GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-03-20 20:17:42 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-2 WDC_WD5000AAKS-00UU3A0 rev.01.03B01 465,76GB Running: rzcpopql.exe; Driver: C:\Users\Fikus\AppData\Local\Temp\aftcaaob.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x90E52BA6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x90E53684] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x90E5F6F8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x90E5F744] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x90E5F8DE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x90E5F666] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x90F09DF0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x90E5F6AE] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x90F0A080] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x90F0A16A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x90E5F898] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x90E54472] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x90E52C0C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x90E57C68] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x90E527F8] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x90F09ED0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x90E52C72] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x90E5805E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x90E54F5A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x90E5F722] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x90E5F766] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x90E5F902] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x90E5F68C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x90E57560] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x90E5F816] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x90E5F6D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x90E5794C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x90E5F8BC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x90F09C6E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x90E54DCE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x90E54ADC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x90E52CD8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x90E52D3E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x90F09FCC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x90E52892] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x90E52A64] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x90E529F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x90E5463C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x90E5479E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x90E52AEC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x90F09D3C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x90E542CC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x90E52DA4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x90F09BA0] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 8344E589 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83473092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 214 8347A824 4 Bytes [A6, 2B, E5, 90] {CMPSB ; SUB ESP, EBP; NOP } .text ntkrnlpa.exe!RtlSidHashLookup + 29C 8347A8AC 4 Bytes [84, 36, E5, 90] {TEST [ESI], DH; IN EAX, 0x90} .text ntkrnlpa.exe!RtlSidHashLookup + 2F0 8347A900 8 Bytes [F8, F6, E5, 90, 44, F7, E5, ...] {CLC ; MUL CH; NOP ; INC ESP; MUL EBP; NOP } .text ntkrnlpa.exe!RtlSidHashLookup + 2FC 8347A90C 4 Bytes [DE, F8, E5, 90] {FDIVP ST0, ST0; IN EAX, 0x90} .text ntkrnlpa.exe!RtlSidHashLookup + 318 8347A928 4 Bytes [66, F6, E5, 90] {MUL CH; NOP } .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 836785CA 4 Bytes CALL 90E55641 \SystemRoot\system32\drivers\aswSnx.sys PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 836806A5 4 Bytes CALL 90E55657 \SystemRoot\system32\drivers\aswSnx.sys .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x8B9A0346] ? C:\Windows\System32\Drivers\auyfltui.SYS suspicious PE modification ? C:\Windows\system32\drivers\IOMap.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[356] kernel32.dll!GetBinaryTypeW + 70 77BE7984 1 Byte [62] .text C:\Windows\system32\csrss.exe[384] kernel32.dll!GetBinaryTypeW + 70 77BE7984 1 Byte [62] .text C:\Windows\system32\wininit.exe[444] kernel32.dll!GetBinaryTypeW + 70 77BE7984 1 Byte [62] .text C:\Windows\system32\csrss.exe[456] kernel32.dll!GetBinaryTypeW + 70 77BE7984 1 Byte [62] .text C:\Windows\system32\services.exe[492] kernel32.dll!GetBinaryTypeW + 70 77BE7984 1 Byte [62] .text ... .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1548] kernel32.dll!SetUnhandledExceptionFilter 77BD3162 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1548] kernel32.dll!GetBinaryTypeW + 70 77BE7984 1 Byte [62] .text C:\Windows\system32\WLANExt.exe[1556] kernel32.dll!GetBinaryTypeW + 70 77BE7984 1 Byte [62] .text C:\Windows\system32\conhost.exe[1564] kernel32.dll!GetBinaryTypeW + 70 77BE7984 1 Byte [62] .text C:\Program Files\Ralink\Common\RaRegistry.exe[1632] kernel32.dll!GetBinaryTypeW + 70 77BE7984 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1752] kernel32.dll!GetBinaryTypeW + 70 77BE7984 1 Byte [62] .text ... .text C:\Program Files\AVAST Software\Avast\avastui.exe[2844] kernel32.dll!SetUnhandledExceptionFilter 77BD3162 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\avastui.exe[2844] kernel32.dll!GetBinaryTypeW + 70 77BE7984 1 Byte [62] .text C:\Windows\Explorer.EXE[2860] kernel32.dll!GetBinaryTypeW + 70 77BE7984 1 Byte [62] .text C:\Windows\system32\taskhost.exe[2868] kernel32.dll!GetBinaryTypeW + 70 77BE7984 1 Byte [62] .