GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-11-27 22:57:09 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2320BH_G2 rev.8909 Running: gmer.exe; Driver: C:\Users\Maslo\AppData\Local\Temp\ugloypod.sys ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 hotcore3.sys (Hotbackup helper driver/Paragon Software Group) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 hotcore3.sys (Hotbackup helper driver/Paragon Software Group) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 hotcore3.sys (Hotbackup helper driver/Paragon Software Group) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 hotcore3.sys (Hotbackup helper driver/Paragon Software Group) Device \FileSystem\cdfs \Cdfs 8A97C05C ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0021866b431a Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0021866b431a@001641ba2bba 0x69 0xFD 0x44 0x88 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0021866b431a@0022fc5793e6 0xD1 0x11 0xAF 0xBC ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0021866b431a@001e3b6cd0bd 0xBE 0x54 0xB4 0x20 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0021866b431a@d875334ce7c7 0xC9 0x20 0xAF 0x34 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0021866b431a@002243d622c3 0x25 0xCA 0xD7 0x41 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0021866b431a@d87533c80ad8 0x5C 0x18 0x6C 0xC9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0021866b431a@f8db7fae9cce 0xD1 0x4D 0xE7 0xE8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x04 0x35 0xAA 0xC0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xA3 0x80 0x99 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xCF 0x70 0x30 0xAE ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0021866b431a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0021866b431a@001641ba2bba 0x69 0xFD 0x44 0x88 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0021866b431a@0022fc5793e6 0xD1 0x11 0xAF 0xBC ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0021866b431a@001e3b6cd0bd 0xBE 0x54 0xB4 0x20 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0021866b431a@d875334ce7c7 0xC9 0x20 0xAF 0x34 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0021866b431a@002243d622c3 0x25 0xCA 0xD7 0x41 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0021866b431a@d87533c80ad8 0x5C 0x18 0x6C 0xC9 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0021866b431a@f8db7fae9cce 0xD1 0x4D 0xE7 0xE8 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x04 0x35 0xAA 0xC0 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xA3 0x80 0x99 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xCF 0x70 0x30 0xAE ... ---- EOF - GMER 1.0.15 ----