GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-09-21 15:36:25 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD103SI rev.1AG01118 931,51GB Running: u7zispm0.exe; Driver: C:\Users\User\AppData\Local\Temp\aftcaaob.sys ---- Kernel code sections - GMER 2.2 ---- PAGE C:\Windows\system32\drivers\ataport.SYS!DllUnload fffff88000e1c4a0 12 bytes {MOV RAX, 0xfffffa80069bb2a0; JMP RAX} .text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff8800745cd64 12 bytes {MOV RAX, 0xfffffa80081cb2a0; JMP RAX} ---- User code sections - GMER 2.2 ---- .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1088] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000074cc87c9 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files (x86)\Steam\Steam.exe[2448] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000074cc103d 5 bytes JMP 0000000070661eb0 .text C:\Program Files (x86)\Steam\Steam.exe[2448] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000074cc1072 5 bytes JMP 0000000070661da0 .text C:\Program Files (x86)\Steam\Steam.exe[2448] C:\Windows\SysWOW64\detoured.dll!Detoured + 3 0000000073761003 2 bytes [76, 73] .text C:\Program Files (x86)\Steam\Steam.exe[2448] C:\Windows\SysWOW64\detoured.dll!Detoured + 22 0000000073761016 2 bytes [76, 73] .text C:\Program Files (x86)\Steam\Steam.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075351465 2 bytes [35, 75] .text C:\Program Files (x86)\Steam\Steam.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753514bb 2 bytes [35, 75] .text ... * 2 .text C:\Program Files (x86)\Napisy24\Napisy24.exe[2600] C:\Windows\syswow64\USER32.dll!GetSysColor 0000000075267959 5 bytes JMP 000000000254f04a .text C:\Program Files (x86)\Napisy24\Napisy24.exe[2600] C:\Windows\syswow64\USER32.dll!FillRect 00000000752709a0 5 bytes JMP 000000000254f12a .text C:\Program Files (x86)\Napisy24\Napisy24.exe[2600] C:\Windows\syswow64\USER32.dll!GetSysColorBrush 000000007527308a 5 bytes JMP 000000000254f0ba .text C:\Program Files (x86)\Napisy24\Napisy24.exe[2600] C:\Windows\syswow64\USER32.dll!DrawEdge 0000000075276dd6 5 bytes JMP 000000000254f19a .text C:\Program Files (x86)\Napisy24\Napisy24.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075351465 2 bytes [35, 75] .text C:\Program Files (x86)\Napisy24\Napisy24.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753514bb 2 bytes [35, 75] .text ... * 2 .text C:\Program Files\AVAST Software\Avast\avastui.exe[3020] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000074cc87c9 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075351465 2 bytes [35, 75] .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753514bb 2 bytes [35, 75] .text ... * 2 .text C:\Users\User\AppData\Local\Innkeeper\app-0.3.1\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[4888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075351465 2 bytes [35, 75] .text C:\Users\User\AppData\Local\Innkeeper\app-0.3.1\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[4888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753514bb 2 bytes [35, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075351465 2 bytes [35, 75] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753514bb 2 bytes [35, 75] .text ... * 2 .text C:\Users\User\AppData\Local\Innkeeper\app-0.3.1\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075351465 2 bytes [35, 75] .text C:\Users\User\AppData\Local\Innkeeper\app-0.3.1\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753514bb 2 bytes [35, 75] .text ... * 2 .text C:\Users\User\AppData\Local\Innkeeper\app-0.3.1\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075351465 2 bytes [35, 75] .text C:\Users\User\AppData\Local\Innkeeper\app-0.3.1\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753514bb 2 bytes [35, 75] .text ... * 2 .text C:\Users\User\AppData\Local\Innkeeper\app-0.3.1\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075351465 2 bytes [35, 75] .text C:\Users\User\AppData\Local\Innkeeper\app-0.3.1\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753514bb 2 bytes [35, 75] .text ... * 2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075351465 2 bytes [35, 75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753514bb 2 bytes [35, 75] .text ... * 2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075351465 2 bytes [35, 75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753514bb 2 bytes [35, 75] .text ... * 2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075351465 2 bytes [35, 75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753514bb 2 bytes [35, 75] .text ... * 2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075351465 2 bytes [35, 75] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753514bb 2 bytes [35, 75] .text ... * 2 .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe[5348] C:\Windows\syswow64\USER32.dll!DispatchMessageW 0000000075267deb 4 bytes JMP 0000000061ce5ef0 .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe[5348] C:\Windows\syswow64\USER32.dll!DispatchMessageA 0000000075268103 4 bytes JMP 0000000061ce5ec0 .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe[5348] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075268b9a 4 bytes JMP 0000000061ce6900 .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe[5348] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007526a5e6 4 bytes JMP 0000000061ce67c0 .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe[5348] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007526cdb4 5 bytes JMP 0000000061ce6060 .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe[5348] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075270112 4 bytes JMP 0000000061ce6240 .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe[5348] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000075270dbe 5 bytes JMP 0000000061ce5f20 .