GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-04-06 13:19:48 Windows 5.1.2600 Dodatek Service Pack 3 Running: jprlhmlo.exe ---- Services - GMER 2.1 ---- Service C:\WINDOWS\System32\Drivers\40906105e69db88.sys (*** hidden *** ) [BOOT] 40906105e69db88 <-- ROOTKIT !!! Service C:\WINDOWS\SYSTEM32\DRIVERS\jtps.sys (*** hidden *** ) [AUTO] jtps <-- ROOTKIT !!! ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\40906105e69db88@ImagePath \SystemRoot\System32\Drivers\40906105e69db88.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\40906105e69db88@Group Boot Bus Extender Reg HKLM\SYSTEM\CurrentControlSet\Services\40906105e69db88@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\40906105e69db88@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\40906105e69db88@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\40906105e69db88@Tag 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\40906105e69db88@DisplayName neoh.exe Reg HKLM\SYSTEM\CurrentControlSet\Services\40906105e69db88 Reg HKLM\SYSTEM\CurrentControlSet\Services\jtps Reg HKLM\SYSTEM\CurrentControlSet\Services\jtps@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\jtps@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\jtps@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\jtps@ImagePath \??\C:\WINDOWS\SYSTEM32\DRIVERS\jtps.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\jtps@DisplayName jtps Reg HKLM\SYSTEM\CurrentControlSet\Services\jtps\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\jtps\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\jtps Reg HKLM\SYSTEM\ControlSet003\Services\40906105e69db88@ImagePath \SystemRoot\System32\Drivers\40906105e69db88.sys Reg HKLM\SYSTEM\ControlSet003\Services\40906105e69db88@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet003\Services\40906105e69db88@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet003\Services\40906105e69db88@Type 1 Reg HKLM\SYSTEM\ControlSet003\Services\40906105e69db88@Start 0 Reg HKLM\SYSTEM\ControlSet003\Services\40906105e69db88@Tag 1 Reg HKLM\SYSTEM\ControlSet003\Services\40906105e69db88@DisplayName neoh.exe Reg HKLM\SYSTEM\ControlSet003\Services\jtps (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\jtps@Type 1 Reg HKLM\SYSTEM\ControlSet003\Services\jtps@Start 2 Reg HKLM\SYSTEM\ControlSet003\Services\jtps@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet003\Services\jtps@ImagePath \??\C:\WINDOWS\SYSTEM32\DRIVERS\jtps.sys Reg HKLM\SYSTEM\ControlSet003\Services\jtps@DisplayName jtps Reg HKLM\SYSTEM\ControlSet003\Services\jtps\Security (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\jtps\Security@Security 0x01 0x00 0x14 0x80 ... ---- EOF - GMER 2.1 ----