GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-09-21 16:32:07 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\00000071 WDC_WD2500AAJS-00VTA0 rev.01.01B01 Running: 6hrcn56z.exe; Driver: C:\TEMP\pxtdapob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB0C2B618] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB0C2B4D4] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB0C2B9B2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB0C2B0AC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB0C2B5AE] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB0C2AFEC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB0C2B050] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB0C2B6CE] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB0C2B68E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB0C2B80E] INT 0x62 ? 8A7C4CB8 INT 0x63 ? 8A60FCB8 INT 0x73 ? 8A794CB8 INT 0x83 ? 8A794CB8 ---- Kernel code sections - GMER 1.0.15 ---- .sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xB7F83B2E] .text USBPORT.SYS!DllUnload B73768AC 5 Bytes JMP 8A60F1C8 .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB64D23C0, 0x9B091A, 0xE8000020] ? C:\WINDOWS\System32\Drivers\au5kw4zn.SYS suspicious PE modification .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xAF640300, 0x3B6D8, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\ithsgt.sys section is writeable [0xAF5F0300, 0x21770, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB8428300, 0x1BEE, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text D:\Programy\mozilla\firefox.exe[3520] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01210C00 D:\Programy\mozilla\xul.dll (Mozilla Foundation) .text D:\Programy\mozilla\firefox.exe[3520] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01447B4C D:\Programy\mozilla\xul.dll (Mozilla Foundation) .text D:\Programy\mozilla\firefox.exe[3520] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01447B29 D:\Programy\mozilla\xul.dll (Mozilla Foundation) .text D:\Programy\mozilla\firefox.exe[3520] kernel32.dll!ValidateLocale + B130 7C844958 7 Bytes JMP 01213FAC D:\Programy\mozilla\xul.dll (Mozilla Foundation) .text D:\Programy\mozilla\firefox.exe[3520] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01447AAA D:\Programy\mozilla\xul.dll (Mozilla Foundation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [B7E8F232] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [B7E8E730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [B7E8EF12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7E8E730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7E8E914] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7E8E856] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7E8F0F0] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7E8EF12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EA2EB0] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[744] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[744] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A7931E8 AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\usbohci \Device\USBPDO-0 8A53C1E8 Device \Driver\usbehci \Device\USBPDO-1 8A5381E8 AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\NetBT \Device\NetBT_Tcpip_{60F71A69-B927-4C71-AB60-EAEB4B3E28B0} 8925A1E8 Device \Driver\Cdrom \Device\CdRom0 8A6031E8 Device \Driver\atapi \Device\Ide\IdePort0 [B7DF8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B7DF8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [B7DF8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [B7DF8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Cdrom \Device\CdRom1 8A6031E8 Device \Driver\dtsoftbus01 \Device\00000073 8A3BF1E8 Device \Driver\Cdrom \Device\CdRom2 8A6031E8 Device \Driver\Cdrom \Device\CdRom3 8A6031E8 Device \Driver\Cdrom \Device\CdRom4 8A6031E8 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl 8A3BF1E8 Device \Driver\NetBT \Device\NetBt_Wins_Export 8925A1E8 Device \Driver\PCI_PNP2316 \Device\0000004b sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) Device \Driver\PCI_PNP2316 \Device\0000004b sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\usbohci \Device\USBFDO-0 8A53C1E8 Device \Driver\usbehci \Device\USBFDO-1 8A5381E8 Device \Driver\nvata \Device\NvAta0 8A7941E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 892981E8 Device \Driver\nvata \Device\NvAta1 8A7941E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 892981E8 Device \Driver\au5kw4zn \Device\Scsi\au5kw4zn1 8A5951E8 Device \Driver\au5kw4zn \Device\Scsi\au5kw4zn1Port5Path0Target0Lun0 8A5951E8 Device \FileSystem\Cdfs \Cdfs 8948F1E8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE3 0x28 0x9D 0xAD ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x33 0xA7 0xDC 0x3F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x0F 0x31 0xF4 0x79 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA3 0x9F 0x6C 0xEB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programy\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programy\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF0 