|
GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover Rootkit scan 2010-08-07 20:00:27 Windows 6.1.7600 Running: mzoerpbu.exe; Driver: C:\Users\user\AppData\Local\Temp\kwddypog.sys ---- System - GMER 1.0.15 ---- SSDT 80775F3C ZwCreateThread SSDT 80775F28 ZwOpenProcess SSDT 80775F2D ZwOpenThread SSDT 80775F37 ZwTerminateProcess INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302CAF8 INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302C104 INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302C3F4 INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830152D8 INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83014898 INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302C1DC INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302C958 INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302C6F8 INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302CF2C INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302D1A8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ZwSaveKeyEx + 13B1 8307E8E9 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8309E3D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 14C3 830A5790 4 Bytes [3C, 5F, 77, 80] {CMP AL, 0x5f; JA 0xffffffffffffff84} .text ntoskrnl.exe!KeRemoveQueueEx + 165F 830A592C 4 Bytes [28, 5F, 77, 80] .text ntoskrnl.exe!KeRemoveQueueEx + 167F 830A594C 4 Bytes [2D, 5F, 77, 80] .text ntoskrnl.exe!KeRemoveQueueEx + 192F 830A5BFC 4 Bytes [37, 5F, 77, 80] {AAA ; POP EDI; JA 0xffffffffffffff84} .text C:\Windows\system32\drivers\ACEDRV05.sys section is writeable [0x8CEED000, 0x30A4A, 0xE8000020] .pklstb C:\Windows\system32\drivers\ACEDRV05.sys entry point in ".pklstb" section [0x8CF2F000] .relo2 C:\Windows\system32\drivers\ACEDRV05.sys unknown last section [0x8CF4A000, 0x8E, 0x42000040] .text C:\Windows\system32\drivers\SSHDRV76.sys section is writeable [0x8CF4C000, 0x16204, 0xE8000020] .pklstb C:\Windows\system32\drivers\SSHDRV76.sys entry point in ".pklstb" section [0x8CF6A000] .relo2 C:\Windows\system32\drivers\SSHDRV76.sys unknown last section [0x8CF7A000, 0x86, 0x42000040] .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA0567300, 0x3B6D8, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA05AA300, 0x1BEE, 0xE8000020] .text peauth.sys A05B4C9D 28 Bytes [D5, D8, 75, F4, A8, 45, 64, ...] .text peauth.sys A05B4CC1 28 Bytes [D5, D8, 75, F4, A8, 45, 64, ...] PAGE peauth.sys A05BAE20 101 Bytes [0B, 68, 06, 2F, FE, CE, B5, ...] PAGE peauth.sys A05BB02C 102 Bytes [56, BA, 3F, 27, D8, EA, 28, ...] ---- User code sections - GMER 1.0.15 ---- .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtCreateFile + 6 77814A36 4 Bytes [28, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtCreateFile + B 77814A3B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtOpenFile + 6 77815146 4 Bytes [68, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtOpenFile + B 7781514B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtOpenProcess + 6 778151F6 4 Bytes [A8, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtOpenProcess + B 778151FB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtOpenProcessToken + 6 77815206 4 Bytes CALL 7681580C C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtOpenProcessToken + B 7781520B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtOpenProcessTokenEx + 6 77815216 4 Bytes [A8, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtOpenProcessTokenEx + B 7781521B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtOpenThread + 6 77815276 4 Bytes [68, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtOpenThread + B 7781527B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtOpenThreadToken + 6 77815286 4 Bytes [68, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtOpenThreadToken + B 7781528B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtOpenThreadTokenEx + 6 77815296 4 Bytes CALL 7681589D C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtOpenThreadTokenEx + B 7781529B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtQueryAttributesFile + 6 778153A6 4 Bytes [A8, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtQueryAttributesFile + B 778153AB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtQueryFullAttributesFile + 6 77815456 4 Bytes CALL 76815A5B C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtQueryFullAttributesFile + B 7781545B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtSetInformationFile + 6 77815AA6 4 Bytes [28, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtSetInformationFile + B 77815AAB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtSetInformationThread + 6 77815B06 4 Bytes [28, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtSetInformationThread + B 77815B0B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtCreateFile + 6 77814A36 4 Bytes [28, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtCreateFile + B 77814A3B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenFile + 6 77815146 4 Bytes [68, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenFile + B 7781514B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenProcess + 6 778151F6 4 Bytes [A8, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenProcess + B 778151FB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenProcessToken + 6 77815206 4 Bytes CALL 7681580C C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenProcessToken + B 7781520B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenProcessTokenEx + 6 77815216 4 Bytes [A8, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenProcessTokenEx + B 7781521B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenThread + 6 77815276 4 Bytes [68, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenThread + B 7781527B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenThreadToken + 6 77815286 4 Bytes [68, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenThreadToken + B 