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe[5348] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075270e9a 5 bytes JMP 0000000061ce6320 .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe[5348] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075270eba 5 bytes JMP 0000000061ce62c0 .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe[5348] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000075271d34 4 bytes JMP 0000000061ce6180 .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe[5348] C:\Windows\syswow64\USER32.dll!DestroyWindow 0000000075271e6e 5 bytes JMP 0000000061ce6030 .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe[5348] C:\Windows\syswow64\USER32.dll!UpdateLayeredWindowIndirect 000000007527260a 4 bytes JMP 0000000061ce6740 .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe[5348] C:\Windows\syswow64\USER32.dll!WindowFromPoint 0000000075272ddb 5 bytes JMP 0000000061ce5800 .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe[5348] C:\Windows\syswow64\USER32.dll!SetCapture 0000000075272ed1 5 bytes JMP 0000000061ce61c0 .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe[5348] C:\Windows\syswow64\USER32.dll!SetCursor 0000000075274076 5 bytes JMP 0000000061ce57e0 .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe[5348] C:\Windows\syswow64\USER32.dll!BringWindowToTop 0000000075277ba7 4 bytes JMP 0000000061ce62a0 .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe[5348] C:\Windows\syswow64\USER32.dll!AnimateWindow 0000000075282b8d 4 bytes JMP 0000000061ce60e0 .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe[5348] C:\Windows\syswow64\USER32.dll!UpdateLayeredWindow 00000000752830a6 4 bytes JMP 0000000061ce6670 .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe[5348] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007528ed58 4 bytes JMP 0000000061ce61e0 .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe[5348] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000764c5ea6 5 bytes JMP 0000000061ce5830 .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe[5348] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000764cb895 5 bytes JMP 0000000061ce5aa0 .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe[5348] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075351465 2 bytes [35, 75] .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe[5348] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000753514bb 2 bytes [35, 75] .text ... * 2 .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007740f9a1 7 bytes {MOV EDX, 0x2ce2e8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 000000007740fa1d 7 bytes {MOV EDX, 0x2ce1a8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 000000007740fb35 7 bytes {MOV EDX, 0x2ce168; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007740fbe5 7 bytes {MOV EDX, 0x2ce328; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007740fc15 7 bytes {MOV EDX, 0x2ce268; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007740fc2d 7 bytes {MOV EDX, 0x2ce128; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007740fc45 7 bytes {MOV EDX, 0x2ce3e8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007740fc75 7 bytes {MOV EDX, 0x2ce428; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007740fcf5 7 bytes {MOV EDX, 0x2ce3a8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007740fd0d 7 bytes {MOV EDX, 0x2ce368; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007740fd59 7 bytes {MOV EDX, 0x2ce068; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007740fe51 7 bytes {MOV EDX, 0x2ce0a8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000774100a9 7 bytes {MOV EDX, 0x2ce028; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 000000007741100d 7 bytes {MOV EDX, 0x2ce1e8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000774110b5 7 bytes {MOV EDX, 0x2ce2a8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007741112d 7 bytes {MOV EDX, 0x2ce228; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077411331 7 bytes {MOV EDX, 0x2ce0e8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075351465 2 bytes [35, 75] .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753514bb 2 bytes [35, 75] .text ... * 2 ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001074f1c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001074cc0] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800107569c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001075a98] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010758f4] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.2 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa8006a942c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa8006a942c0 Device \Driver\abfzkhy1 \Device\Scsi\abfzkhy11Port1Path0Target0Lun0 fffffa8007fd92c0 Device \Driver\abfzkhy1 \Device\Scsi\abfzkhy11 fffffa8007fd92c0 Device \FileSystem\Ntfs \Ntfs fffffa800732f2c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa80081c92c0 Device \Driver\cdrom \Device\CdRom0 fffffa80088902c0 Device \Driver\cdrom \Device\CdRom1 fffffa80088902c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{DDF528CC-0E2A-429D-9F6F-D4A3CBC7CA2C} fffffa8007ec82c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa80081c92c0 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl fffffa8007dfd2c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa80081c92c0 Device \Driver\dtsoftbus01 \Device\0000006d fffffa8007dfd2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8007ec82c0 Device \Driver\atapi \Device\ScsiPort0 fffffa8006a942c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa80081c92c0 Device \Driver\abfzkhy1 \Device\ScsiPort1 fffffa8007fd92c0 ---- Trace I/O - GMER 2.2 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8006a942c0]<< sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys fffffa8006a942c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800770e060] fffffa800770e060 Trace 3 CLASSPNP.SYS[fffff880018a643f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80076c9680] fffffa80076c9680 Trace \Driver\atapi[0xfffffa80073f4ae0] -> IRP_MJ_CREATE -> 0xfffffa8006a942c0 fffffa8006a942c0 ---- Modules - GMER 2.2 ---- Module \SystemRoot\System32\Drivers\abfzkhy1.SYS fffff88007749000-fffff8800779a000 (331776 bytes) ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\Instup_14728404729492280@SetupOperations ???j????Port drukarki?????R??g???????????????????????7???g?g?g????b??o?????????e?????????????????f??????p?????N??u?????????e?????????????g?g?g??ACPI\PNP0C02?