Re: prosím o kontrolu logu
Napsal: 29 říj 2009 17:03
GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-29 16:55:35
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Vista\AppData\Local\Temp\uglcypow.sys
---- System - GMER 1.0.15 ----
INT 0x51 ? 873CBF00
INT 0x52 ? 873CBF00
INT 0x72 ? 873CBF00
INT 0x72 ? 873CBF00
INT 0x82 ? 8592ABF8
INT 0x92 ? 84F9BBF8
INT 0xA2 ? 84F9BBF8
INT 0xB3 ? 873CBF00
---- Kernel code sections - GMER 1.0.15 ----
? System32\Drivers\spbs.sys Systém nemůže nalézt uvedenou cestu. !
.text USBPORT.SYS!DllUnload 8F03641B 5 Bytes JMP 873CB4E0
.text a21br4zj.SYS 8F58F000 22 Bytes [82, 73, 5C, 82, 6C, 72, 5C, ...]
.text a21br4zj.SYS 8F58F017 45 Bytes [00, 32, C7, 79, 8A, 3D, C5, ...]
.text a21br4zj.SYS 8F58F045 135 Bytes [DA, 2A, 82, FD, 59, 24, 82, ...]
.text a21br4zj.SYS 8F58F0CE 10 Bytes [00, 00, 00, 00, 00, 00, 66, ...]
.text a21br4zj.SYS 8F58F0DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[940] kernel32.dll!SetUnhandledExceptionFilter 76C0A84F 4 Bytes [C2, 04, 00, 00]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8A6936D2] \SystemRoot\System32\Drivers\spbs.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8A693040] \SystemRoot\System32\Drivers\spbs.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8A6937FC] \SystemRoot\System32\Drivers\spbs.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8A6930BE] \SystemRoot\System32\Drivers\spbs.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8A69313C] \SystemRoot\System32\Drivers\spbs.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8A6A3048] \SystemRoot\System32\Drivers\spbs.sys
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortNotification] 24488B66
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortWritePortUchar] E84D8966
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortWritePortUlong] 83E84D8B
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 896602C1
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 488BEA4D
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortGetScatterGatherList] 8DC80320
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortReadPortUchar] 57500845
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortStallExecution] F0458D57
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortGetParentBusType] 00006850
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortRequestCallback] 458DB002
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 35FF50E8
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortGetUnCachedExtension] [8F5B4FBC] \SystemRoot\System32\Drivers\a21br4zj.SYS (ATAPI IDE Miniport Driver/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortCompleteRequest] 57EC4D89
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortMoveMemory] 01F045C7
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] E8000000
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 0001E4E4
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 4675C73B
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortReadPortUshort] 5B4FC8A1
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 8D526A8F
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortInitialize] 00009A88
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortGetDeviceBase] 48C08300
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortDeviceStateChange] 8D076A50
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8592D1F8
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
Device \FileSystem\fastfat \FatCdrom 8935A1F8
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
Device \Driver\volmgr \Device\VolMgrControl 859281F8
---- Threads - GMER 1.0.15 ----
Thread System [4:440] 890AF790
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37b3a595
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37b3a595@001979cea2fd 0x2A 0x65 0x7F 0x4A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2C 0xB2 0xA8 0x51 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xED 0x10 0xF4 0x39 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1C 0xC6 0xA7 0xD3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37b3a595 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37b3a595@001979cea2fd 0x2A 0x65 0x7F 0x4A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2C 0xB2 0xA8 0x51 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xED 0x10 0xF4 0x39 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1C 0xC6 0xA7 0xD3 ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 01: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR
---- EOF - GMER 1.0.15 ----
Rootkit scan 2009-10-29 16:55:35
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Vista\AppData\Local\Temp\uglcypow.sys
---- System - GMER 1.0.15 ----
INT 0x51 ? 873CBF00
INT 0x52 ? 873CBF00
INT 0x72 ? 873CBF00
INT 0x72 ? 873CBF00
INT 0x82 ? 8592ABF8
INT 0x92 ? 84F9BBF8
INT 0xA2 ? 84F9BBF8
INT 0xB3 ? 873CBF00
---- Kernel code sections - GMER 1.0.15 ----
? System32\Drivers\spbs.sys Systém nemůže nalézt uvedenou cestu. !
.text USBPORT.SYS!DllUnload 8F03641B 5 Bytes JMP 873CB4E0
.text a21br4zj.SYS 8F58F000 22 Bytes [82, 73, 5C, 82, 6C, 72, 5C, ...]
.text a21br4zj.SYS 8F58F017 45 Bytes [00, 32, C7, 79, 8A, 3D, C5, ...]
.text a21br4zj.SYS 8F58F045 135 Bytes [DA, 2A, 82, FD, 59, 24, 82, ...]
.text a21br4zj.SYS 8F58F0CE 10 Bytes [00, 00, 00, 00, 00, 00, 66, ...]
.text a21br4zj.SYS 8F58F0DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[940] kernel32.dll!SetUnhandledExceptionFilter 76C0A84F 4 Bytes [C2, 04, 00, 00]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8A6936D2] \SystemRoot\System32\Drivers\spbs.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8A693040] \SystemRoot\System32\Drivers\spbs.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8A6937FC] \SystemRoot\System32\Drivers\spbs.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8A6930BE] \SystemRoot\System32\Drivers\spbs.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8A69313C] \SystemRoot\System32\Drivers\spbs.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8A6A3048] \SystemRoot\System32\Drivers\spbs.sys
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortNotification] 24488B66
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortWritePortUchar] E84D8966
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortWritePortUlong] 83E84D8B
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 896602C1
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 488BEA4D
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortGetScatterGatherList] 8DC80320
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortReadPortUchar] 57500845
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortStallExecution] F0458D57
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortGetParentBusType] 00006850
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortRequestCallback] 458DB002
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 35FF50E8
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortGetUnCachedExtension] [8F5B4FBC] \SystemRoot\System32\Drivers\a21br4zj.SYS (ATAPI IDE Miniport Driver/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortCompleteRequest] 57EC4D89
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortMoveMemory] 01F045C7
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] E8000000
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 0001E4E4
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 4675C73B
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortReadPortUshort] 5B4FC8A1
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 8D526A8F
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortInitialize] 00009A88
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortGetDeviceBase] 48C08300
IAT \SystemRoot\System32\Drivers\a21br4zj.SYS[ataport.SYS!AtaPortDeviceStateChange] 8D076A50
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8592D1F8
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
Device \FileSystem\fastfat \FatCdrom 8935A1F8
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
Device \Driver\volmgr \Device\VolMgrControl 859281F8
---- Threads - GMER 1.0.15 ----
Thread System [4:440] 890AF790
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37b3a595
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37b3a595@001979cea2fd 0x2A 0x65 0x7F 0x4A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2C 0xB2 0xA8 0x51 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xED 0x10 0xF4 0x39 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1C 0xC6 0xA7 0xD3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37b3a595 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37b3a595@001979cea2fd 0x2A 0x65 0x7F 0x4A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2C 0xB2 0xA8 0x51 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xED 0x10 0xF4 0x39 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1C 0xC6 0xA7 0xD3 ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 01: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR
---- EOF - GMER 1.0.15 ----