win32/Mebroot.K Trojan

[Brucoun]

tak vse dle popisu provedeno .. a mame asi prvni drobny uspech )) neco malo zmizelo... )) co dál ??

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
PE file found in sector at 0x01D1C06C0 !

[earl]

Ok,blahopreji.

Pouzijte T-Cleaner na vycisteni pc po docasnych souborech pri odvirovani.Postupujte dle instrukci na obrazovce.Pri detekci antivirem se jedna o falesny poplach.

A zmente si veskera hesla na ICQ,Skype,email,internet banking apod.,jelikoz Mebroot tyto informace shromazdoval a odesilal na cizi servery v zahranici.

[Brucoun]

super diky

jen se chci jeste zeptat ten posledni radek ..

PE file founnd in sector ....

ten tam ma byt ??

Ptám se proto ze na druhym PC se mi tam neobjevuje .. ))

PS: jinak T-Cleaner spusten a neco tam vymazal ..

[earl]

Stahnete si na plochu RootRepeal
Rozbalte zip soubor - spustte RootRepeal.exe - Report - Scan - zafajknete Select ALL - kliknete na OK - po skenu kliknete na Save Report a log vlozte sem.

[Brucoun]

a ja myslel ze je vse v poradku ... jdu na to jujky .. kouslo se to. dal jsem ousko report .. vse zaskrtl.. pak se me to chtelo zaskrtnout C a pak vytuhnul celej PC

[Brucoun]

tak jsem to restartnul .. a pustil znovu .. a stejnej prubeh myska uplně vytuhla ale HDD sviti tak pockam .. treba to neco dela

[earl]

Nechal bych to,nekdy to trva dele,nez je obvykle.

[Brucoun]

nechal jsem to 40 min a porad nic reset

[earl]

Vcera jsem nebyl u pc-pardon.

presunte mbr.exe do adresare C:\Windows

dalsi postup jest nasledujici:

Start/Spustit a do chlivecku napiste cmd a stisk Enter.

vybafne na vas okenko prikazoveho radku; vy nadatlujte rucne prikaz:

mbr.exe -t

a stisknete Enter

Po provedeni operace restartujte a spustte mbr jeste jednou, jiz normalne a vlozte sem log.

Stahnete GMER (gmer.zip), rozbalte a spustte
probehne sken, po jehoz ukonceni na vas vyskoci vysledky,
pote kliknete na Save a ulozite tak oba logy, jejichz obsah sem vlozte
V pripade potizi je k dispozici navod v mem podpisu-GMER.

[Brucoun]

Tak: asi to fakt neni jeste v poradku .. po tom co jsem restartoval tak mi Symantec hodil napadeni Trojanem

Prosím koukni na to a porad co dal

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
PE file found in sector at 0x01D1C06C0 !


GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-10 23:50:52
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT E18CF418 ZwConnectPort
SSDT spns.sys ZwCreateKey [0xB9EA80E0]
SSDT spns.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spns.sys ZwEnumerateValueKey [0xB9EC7030]
SSDT spns.sys ZwOpenKey [0xB9EA80C0]
SSDT spns.sys ZwQueryKey [0xB9EC7108]
SSDT spns.sys ZwQueryValueKey [0xB9EC6F88]
SSDT spns.sys ZwSetValueKey [0xB9EC719A]
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0x9DBE96D0]

INT 0x62 ? 89D63BF8
INT 0x63 ? 89B7FF00
INT 0x73 ? 89DCFBF8
INT 0x82 ? 89D63BF8
INT 0x83 ? 89DCFBF8
INT 0xB4 ? 89B7FF00

---- Kernel code sections - GMER 1.0.15 ----

? spns.sys Systém nemůže nalézt uvedený soubor. !
.text USBPORT.SYS!DllUnload B89AA8AC 5 Bytes JMP 89B7F4E0
.text adhh6hec.SYS B8062384 1 Byte [20]
.text adhh6hec.SYS B8062384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text adhh6hec.SYS B80623AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text adhh6hec.SYS B80623C4 3 Bytes [00, 00, 00]
.text adhh6hec.SYS B80623C9 1 Byte [00]
.text ...
? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys Systém nemůže nalézt uvedený soubor. !
? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys Systém nemůže nalézt uvedený soubor. !

