GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2009-02-10 21:52:44 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwClose [0xBA66B028] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwCreateKey [0xBA66AFE0] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwCreatePagingFile [0xBA65EB00] SSDT \??\C:\Programme\F-Secure Internet Security\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwCreateProcess [0xBAA5AC26] SSDT \??\C:\Programme\F-Secure Internet Security\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwCreateProcessEx [0xBAA5AC40] SSDT \??\C:\Programme\F-Secure Internet Security\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwCreateThread [0xBAA59DE4] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xBA65F5DC] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xBA66B120] SSDT \??\C:\Programme\F-Secure Internet Security\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwLoadDriver [0xBAA5A10C] SSDT \??\C:\Programme\F-Secure Internet Security\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwMapViewOfSection [0xBAA59B30] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwOpenFile [0xBA65EB40] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwOpenKey [0xBA66AFA4] SSDT \??\C:\Programme\F-Secure Internet Security\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwOpenSection [0xBAA5A53E] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwQueryKey [0xBA65F5FC] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwQueryValueKey [0xBA66B076] SSDT \??\C:\Programme\F-Secure Internet Security\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwRenameKey [0xBAA5B7DC] SSDT \??\C:\Programme\F-Secure Internet Security\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwSetSystemInformation [0xBAA5A38E] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwSetSystemPowerState [0xBA66A550] SSDT sptd.sys ZwSetValueKey [0xBA6C44AA] SSDT \??\C:\Programme\F-Secure Internet Security\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwSuspendProcess [0xBAA599B6] SSDT \??\C:\Programme\F-Secure Internet Security\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwSuspendThread [0xBAA59E18] SSDT \??\C:\Programme\F-Secure Internet Security\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwSystemDebugControl [0xBAA59F92] SSDT \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA07B7F20] SSDT \??\C:\Programme\F-Secure Internet Security\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwTerminateThread [0xBAA59A6C] SSDT \??\C:\Programme\F-Secure Internet Security\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwWriteVirtualMemory [0xBAA59EDC] Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice ---- Kernel code sections - GMER 1.0.14 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2BFA 80503AD6 2 Bytes [ 66, BA ] .text ntkrnlpa.exe!ZwCallbackReturn + 2F88 80503E64 12 Bytes [ B6, 99, A5, BA, 18, 9E, A5, ... ] PAGE ntkrnlpa.exe!IoCreateDevice 805747E8 5 Bytes JMP BA408FA8 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) ? C:\WINDOWS\system32\drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. PAGENPNP NDIS.SYS!NdisRegisterProtocol BA3D917F 5 Bytes JMP BA408DBA fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) PAGENPNP NDIS.SYS!NdisOpenAdapter BA3D9399 5 Bytes JMP BA409342 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) PAGENPNP NDIS.SYS!NdisCloseAdapter BA3E3642 5 Bytes JMP BA408EC6 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) PAGENPNP NDIS.SYS!NdisDeregisterProtocol BA3E3821 5 Bytes JMP BA40915E fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) PAGENDSP NDIS.SYS!NdisReturnPackets BA3E6810 5 Bytes JMP BA409BF4 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) PAGENDSP NDIS.SYS!NdisRequest BA3E697B 5 Bytes JMP BA40955A fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) PAGENDSP NDIS.SYS!NdisSend BA3E9986 5 Bytes JMP BA40A574 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) PAGENDSP NDIS.SYS!NdisSendPackets BA3E99A3 5 Bytes JMP BA40A646 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) PAGENDSP NDIS.SYS!NdisTransferData BA3E99BE 5 Bytes JMP BA409CF2 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) PAGENDCO NDIS.SYS!NdisCoCreateVc BA3F0186 5 Bytes JMP BA408E24 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) PAGENDCO NDIS.SYS!NdisCoDeleteVc BA3F1557 5 Bytes JMP BA408E92 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) PAGENDCO NDIS.SYS!NdisCoSendPackets BA3F1AF1 5 Bytes JMP BA40A35E fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) .text USBPORT.SYS!DllUnload B96FB7AE 5 Bytes JMP 899411C8 ? System32\Drivers\ahje3lzq.SYS Das System kann die angegebene Datei nicht finden. ! ---- User