0x56 0xF2 0xBC ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6B 0x13 0xB4 0x1D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA6 0x08 0x6F 0x0D ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x42 0xEA 0x97 0x76 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programy\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD9 0x62 0xC3 0xDE ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC7 0x5D 0xDF 0x2B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programy\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF0 0x56 0xF2 0xBC ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6B 0x13 0xB4 0x1D ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC4 0xC0 0x64 0xFD ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x52 0x77 0xF5 0xFC ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD9 0x62 0xC3 0xDE ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3C 0x41 0x6A 0x18 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programy\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF0 0x56 0xF2 0xBC ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6B 0x13 0xB4 0x1D ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA6 0x08 0x6F 0x0D ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x52 0x77 0xF5 0xFC ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD9 0x62 0xC3 0xDE ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3C 0x41 0x6A 0x18 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programy\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF0 0x56 0xF2 0xBC ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6B 0x13 0xB4 0x1D ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA6 0x08 0x6F 0x0D ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 2 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE3 0x28 0x9D 0xAD ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x33 0xA7 0xDC 0x3F ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x0F 0x31 0xF4 0x79 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA3 0x9F 0x6C 0xEB ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programy\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programy\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF0 0x56 0xF2 0xBC ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6B 0x13 0xB4 0x1D ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA6 0x08 0x6F 0x0D ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG15.00.00.01PROFESSIONAL 6D79965961313ED77523F368300B40F88FF34DF53BD97DEF2A1840D48788B767E5B3C9C625F722C7880DCFE4684C72057C0AB5DFB0907CC4696F04084827E1D4CD011E30CC06D0EC3AE608D429CCD2468E65BE1A1F20A87B50689C9864DF3CC207D8D2FA4CA09E6EB5486DE700051441596468C14DD435157D46DBB0FBF39B5059052C7D3B20A1A50C21D2449F03AF2CD6BCB86AA4129C45F2A3966ECF3C1A4D71A26D845770B421B2351180DAE860F46474389733CC9BF5976B27E5492496BF5DA4E44FFD92F624011983AC2CEAA7B843E872452C1233C1355F6A9D702B326290CE5F933419CC25323A09C82ED2C94C1AC878E162FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407FEBC9E127BECC74C8EDD5E5BE2F6E667059AC6D81B868F2273F1B236B837E278856CDE67F2D5EE2F2355DC5A8719C5E3FCEB6F476767845EDE76572D35E413D64CDD7DEB8BA1AFD272DB6663134BCC8F6B3B7224F0743AF94AA5F8B278ECA33E7D02A85D38A6605B8162BB1C50AC09D55D047E039B2869E8F6DBA3C22A7ABADB2FB7E64185DFB2CFD8E80335CDA7D9367206F5DC9DFC3FC4B93A9640463772808C9EF48056C74D5A1A2F9540732B93565F44EF0E8171DDC9FCA3446E1CD558A4539DC4EB5DE2CBC9F6BD0 Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0x15 0xC0 0xBD 0xC3 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0xD1 0x46 0x9D 0x69 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7d6cb66c-0a82-4201-b0f9-3f381d08de85}@Model 351 Reg HKLM\SOFTWARE\Classes\CLSID\{7d6cb66c-0a82-4201-b0f9-3f381d08de85}@Therad 26 Reg HKLM\SOFTWARE\Classes\CLSID\{7d6cb66c-0a82-4201-b0f9-3f381d08de85}@MData 0x73 0xD5 0xCF 0xB8 ... Reg HKLM\SOFTWARE\Classes\CLSID\{bdd63c15-a525-4fcb-bc19-6fb45b9008dc}@Model 166 Reg HKLM\SOFTWARE\Classes\CLSID\{bdd63c15-a525-4fcb-bc19-6fb45b9008dc}@Therad 30 Reg HKLM\SOFTWARE\Classes\CLSID\{bdd63c15-a525-4fcb-bc19-6fb45b9008dc}@MData 0x2B 0x8F 0x78 0x29 ... ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 PE file @ sector 488392065 ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\Pawe許Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\o8kpdujh.default\Cache\0\B9\BE0C6d01 22178 bytes File C:\Documents and Settings\Pawe許Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\o8kpdujh.default\Cache\0\43\2A5EEd01 50766 bytes File C:\Documents and Settings\Pawe許Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\o8kpdujh.default\Cache\0\7A\09940d01 26627 bytes File C:\Documents and Settings\Pawe許Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\o8kpdujh.default\Cache\1\C6\B617Cd01 27671 bytes File C:\Documents and Settings\Pawe許Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\o8kpdujh.default\Cache\1\29\B66A8d01 28654 bytes File C:\Documents and Settings\Pawe許Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\o8kpdujh.default\Cache\6\D1\125BEd01 2391166 bytes