---- User code sections - GMER 1.0.15 ----

.text C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] msvcrt.dll!??2@YAPAXI@Z 77C19CC5 5 Bytes JMP 0A93B250 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] msvcrt.dll!??3@YAXPAX@Z 77C19CDD 5 Bytes JMP 0A93B2A0 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 77C19D9F 5 Bytes JMP 0A93B2C0 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] msvcrt.dll!_expand 77C19FE5 5 Bytes JMP 0A93B230 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] msvcrt.dll!_heapadd 77C1BC9F 5 Bytes JMP 0A93B310 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] msvcrt.dll!_heapchk 77C1BCB3 5 Bytes JMP 0A93B320 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] msvcrt.dll!_heapset + 1 77C1BD83 4 Bytes JMP 0A93B351 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] msvcrt.dll!_heapmin 77C1BD8C 5 Bytes JMP 0A93B420 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] msvcrt.dll!_heapused 77C1BE3A 5 Bytes JMP 0A93B3F0 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] msvcrt.dll!_heapwalk 77C1BE4D 5 Bytes JMP 0A93B360 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] msvcrt.dll!_msize 77C1BF6C 5 Bytes JMP 0A93B180 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] msvcrt.dll!calloc 77C1C0C3 5 Bytes JMP 0A93B110 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] msvcrt.dll!free 77C1C21B 5 Bytes JMP 0A93B170 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] msvcrt.dll!malloc 77C1C407 5 Bytes JMP 0A93B0D0 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] msvcrt.dll!realloc 77C1C437 5 Bytes JMP 0A93B150 C:\WINDOWS\system32\SH33W32.dll

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA9040] spns.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA913C] spns.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA90BE] spns.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA97FC] spns.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA96D2] spns.sys
IAT \SystemRoot\System32\Drivers\adhh6hec.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
IAT \SystemRoot\System32\Drivers\adhh6hec.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
IAT \SystemRoot\System32\Drivers\adhh6hec.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
IAT \SystemRoot\System32\Drivers\adhh6hec.SYS[HAL.dll!KfRaiseIrql] 000000AF
IAT \SystemRoot\System32\Drivers\adhh6hec.SYS[HAL.dll!KfLowerIrql] 0000009C
IAT \SystemRoot\System32\Drivers\adhh6hec.SYS[HAL.dll!HalGetInterruptVector] 000000A4
IAT \SystemRoot\System32\Drivers\adhh6hec.SYS[HAL.dll!HalTranslateBusAddress] 00000072
IAT \SystemRoot\System32\Drivers\adhh6hec.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
IAT \SystemRoot\System32\Drivers\adhh6hec.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
IAT \SystemRoot\System32\Drivers\adhh6hec.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
IAT \SystemRoot\System32\Drivers\adhh6hec.SYS[HAL.dll!READ_PORT_USHORT] 00000093
IAT \SystemRoot\System32\Drivers\adhh6hec.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
IAT \SystemRoot\System32\Drivers\adhh6hec.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
IAT \SystemRoot\System32\Drivers\adhh6hec.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
IAT \SystemRoot\System32\Drivers\adhh6hec.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EB9048] spns.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LocalSize] [0A93C2E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [0A93A0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GlobalHandle] [0A93C100] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LocalUnlock] [0A93C300] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LocalLock] [0A93C2A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LocalReAlloc] [0A93C2C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GlobalAlloc] [0A93C0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GlobalReAlloc] [0A93C140] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GlobalFlags] [0A93C0C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GlobalFree] [0A93C0E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LocalAlloc] [0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LocalFree] [0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GlobalSize] [0A93C160] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GlobalLock] [0A93C120] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GlobalUnlock] [0A93C180] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] [0A93B8C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] [0A93BA00] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LocalReAlloc] [0A93C2C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GlobalLock] [0A93C120] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GlobalUnlock] [0A93C180] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [0A93A0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LocalFree] [0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LocalAlloc] [0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GlobalAlloc] [0A93C0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GlobalSize] [0A93C160] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GlobalFree] [0A93C0E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] [0A93B8C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] [0A93BA00] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LocalFree] [0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LocalAlloc] [0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LocalReAlloc] [0A93C2C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0A93A0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcessHeap] [0A93B830] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] [0A93BA00] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] [0A93B8C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] [0A93BA90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GlobalFree] [0A93C0E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcessHeap] [0A93B830] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] [0A93BA00] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] [0A93B8C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] [0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LocalFree] [0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LocalAlloc] [0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] [0A93BA00] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] [0A93B8C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] [0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcessHeap] [0A93B830] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] [0A93B9C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] [0A93B960] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapValidate] [0A93BB40] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCompact] [0A93B930] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapWalk] [0A93BB80] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] [0A93B960] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcessHeap] [0A93B830] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] [0A93B9C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GlobalReAlloc] [0A93C140] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LocalSize] [0A93C2E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GlobalSize] [0A93C160] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GlobalAlloc] [0A93C0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GlobalLock] [0A93C120] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GlobalUnlock] [0A93C180] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GlobalFree] [0A93C0E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0A93A0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LocalAlloc] [0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LocalFree] [0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LocalReAlloc] [0A93C2C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [0A93A010] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] [0A93BA00] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GlobalUnlock] [0A93C180] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GlobalFree] [0A93C0E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GlobalAlloc] [0A93C0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GlobalLock] [0A93C120] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0A93A010] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0A93A0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [0A93A230] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LocalSize] [0A93C2E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] [0A93B9C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate] [0A93B960] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LocalReAlloc] [0A93C2C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LocalAlloc] [0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LocalFree] [0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] [0A93C180] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] [0A93C120] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] [0A93B830] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!HeapValidate] [0A93BB40] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!HeapCompact] [0A93B930] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LocalAlloc] [0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LocalFree] [0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0A93A0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibraryAndExitThread] [0A93A230] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [0A93A010] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalFree] [0A93C0E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] [0A93C0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalSize] [0A93C160] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalReAlloc] [0A93C140] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LocalUnlock] [0A93C300] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LocalLock] [0A93C2A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[1288] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] [0A93BA00] C:\WINDOWS\system32\SH33W32.dll