code sections - GMER 1.0.14 ---- .text C:\Dokumente und Einstellungen\Joe\Desktop\gmer.exe[4016] ADVAPI32.dll!CreateProcessAsUserW + 3 77DC63A8 2 Bytes [ 28, FA ] ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 8A5C91E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{AB6FE4B1-EA63-40A1-ABB2-C19BEE5A2EB1} 894CF790 Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) Device \Driver\usbuhci \Device\USBPDO-0 8993A1E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A5CC1E8 Device \Driver\dmio \Device\DmControl\DmConfig 8A5CC1E8 Device \Driver\dmio \Device\DmControl\DmPnP 8A5CC1E8 Device \Driver\dmio \Device\DmControl\DmInfo 8A5CC1E8 Device \Driver\usbuhci \Device\USBPDO-1 8993A1E8 Device \Driver\usbehci \Device\USBPDO-2 899181E8 Device \Driver\usbehci \Device\USBPDO-3 899181E8 Device \Driver\PCI_NTPNP9558 \Device\00000060 sptd.sys Device \Driver\usbuhci \Device\USBPDO-4 8993A1E8 Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) Device \Driver\usbuhci \Device\USBPDO-5 8993A1E8 Device \Driver\usbuhci \Device\USBPDO-6 8993A1E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 8A55B1E8 Device \Driver\Cdrom \Device\CdRom0 8972D1A0 Device \FileSystem\Rdbss \Device\FsWrap 8955F220 Device \Driver\Cdrom \Device\CdRom1 8972D1A0 Device \Driver\iaStor \Device\Ide\iaStor0 8A55A1E8 Device \Driver\atapi \Device\Ide\IdePort0 89512008 Device \Driver\atapi \Device\Ide\IdePort1 89512008 Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 8A55A1E8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-5 89512008 Device \Driver\Cdrom \Device\CdRom2 8972D1A0 Device \Driver\Cdrom \Device\CdRom3 8972D1A0 Device \Driver\NetBT \Device\NetBt_Wins_Export 894CF790 Device \Driver\NetBT \Device\NetBT_Tcpip_{EB946169-16F8-4678-8017-1EF514BB6665} 894CF790 Device \Driver\NetBT \Device\NetbiosSmb 894CF790 Device \FileSystem\Srv \Device\LanmanServer 8954A2C8 Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) Device \Driver\usbuhci \Device\USBFDO-0 8993A1E8 Device \Driver\usbuhci \Device\USBFDO-1 8993A1E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8958D790 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 899D6360 Device \Driver\Tcpip \Device\IPMULTICAST fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) Device \Driver\usbehci \Device\USBFDO-2 899181E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8958D790 Device \FileSystem\MRxSmb \Device\LanmanRedirector 899D6360 Device \Driver\usbuhci \Device\USBFDO-3 8993A1E8 Device \FileSystem\Npfs \Device\NamedPipe 896E51E8 Device \Driver\usbuhci \Device\USBFDO-4 8993A1E8 Device \Driver\Ftdisk \Device\FtControl 8A55B1E8 Device \FileSystem\Msfs \Device\Mailslot 896E61E8 Device \Driver\usbuhci \Device\USBFDO-5 8993A1E8 Device \Driver\usbehci \Device\USBFDO-6 899181E8 Device \Driver\ahje3lzq \Device\Scsi\ahje3lzq1Port4Path0Target0Lun0 8978C008 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port5Path0Target0Lun0 887EDAE8 Device \Driver\ahje3lzq \Device\Scsi\ahje3lzq1Port4Path0Target1Lun0 8978C008 Device \Driver\a347scsi \Device\Scsi\a347scsi1 887EDAE8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 8A5CA1E8 Device \Driver\ahje3lzq \Device\Scsi\ahje3lzq1 8978C008 Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 89745750 Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 89745750 Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 89745750 Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 89745750 Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 89745750 Device \FileSystem\Cdfs \Cdfs 896EA4D8 Device \FileSystem\Cdfs \Cdfs 89709030 ---- Modules - GMER 1.0.14 ---- Module _________ BA4F9000-BA511000 (98304 bytes) ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x98 0x24 0xB9 0x14 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x8D 0xAD 0xCF 0x78 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC7 0x11 0xD9 0xAC ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x56 0xE2 0xBF 0x90 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x98 0x24 0xB9 0x14 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x8D 0xAD 0xCF 0x78 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6A 0xDD 0xF4 0x51 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x23 0xFF 0xEA 0xEB ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x98 0x24 0xB9 0x14 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x8D 0xAD 0xCF 0x78 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6A 0xDD 0xF4 0x51 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x23 0xFF 0xEA 0xEB ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x98 0x24 0xB9 0x14 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x8D 0xAD 0xCF 0x78 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x41 