*PNP0C02??????????????????????????o????? ???g??????????&????????f????????????N??g???S?????D? ??? ???d???n??????sM???????e?????????????????f????{4d36e97d-e325-11ce-bfc1-08002be10318}???????z???|???g?g????t????f???????????????????????f??? ???????f?????f???????0????????????????????? ???????f???????????b?0????????????????????? ???????f?????f???????0????????????????????? ???????f???????????b?0??????????????????????N??f???.????????????N??g???b?????DxS??Standardowa klawiatura PS/2?????? ???????f?????f?????????????????????????0????t??????????????????/??????s????????g??????????????????????????ACPI\PNP0C02?*PNP0C02??????????????????????????????????f?????????g?g????? ???????f?????????????0??L????????? ??????????????f???f???f?????f??? ???????f?????f???????0????????????&???????????????????????? ???????f?????f???????0????????????????????? ???????f???????????d?0??????? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\Instup_14728405292502280@SetupOperations ????em??????????????HidUsb??????????????????????????? ???????????????????????????-??9b??????????????????Microsoft??????????????????????????????????????? ???????????????????????????Microsoft?????R?????????????????????????????????????input.inf:Standard.NTamd64:HID_Inst:6.1.7601.17514::generic_hid_device:usb\class_03&subclass_01:usb\class_03??????&??????????????????????,???????????d??? ~??????5???????????????????????????????S????X??????????????????????????????????????d???????????????????????????f?`?g?|????????????????????6-21-2006????????????????????????????????????????????i?????sch???????????????????????????????????????????b???b????X??????????????????????????@??????s???????????????????????pl???????????e????????6?????????????? ???????e?????C:\????????????????????????????????????????????~?????????????????????? ??le??.NT?????? N??????e?????xe????????????r?? F??????os??t????????????t??????1.??????????? ??????????????????Custom???????????????&?????d13???????????c???????d???????????M???W??system32\drivers\drmkaud.sy Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0615b9 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0615b9@a4e7318038e3 0x0B 0xC0 0xD9 0x81 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0xAF 0x48 0xF4 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB9 0x69 0x52 0x03 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA5 0x66 0xEB 0xBF ... Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\Instup_14728404729492280@SetupOperations ????do????????????????????????????????????????????????????N???????????D???????`??????0??????????sy??? ??????????????t????????????????e????????????????????????N????????????DSB??????e???????????? ?????????????????????,??.?????????????????????????????????????????????????????????????????? ???????????????????????????? ?2???????????{745a17a0-74d3-11d0-b6fe-00a0c90f57da}\0027???????&?????????????????????? ?????????????????????,??????????????????????s?????? ???????,??????????????????????????&???????????????????????????????????????? ???????? ????????????0????????????&???????????????????????? ?????????????????????0????????????????????????????? ?????????????????????0????????????????????????????????????????????????????????????????input.inf???? ??????????????????HID_Inst????? ?????????????????????0????????????????????? ?????????????????????0????????????????????????????????????????????????????HID_Inst????? ??????????????????.NT?????? ?????????????????????0????????????????????????????????????????? ?????????????????????0??? Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\Instup_14728405292502280@SetupOperations ????????? ????????????????????????"?????b???????????????GT-S6500D ?devicename%;Sterownik woluminu systemu plik?w WPD????p?%SystemRoot%\system32\wpdshext.dll,-701???????I?????????????????%SystemRoot%\system32\wpdshext.dll,-701???X?%SystemRoot%\system32\wpdshext.dll,-701??l????N?????????D???? ?????????????????????,??(???$? ?????????????s???????d?????????????????????? ?????????????????????,????????????????????????????? ?????????????????????,?????????????????????y??????????? ????????????????????????????"??????????f??%SystemRoot%\system32\wpdshext.dll,-701??cX?{8407966d-3982-11e6-9a6e-a7652538a2e9}????`?{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}?b????Fi??VolumeSnapshot?t?t???????t???????????n??f?p?????????????????????????g%8?????????????????????????uj??BFE?????? ?????????????????????0????????????????????{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}\0000???H?@scrawpdo.inf,%msft%;Microsoft????8?????????????????????????65X?acpi.inf_amd64_neutral_2a841284c9de8962???8??????????????????????????????????????u????????????????? Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0615b9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0615b9@a4e7318038e3 0x0B 0xC0 0xD9 0x81 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0xAF 0x48 0xF4 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB9 0x69 0x52 0x03 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA5 0x66 0xEB 0xBF ... ---- EOF - GMER 2.2 ----