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89DCE1F8

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\NetBT \Device\NetBT_Tcpip_{49B7808E-C826-48B0-8DCD-17D32282BB6E} 895B6500
Device \Driver\usbohci \Device\USBPDO-0 89B7E1F8
Device \Driver\usbehci \Device\USBPDO-1 89A491F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{14217C79-DF98-4835-8813-19C59AF3B74E} 895B6500

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\sptd \Device\4169307816 spns.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 89D641F8
Device \Driver\nvata \Device\00000071 89DCF1F8
Device \Driver\Cdrom \Device\CdRom0 89A531F8
Device \Driver\nvata \Device\00000072 89DCF1F8
Device \Driver\Cdrom \Device\CdRom1 89A531F8
Device \Driver\Cdrom \Device\CdRom2 89A531F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 895B6500
Device \Driver\NetBT \Device\NetbiosSmb 895B6500
Device \Driver\PCI_PNP2816 \Device\0000004f spns.sys

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbohci \Device\USBFDO-0 89B7E1F8
Device \Driver\usbehci \Device\USBFDO-1 89A491F8
Device \Driver\nvatabus \Device\NvAta0 89D631F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8959F500
Device \Driver\nvata \Device\NvAta1 89DCF1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8959F500
Device \Driver\nvata \Device\NvAta2 89DCF1F8
Device \Driver\Ftdisk \Device\FtControl 89D641F8
Device \Driver\adhh6hec \Device\Scsi\adhh6hec1Port3Path0Target1Lun0 899F01F8
Device \Driver\adhh6hec \Device\Scsi\adhh6hec1Port3Path0Target0Lun0 899F01F8
Device \Driver\adhh6hec \Device\Scsi\adhh6hec1 899F01F8
Device \FileSystem\Cdfs \Cdfs 89B03500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7C 0x72 0xEE 0x1A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x20 0x96 0xC8 0x12 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCF 0x29 0x34 0xD8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x57 0x58 0x7A 0x9D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x69 0x94 0x07 0x94 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD6 0xA5 0xCE 0xC6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x86 0x0D 0x49 0x2C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7C 0x72 0xEE 0x1A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x20 0x96 0xC8 0x12 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCF 0x29 0x34 0xD8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x57 0x58 0x7A 0x9D ...

---- EOF - GMER 1.0.15 ----

[earl]

Proberu to s kolegy.

[Brucoun]

Predem diky ))

[earl]

Stahnete si na plochu RootRepeal
Rozbalte zip soubor - spustte RootRepeal.exe v NOUZOVEM REZIMU - Report - Scan - zafajknete Select ALL - kliknete na OK - po skenu kliknete na Save Report a log vlozte sem.

Pokud to stale nepujde,provedeme nasledujici kroky:

Smazte z plochy vsechny logy z mbr.

Stahnete MBR ulozte ho na plochu.

Jdete na Start-spustit-do okenka zkopirujte "%userprofile%\plocha\mbr" -t a enter.

Novy log z mbr vlozte sem.

[Brucoun]

Tak RootRepeal porad nic.. Spustil jsem ho v nouz. rezimu, dle popisu zaskrtal vse dal scan a kouslo se to na to na ousku Files. Zkusil jsem to po resetu znova a nezaskrtnul jsem files a kouslo se to az na ousku Hidden Services

Tak ted jdu na tu druhou cast.. kterou pustim v normalnim rezimu ...

[Brucoun]

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89DCF1F8]<<
kernel: MBR read successfully
user & kernel MBR OK
PE file found in sector at 0x01D1C06C0 !