7781528B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenThreadTokenEx + 6 77815296 4 Bytes CALL 7681589D C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenThreadTokenEx + B 7781529B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtQueryAttributesFile + 6 778153A6 4 Bytes [A8, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtQueryAttributesFile + B 778153AB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtQueryFullAttributesFile + 6 77815456 4 Bytes CALL 76815A5B C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtQueryFullAttributesFile + B 7781545B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtSetInformationFile + 6 77815AA6 4 Bytes [28, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtSetInformationFile + B 77815AAB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtSetInformationThread + 6 77815B06 4 Bytes [28, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtSetInformationThread + B 77815B0B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtCreateFile + 6 77814A36 4 Bytes [28, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtCreateFile + B 77814A3B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenFile + 6 77815146 4 Bytes [68, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenFile + B 7781514B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenProcess + 6 778151F6 4 Bytes [A8, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenProcess + B 778151FB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenProcessToken + 6 77815206 4 Bytes CALL 7681580C C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenProcessToken + B 7781520B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenProcessTokenEx + 6 77815216 4 Bytes [A8, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenProcessTokenEx + B 7781521B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenThread + 6 77815276 4 Bytes [68, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenThread + B 7781527B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenThreadToken + 6 77815286 4 Bytes [68, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenThreadToken + B 7781528B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenThreadTokenEx + 6 77815296 4 Bytes CALL 7681589D C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenThreadTokenEx + B 7781529B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtQueryAttributesFile + 6 778153A6 4 Bytes [A8, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtQueryAttributesFile + B 778153AB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtQueryFullAttributesFile + 6 77815456 4 Bytes CALL 76815A5B C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtQueryFullAttributesFile + B 7781545B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtSetInformationFile + 6 77815AA6 4 Bytes [28, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtSetInformationFile + B 77815AAB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtSetInformationThread + 6 77815B06 4 Bytes [28, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtSetInformationThread + B 77815B0B 1 Byte [E2] ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\00000058 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\BTHPORT Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\HidBth Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0001 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0001@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0001@COD Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0001@Scans Before Out of Range 8 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0001@SCO Max Channels 2 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0001@Store Link Key COD Masks 0x00 0x00 0x1F 0x43 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0001@SymbolicLinkName \??\USB#VID_0A12&PID_0001#5&34e08004&0&2#{0850302a-b344-4fda-9be9-90576b8d46f0} Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0001@SymbolicName \??\USB#VID_0A12&PID_0001#5&34e08004&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed} Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0001@Write Scan Enable 2 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA0 0x4D 0x75 0x70 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC5 0x9C 0xEF 0xF3 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x10 0x1B 0xCD 0x77 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x42 0xBF 0x14 0xD6 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\BTHPORT (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\HidBth (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0001@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0001@COD Type 1 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0001@Scans Before Out of Range 8 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0001@SCO Max Channels 2 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0001@Store Link Key COD Masks 0x00 0x00 0x1F 0x43 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0001@SymbolicLinkName \??\USB#VID_0A12&PID_0001#5&34e08004&0&2#{0850302a-b344-4fda-9be9-90576b8d46f0} Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0001@SymbolicName \??\USB#VID_0A12&PID_0001#5&34e08004&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed} Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0001@Write Scan Enable 2 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA0 0x4D 0x75 0x70 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC5 0x9C 0xEF 0xF3 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x10 0x1B 0xCD 0x77 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x42 0xBF 0x14 0xD6 ... Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{D886BAC7-5194-11DD-9464-806E6F6E6963} 7141876640 Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{5885E366-A224-11DF-9B8B-806E6F6E6963} 48380280 ---- EOF - GMER 1.0.15 ---- |
Sieht auch ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 12:21 Uhr. |
Copyright ©2000-2025, Trojaner-Board