ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x08 0x96 0x70 0x80 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x8A 0x28 0xAC 0x16 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x51 0xE7 0xC1 0x47 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Daemon Tools\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC4 0x35 0x8F 0x42 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBE 0x1E 0xF3 0xC6 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\PDFSFilter\Parameters\{acc1aac4-8920-11e5-af9c-806d6172696f}@NumExtendFileExtentsSaved 172520 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ... Reg HKLM\SOFTWARE\Classes\CLSID\{582e1d5c-9bdf-4455-afd1-0cb78e25deb2}@Model 360 Reg HKLM\SOFTWARE\Classes\CLSID\{582e1d5c-9bdf-4455-afd1-0cb78e25deb2}@Therad 21 Reg HKLM\SOFTWARE\Classes\CLSID\{582e1d5c-9bdf-4455-afd1-0cb78e25deb2}@MData 0x73 0xD5 0xCF 0xB8 ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0x44 0x22 0x32 0xDD ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ... ---- EOF - GMER 2.1 ----