Re: Win32/Mebroot.K
Napsal: 11 črc 2008 19:29
Tak kontrola NORMANem u konce, zde log:
Norman SinowalMBR Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/05/13 16:21:18
Norman Scanner Engine Version: 5.92.04
Nvcbin.def Version: 5.92.00, Date: 2008/05/13 16:21:18, Variants: 0
Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3
Logged on user: LUKAS-NEW\Lukas a Misa
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000
Scan started: 11/07/2008 18:58:48
Scanning bootsectors...
No SinowalMBR hooks found
Number of sectors found: 2
Number of sectors scanned: 2
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 0s 328ms
Scanning running processes and process memory...
Number of processes/threads found: 1962
Number of processes/threads scanned: 1962
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 11s
Scanning file system...
Scanning: C:\*.*
C:\Program Files\Nero\Nero8\Nero BackItUp\BackItUp_ImageTool\root.img/unknown0 (Error whilst scanning file: I/O Error)
C:\Program Files\Nero\Nero8\Nero BackItUp\BackItUp_ImageTool\root.img (Possible archive bomb)
Scanning: E:\*.*
Scanning: F:\*.*
Running post-scan cleanup routine:
Number of files found: 289821
Number of archives unpacked: 1752
Number of files scanned: 289779
Number of files not scanned: 42
Number of files skipped due to exclude list: 0
Number of infected files found: 1
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 1h 14m 54s
Restartoval jsem PC, jestli jsem pochopil správně, že má dojít k samočištění, tak nedošlo. Inkriminovaný soubor z adresáře Nero jsem přesunul do karantény NODu.
Nyní log mbr.exe:
Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
malicious code @ sector 0x25429800 size 0x2c3 !
copy of MBR has been found in sector 62 !
.. stále stejné.
Při volitelné kontrole boot sektorů jednotlivých disků NODem nenalezena žádná nákaza.
Kompletní scan z GMERu je zde:
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-07-11 20:28:40
Windows 5.1.2600 Service Pack 3
---- Kernel code sections - GMER 1.0.14 ----
? C:\DOCUME~1\LUKASA~1\LOCALS~1\Temp\mbr.sys Systém nemůže nalézt uvedený soubor. !
---- User code sections - GMER 1.0.14 ----
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1876] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [ C2, 04, 00, 00 ]
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x36 0x4D 0x06 0x1A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE6 0x20 0xE8 0xB1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x78 0x99 0x37 0xEE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xB3 0xBB 0xF4 0x11 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x36 0x4D 0x06 0x1A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE6 0x20 0xE8 0xB1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x78 0x99 0x37 0xEE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xB3 0xBB 0xF4 0x11 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x36 0x4D 0x06 0x1A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE6 0x20 0xE8 0xB1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x78 0x99 0x37 0xEE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xB3 0xBB 0xF4 0x11 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Dveře\Door Hasp Catching.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Dveře\Gallactic Door MS.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Dveře\Gate Squeek.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Dveře\Heavy Door Latch MS.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Dveře\Heavy Latch w_Rev.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Dveře\Sand Bag Dragging2.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Dveře\Sledge Striking Anvil.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Gag\Bone Crush.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Gag\Poke.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Gag\Slip-Fall.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Gag\Smack.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Gag\Whip Crack Vx.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Gag\Whip Crack.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Temné burácení\Alligator Hiss.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Temné burácení\Deep Resonance Nova.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Temné burácení\Deep Resonance.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Temné burácení\Deep Swoosh L-R.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Temné burácení\Explosion Underwater nova.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Temné burácení\Fire Roar.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Temné burácení\Leopard Growl2.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Temné burácení\Low Polsating Rumble-50.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Temné burácení\Low Pulsating Rumble.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Temné burácení\Low Pulsating Rumble2.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Temné burácení\Motar Expl w_Rev.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Temné burácení\Muffled Explosion nova.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Temné burácení\Muffled Explosion.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Temné burácení\Small Motar Expl.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Temné burácení\V8 Engine Idle.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Různé\Bike Sliding in Sand.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Různé\Glass Pack Pipe2.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Různé\Heavy Bag Drop2.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Různé\Hollow Wind .wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Různé\Horse Trotting.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Různé\Horse Walking.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Různé\Light Rainfall.