0x1E 0x52 0x9C ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x23 0xFF 0xEA 0xEB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1843533705 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1044950574 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x98 0x24 0xB9 0x14 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x8D 0xAD 0xCF 0x78 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0B 0xF7 0x71 0x05 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x79 0xAF 0xBD 0xAB ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x98 0x24 0xB9 0x14 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x8D 0xAD 0xCF 0x78 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0B 0xF7 0x71 0x05 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x79 0xAF 0xBD 0xAB ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\Microsoft Encarta\Microsoft Encarta 2008 \x2013 Lernen und Wissen DVD\GEOCOMP.DLL 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\Microsoft Encarta\Microsoft Encarta 2008 \x2013 Lernen und Wissen DVD\MOBB200.DLL 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\Microsoft Encarta\Microsoft Encarta 2008 \x2013 Lernen und Wissen DVD\QMLISTUI.DLL 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\Microsoft Encarta\Microsoft Encarta 2008 \x2013 Lernen und Wissen DVD\ENCARTA.EXE 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\Microsoft Encarta\Microsoft Encarta 2008 \x2013 Lernen und Wissen DVD\ENCARTAU.DLL 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\Microsoft Encarta\Microsoft Encarta 2008 \x2013 Lernen und Wissen DVD\ENCARTAR.DLL 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\Microsoft Encarta\Microsoft Encarta 2008 \x2013 Lernen und Wissen DVD\ENCSPLSH.DLL 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\Microsoft Encarta\Microsoft Encarta 2008 \x2013 Lernen und Wissen DVD\EDICT.EXE 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\Microsoft Encarta\Microsoft Encarta 2008 \x2013 Lernen und Wissen DVD\ENCSET.EXE 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\Microsoft Encarta\Microsoft Encarta 2008 \x2013 Lernen und Wissen DVD\EDICTRES.DLL 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\Microsoft Encarta\Microsoft Encarta 2008 \x2013 Lernen und Wissen DVD\CONTENTUPDATEDOWNLOADER.EXE 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\Microsoft Encarta\Microsoft Encarta 2008 \x2013 Lernen und Wissen DVD\ESBSI.EXE 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\Microsoft Encarta\Microsoft Encarta 2008 \x2013 Lernen und Wissen DVD\MICROSOFT.ENCARTA.UTILITY.DLL 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\Microsoft Encarta\Microsoft Encarta 2008 \x2013 Lernen und Wissen DVD\MICROSOFT.ENCARTA.BTREE.DLL 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\Microsoft Encarta\Microsoft Encarta 2008 \x2013 Lernen und Wissen DVD\MICROSOFT.ENCARTA.SEARCH.DLL 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\Microsoft Encarta\Microsoft Encarta 2008 \x2013 Lernen und Wissen DVD\MICROSOFT.ENCARTA.FGSEARCH.DLL 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\Microsoft Encarta\Microsoft Encarta 2008 \x2013 Lernen und Wissen DVD\MICROSOFT.ENCARTA.QUICKMATCHINTEROP.DLL 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\Microsoft Encarta\Microsoft Encarta 2008 \x2013 Lernen und Wissen DVD\MSSPELL3.DLL 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\Microsoft Encarta\Microsoft Encarta 2008 \x2013 Lernen und Wissen DVD\CUSTSAT.DLL 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION 9294A786264525D4F8E1313F06756300D3052441FEC31538E254588C0D548A5836B7B4FCE336A01FFECFCF717D2DEBFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D67948EDD5E5BE2F6E667A9C6AECB7A5D1407623F7A5666AEF26BA1A007913B23294B4FC3ED72CE5B67A8118B9028176D81417CD8EEDA2F4D42C6D452C548FDE12D0917BC7EF4A8241B285A6BF2E95755A2E1F4347C83C83E4DDF8080D0CD3A8224A42261B9751785087E253E8E45025956116F8D0AB4A6C462E6B4A1E687DE52441F8800D179A675679CBA4CAA00E2BAFAD07F461617F18CA6917150581F9205147E5C0C0D4C1BCF4778D403A4A6F79CC5A92E64B11684229117AE4A8D012D31F1CB1E1D49FBE755888F26F06B877208BA28798E01E1ED77EE35D4727FDD3B508E95466C74D9B727615DD04B84B63B6AB7595192BFEEF1E0DEABC14C3DACFCC06EEDBF59117B664EDBE56DE7870B6B12E8541C6239F4091953C04803E824E64569E8E86837BC873655B008C3219E51B5D1AE31914F705D3C17BB2FE3B8C321842D21153E923BE0AD01C720FE91D170EAC8835ED9F6A1504C4369AEE1F54B0A88BAB38CA7E15869E7E2392BDD2C477E31F9F3E517B98DF3AEC81BF51301BF30BFE6C28812F73BD0FCD49710C65A65E567E2A3F Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}@DisplayName Alcohol 120% Reg HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6@ProductName Alcohol 120% ---- EOF - GMER 1.0.14 ----