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe[2884] kernel32.dll!GetBinaryTypeW + 70 77BE7984 1 Byte [62] .text C:\Windows\system32\conhost.exe[2896] kernel32.dll!GetBinaryTypeW + 70 77BE7984 1 Byte [62] .text ... .text C:\Program Files\Mozilla Firefox\firefox.exe[4088] ntdll.dll!NtCreateFile 77A74870 5 Bytes JMP 6357D441 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4088] ntdll.dll!NtFlushBuffersFile 77A74C00 5 Bytes JMP 6357D181 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4088] ntdll.dll!NtQueryFullAttributesFile 77A75290 5 Bytes JMP 6357D2B9 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4088] ntdll.dll!NtReadFile 77A75560 5 Bytes JMP 6357D1BB C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4088] ntdll.dll!NtReadFileScatter 77A75570 5 Bytes JMP 63963D7D C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4088] ntdll.dll!NtWriteFile 77A75D10 5 Bytes JMP 6357D5E5 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4088] ntdll.dll!NtWriteFileGather 77A75D20 5 Bytes JMP 63963DCD C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4088] ntdll.dll!LdrUnloadDll 77A8BEAF 5 Bytes JMP 001E03FC .text C:\Program Files\Mozilla Firefox\firefox.exe[4088] KERNEL32.dll!K32GetDeviceDriverBaseNameW + 16F 77BCC0CF 7 Bytes JMP 6394ECDA C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4088] KERNEL32.dll!CloseHandle + 38 77BD060F 7 Bytes JMP 6395041B C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4088] KERNEL32.dll!GetExitCodeProcess + 2C 77BD315D 7 Bytes JMP 6370497B C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4088] KERNEL32.dll!GetBinaryTypeW + 70 77BE7984 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[4088] USER32.dll!GetWindowInfo 775F6A82 5 Bytes JMP 6443FA10 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4088] GDI32.dll!GetViewportOrgEx + 21C 775885EB 7 Bytes JMP 6394D492 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Ralink\Common\RaUI.exe[4224] kernel32.dll!GetBinaryTypeW + 70 77BE7984 1 Byte [62] .text C:\Program Files\Realtek\Realtek Wireless LAN Utility\RtlWake.exe[4236] kernel32.dll!GetBinaryTypeW + 70 77BE7984 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4420] kernel32.dll!GetBinaryTypeW + 70 77BE7984 1 Byte [62] .text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[4576] kernel32.dll!GetBinaryTypeW + 70 77BE7984 1 Byte [62] .text C:\Windows\System32\svchost.exe[4768] kernel32.dll!GetBinaryTypeW + 70 77BE7984 1 Byte [62] .text ... ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [746A2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74685624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [746856E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [746A250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74698573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74694D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [746950CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [746951A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [746966D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [746982CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74698819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7469907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7469E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74694C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 85D701F8 Device \FileSystem\fastfat \FatCdrom 8846B1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{F5DE582E-B572-49BF-B4F2-DC84F0A29FF6} 86D721F8 Device \Driver\usbuhci \Device\USBPDO-0 870B0430 Device \Driver\usbuhci \Device\USBPDO-1 870B0430 Device \Driver\usbehci \Device\USBPDO-2 86FEC430 Device \Driver\usbuhci \Device\USBPDO-3 870B0430 Device \Driver\PCI_PNP8406 \Device\00000061 sptd.sys Device \Driver\PCI_PNP8406 \Device\00000061 sptd.sys Device \Driver\usbuhci \Device\USBPDO-4 870B0430 Device \Driver\usbuhci \Device\USBPDO-5 870B0430 Device \Driver\usbehci \Device\USBPDO-6 86FEC430 Device \Driver\cdrom \Device\CdRom0 86CB41F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 85D6E1F8 Device \Driver\atapi \Device\Ide\IdePort0 85D6E1F8 Device \Driver\atapi \Device\Ide\IdePort1 85D6E1F8 Device \Driver\atapi \Device\Ide\IdePort2 85D6E1F8 Device \Driver\atapi \Device\Ide\IdePort3 85D6E1F8 Device \Driver\atapi \Device\Ide\IdePort4 85D6E1F8 Device \Driver\atapi \Device\Ide\IdePort5 85D6E1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-1 85D6E1F8 Device \Driver\cdrom \Device\CdRom1 86CB41F8 Device \Driver\cdrom \Device\CdRom2 86CB41F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 86D721F8 Device \Driver\usbuhci \Device\USBFDO-0 870B0430 Device \Driver\usbuhci \Device\USBFDO-1 870B0430 Device \Driver\usbehci \Device\USBFDO-2 86FEC430 Device \Driver\usbuhci \Device\USBFDO-3 870B0430 Device \Driver\usbuhci \Device\USBFDO-4 870B0430 Device \Driver\usbuhci \Device\USBFDO-5 870B0430 Device \Driver\usbehci \Device\USBFDO-6 86FEC430 Device \Driver\auyfltui \Device\Scsi\auyfltui1Port6Path0Target0Lun0 86F6E430 Device \Driver\auyfltui \Device\Scsi\auyfltui1 86F6E430 Device \Driver\auyfltui \Device\Scsi\auyfltui1Port6Path0Target1Lun0 86F6E430 Device \FileSystem\fastfat \Fat 8846B1F8 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys Device \FileSystem\cdfs \Cdfs 889961F8 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85d6e1f8]<< 85d6e1f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86ba3030] 86ba3030 Trace 3 CLASSPNP.SYS[8c0ee59e] -> nt!IofCallDriver -> [0x86ad5918] 86ad5918 Trace 5 ACPI.sys[83bb03b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-2[0x86ab9908] 86ab9908 Trace \Driver\atapi[0x86aab728] -> IRP_MJ_CREATE -> 0x85d6e1f8 85d6e1f8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ???n??????N??o???????????d????????????????????h??o???l???I???????????????????????t??????????.NT?7A?????????????g??????????????g????WPD??????????????????e???????e???l?l????????????????????????{4d36e972-e325-11ce-bfc1-08002be10318}???????l???????????l???????????????s???????????????3??? ???????k?????l?????k?.??????????C? ???????????7&15f52de7&0?????l??? ???????l???????????f?.????????P????????????????????0?????????????l?&???l?????l?&???????e??????s????l????n????????g??????B????????????????n????PNP_TDI???????N??n????????????????N??n???n????Dtat???k?k?k?l?o???f?k?l?l?m????????????????????????????????X??????????0???????????????????????l???????e???????e???l?l?l??? ???????k?????l?????k?.??????????E? ???????Dt????N??l????????D?????? ???????l???????????k?.????????\???????????7&29254a25&0?7?????????????????????l?&??6&9a06e53&0??t??SW\{eeab7790-c514-11d1-b42b-00805fc1270e}????????l??Enable???4???????k???3? Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x1D 0x5F 0x7F 0x26 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x65 0xE6 0x9A 0x91 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x52 0xD5 0x7A 0x14 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xF1 0x01 0x97 0x50 ... ---- EOF - GMER 2.1 ----