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Různé\Lion Roar Multi.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Různé\Riding Mower Idle2.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Různé\Time Machine Brk MS.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Různé\Time Machine Car MS.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Různé\Water Pour.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Různé\Whispy Air.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Hrající si děti\Bat Crack .wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Hrající si děti\Crowd Applause.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Hrající si děti\Crowd Cheering_Appl.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Hrající si děti\Soccerball Kick.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Hrající si děti\Stage Lights On.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Hrající si děti\Tackle.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Vesmírná loď\Electronic Motor2.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Vesmírná loď\Flamethrower.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Vesmírná loď\Laser Gun MS.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Vesmírná loď\Missile Launch.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Vesmírná loď\Missle Impact Single.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Vesmírná loď\Nova Explosion MS.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Vesmírná loď\Photon Torpedo Single.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Vesmírná loď\Piercing Explosion nova.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Vesmírná loď\Pulse Gun Single.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Vesmírná loď\Rocket Takeoff MS.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Vesmírná loď\Single Impact Expln.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Vesmírná loď\Small Mortar Expl Double.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Vesmírná loď\Turbine Rotation.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Vesmírná loď\Warp Drive Engaging MS.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Vesmírná loď\small mortar rvb.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Cestování\Camera Shutter.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Cestování\Car Ignition2.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Cestování\Muscle Car Drive-by.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Cestování\Muscle Car Shifting.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Cestování\Plane Takeoff.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Cestování\Screeching Brakes.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Zimní radovánky\Baby Cough2.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Zimní radovánky\Bear Growl2.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Zimní radovánky\Cough harsh2.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Zimní radovánky\Crackling Hearth.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Zimní radovánky\Fml Sneeze n Cough.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Zimní radovánky\Santa's Sleigh Landing MS.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Zimní radovánky\Sleigh Bells.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Zimní radovánky\Snowball Hit.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Zimní radovánky\Tearing Open Present.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Zimní radovánky\Throat clearing2.wav 1
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...
---- Disk sectors - GMER 1.0.14 ----
Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x25429800 size 0x2c3
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
---- EOF - GMER 1.0.14 ----
Norman SinowalMBR Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/05/13 16:21:18
Norman Scanner Engine Version: 5.92.04
Nvcbin.def Version: 5.92.00, Date: 2008/05/13 16:21:18, Variants: 0
Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3
Logged on user: LUKAS-NEW\Lukas a Misa
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000
Scan started: 11/07/2008 18:58:48
Scanning bootsectors...
No SinowalMBR hooks found
Number of sectors found: 2
Number of sectors scanned: 2
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 0s 328ms
Scanning running processes and process memory...
Number of processes/threads found: 1962
Number of processes/threads scanned: 1962
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 11s
Scanning file system...
Scanning: C:\*.*
C:\Program Files\Nero\Nero8\Nero BackItUp\BackItUp_ImageTool\root.img/unknown0 (Error whilst scanning file: I/O Error)
C:\Program Files\Nero\Nero8\Nero BackItUp\BackItUp_ImageTool\root.img (Possible archive bomb)
Scanning: E:\*.*
Scanning: F:\*.*
Running post-scan cleanup routine:
Number of files found: 289821
Number of archives unpacked: 1752
Number of files scanned: 289779
Number of files not scanned: 42
Number of files skipped due to exclude list: 0
Number of infected files found: 1
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 1h 14m 54s
Restartoval jsem PC, jestli jsem pochopil správně, že má dojít k samočištění, tak nedošlo. Inkriminovaný soubor z adresáře Nero jsem přesunul do karantény NODu.
Nyní log mbr.exe:
Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
malicious code @ sector 0x25429800 size 0x2c3 !
copy of MBR has been found in sector 62 !
.. stále stejné.
Při volitelné kontrole boot sektorů jednotlivých disků NODem nenalezena žádná nákaza.
Kompletní scan z GMERu je zde:
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-07-11 20:28:40
Windows 5.1.2600 Service Pack 3
---- Kernel code sections - GMER 1.0.14 ----
? C:\DOCUME~1\LUKASA~1\LOCALS~1\Temp\mbr.sys Systém nemůže nalézt uvedený soubor. !
---- User code sections - GMER 1.0.14 ----
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1876] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [ C2, 04, 00, 00 ]
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x36 0x4D 0x06 0x1A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE6 0x20 0xE8 0xB1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x78 0x99 0x37 0xEE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xB3 0xBB 0xF4 0x11 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x36 0x4D 0x06 0x1A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE6 0x20 0xE8 0xB1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x78 0x99 0x37 0xEE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xB3 0xBB 0xF4 0x11 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x36 0x4D 0x06 0x1A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE6 0x20 0xE8 0xB1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x78 0x99 0x37 0xEE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xB3 0xBB 0xF4 0x11 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Dveře\Door Hasp Catching.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Dveře\Gallactic Door MS.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Dveře\Gate Squeek.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Dveře\Heavy Door Latch MS.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Dveře\Heavy Latch w_Rev.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Dveře\Sand Bag Dragging2.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Dveře\Sledge Striking Anvil.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Gag\Bone Crush.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Gag\Poke.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Gag\Slip-Fall.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Gag\Smack.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Gag\Whip Crack Vx.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Gag\Whip Crack.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Temné burácení\Alligator Hiss.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Temné burácení\Deep Resonance Nova.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Temné burácení\Deep Resonance.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Temné burácení\Deep Swoosh L-R.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Temné burácení\Explosion Underwater nova.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Temné burácení\Fire Roar.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Temné burácení\Leopard Growl2.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Temné burácení\Low Polsating Rumble-50.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Temné burácení\Low Pulsating Rumble.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Temné burácení\Low Pulsating Rumble2.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Temné burácení\Motar Expl w_Rev.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Temné burácení\Muffled Explosion nova.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Temné burácení\Muffled Explosion.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Temné burácení\Small Motar Expl.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Temné burácení\V8 Engine Idle.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Různé\Bike Sliding in Sand.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Různé\Glass Pack Pipe2.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Různé\Heavy Bag Drop2.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Různé\Hollow Wind .wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Různé\Horse Trotting.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Různé\Horse Walking.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Různé\Light Rainfall.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Různé\Lion Roar Multi.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Různé\Riding Mower Idle2.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Různé\Time Machine Brk MS.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Různé\Time Machine Car MS.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Různé\Water Pour.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Různé\Whispy Air.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Hrající si děti\Bat Crack .wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Hrající si děti\Crowd Applause.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Hrající si děti\Crowd Cheering_Appl.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Hrající si děti\Soccerball Kick.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Hrající si děti\Stage Lights On.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Hrající si děti\Tackle.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Vesmírná loď\Electronic Motor2.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Vesmírná loď\Flamethrower.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Vesmírná loď\Laser Gun MS.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Vesmírná loď\Missile Launch.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Vesmírná loď\Missle Impact Single.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Vesmírná loď\Nova Explosion MS.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Vesmírná loď\Photon Torpedo Single.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Vesmírná loď\Piercing Explosion nova.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Vesmírná loď\Pulse Gun Single.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Vesmírná loď\Rocket Takeoff MS.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Vesmírná loď\Single Impact Expln.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Vesmírná loď\Small Mortar Expl Double.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Vesmírná loď\Turbine Rotation.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Vesmírná loď\Warp Drive Engaging MS.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Vesmírná loď\small mortar rvb.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Cestování\Camera Shutter.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Cestování\Car Ignition2.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Cestování\Muscle Car Drive-by.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Cestování\Muscle Car Shifting.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Cestování\Plane Takeoff.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Cestování\Screeching Brakes.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Zimní radovánky\Baby Cough2.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Zimní radovánky\Bear Growl2.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Zimní radovánky\Cough harsh2.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Zimní radovánky\Crackling Hearth.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Zimní radovánky\Fml Sneeze n Cough.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Zimní radovánky\Santa's Sleigh Landing MS.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Zimní radovánky\Sleigh Bells.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Zimní radovánky\Snowball Hit.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Zimní radovánky\Tearing Open Present.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\Studio 11\Sound Effects\UFX \x2013 Zimní radovánky\Throat clearing2.wav 1
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...
---- Disk sectors - GMER 1.0.14 ----
Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x25429800 size 0x2c3
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
---- EOF - GMER 1.0.14 ----