Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win32/cryptor


  • Please log in to reply
1 reply to this topic

#1 biba82

biba82

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 30 August 2009 - 06:54 AM

I don't know where it exactly came from, but since yesterday, my laptop's been doing all sorts of funny things. So I ran avg 8.5 free and it found the following:

"C:\Programme\AV Care\PP.exe";"Trojan horse Downloader.Zlob.ANZY";"Moved to Virus Vault"
"C:\WINDOWS\system32\net.net";"Trojan horse Clicker.AAWS";"Moved to Virus Vault"

Problems continued, so I scanned again this morning just to find this:

"\\?\globalroot\systemroot\system32\UACvkoolsinua.dll";"Virus found Win32/Cryptor";"Moved to Virus Vault"
"C:\WINDOWS\explorer.exe (1480)";"Virus found Win32/Cryptor";""
"C:\WINDOWS\msa.exe";"Trojan horse Generic14.AETA";"Moved to Virus Vault"
"C:\WINDOWS\msb.exe";"Trojan horse Generic14.AETA";"Moved to Virus Vault"

Removed the infection, apart from "C:\WINDOWS\explorer.exe (1480)";"Virus found Win32/Cryptor";"" and rebooted, scanned again and "C:\WINDOWS\explorer.exe (1480)";"Virus found Win32/Cryptor";"" showed up next to
"\\?\globalroot\systemroot\system32\UACvkoolsinua.dll";"Virus found Win32/Cryptor";"Moved to Virus Vault".

What can I do to remove this pest?

Please, anyone, help!

BC AdBot (Login to Remove)

 


#2 biba82

biba82
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 30 August 2009 - 10:42 AM

it gets better and better, just found an mbr rootkit on my external harddrive!

Here is my rootrepeal log:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/30 17:18
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: aspi32.sys
Image Path: C:\WINDOWS\System32\drivers\aspi32.sys
Address: 0xBAB80000 Size: 16512 File Visible: - Signed: No
Status: -

Name: aujasnkj.sys
Image Path: C:\DOKUME~1\BENJAM~1\LOKALE~1\Temp\aujasnkj.sys
Address: 0xA3E50000 Size: 84352 File Visible: No Signed: No
Status: -

Name: btkrnl.sys
Image Path: C:\WINDOWS\system32\DRIVERS\btkrnl.sys
Address: 0xB9344000 Size: 1322784 File Visible: - Signed: No
Status: -

Name: btserial.sys
Image Path: C:\WINDOWS\system32\drivers\btserial.sys
Address: 0xBABB8000 Size: 22432 File Visible: - Signed: No
Status: -

Name: btslbcsp.sys
Image Path: C:\WINDOWS\system32\drivers\btslbcsp.sys
Address: 0xA5992000 Size: 203072 File Visible: - Signed: No
Status: -

Name: btwusb.sys
Image Path: C:\WINDOWS\System32\Drivers\btwusb.sys
Address: 0xBA9C8000 Size: 53024 File Visible: - Signed: No
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB68BE000 Size: 98304 File Visible: No Signed: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBAE6A000 Size: 8192 File Visible: No Signed: No
Status: -

Name: hwinterface.sys
Image Path: C:\WINDOWS\System32\Drivers\hwinterface.sys
Address: 0xBAF3C000 Size: 2624 File Visible: - Signed: No
Status: -

Name: InCDfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\InCDfs.SYS
Address: 0xB6EFA000 Size: 98176 File Visible: - Signed: No
Status: -

Name: InCDPass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\InCDPass.sys
Address: 0xBAC30000 Size: 28928 File Visible: - Signed: No
Status: -

Name: InCDrec.SYS
Image Path: C:\WINDOWS\System32\Drivers\InCDrec.SYS
Address: 0xBAE02000 Size: 7808 File Visible: - Signed: No
Status: -

Name: incdrm.SYS
Image Path: C:\WINDOWS\System32\Drivers\incdrm.SYS
Address: 0xBAC38000 Size: 27648 File Visible: - Signed: No
Status: -

Name: mbr.sys
Image Path: C:\DOKUME~1\BENJAM~1\LOKALE~1\Temp\mbr.sys
Address: 0xA3F09000 Size: 11776 File Visible: No Signed: No
Status: -

Name: PCI_PNP9274
Image Path: \Driver\PCI_PNP9274
Address: 0x00000000 Size: 0 File Visible: No Signed: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA52BF000 Size: 49152 File Visible: No Signed: No
Status: -

Name: sp_rsdrv2.sys
Image Path: C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
Address: 0xB6DD2000 Size: 141312 File Visible: - Signed: No
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: No
Status: -

Name: spwf.sys
Image Path: spwf.sys
Address: 0xBA6A6000 Size: 1052672 File Visible: No Signed: No
Status: -

Name: Teefer.sys
Image Path: Teefer.sys
Address: 0xBA4D9000 Size: 118784 File Visible: - Signed: No
Status: -

Name: wpsdrvnt.sys
Image Path: C:\WINDOWS\system32\drivers\wpsdrvnt.sys
Address: 0xBA938000 Size: 36864 File Visible: - Signed: No
Status: -

Hidden/Locked Files
-------------------
Path: E:\I
Status: Visible to the Windows API, but not on disk.

Path: E:\W
Status: Visible to the Windows API, but not on disk.

Path: E:\d
Status: Visible to the Windows API, but not on disk.

Path: E:\d
Status: Visible to the Windows API, but not on disk.

Path: E:\_
Status: Visible to the Windows API, but not on disk.

Path: E:\H
Status: Visible to the Windows API, but not on disk.

Path: E:\W
Status: Visible to the Windows API, but not on disk.

Path: E:\c
Status: Visible to the Windows API, but not on disk.

Path: E:\C
Status: Visible to the Windows API, but not on disk.

Path: E:\E
Status: Visible to the Windows API, but not on disk.

Path: E:\\
Status: Visible to the Windows API, but not on disk.

Path: E:\C
Status: Visible to the Windows API, but not on disk.

Path: E:\E
Status: Visible to the Windows API, but not on disk.

Path: E:\\
Status: Visible to the Windows API, but not on disk.

Path: E:\E
Status: Visible to the Windows API, but not on disk.

Path: E:\1
Status: Visible to the Windows API, but not on disk.

Path: E:\e
Status: Visible to the Windows API, but not on disk.

Path: E:\V
Status: Visible to the Windows API, but not on disk.

Path: E:\u
Status: Visible to the Windows API, but not on disk.

Path: E:\T
Status: Visible to the Windows API, but not on disk.

Path: E:\\
Status: Visible to the Windows API, but not on disk.

Path: E:\V
Status: Visible to the Windows API, but not on disk.

Path: E:\F
Status: Visible to the Windows API, but not on disk.

Path: E:\T
Status: Visible to the Windows API, but not on disk.

Path: E:\I
Status: Visible to the Windows API, but not on disk.

Path: E:\W
Status: Visible to the Windows API, but not on disk.

Path: E:\d
Status: Visible to the Windows API, but not on disk.

Path: E:\d
Status: Visible to the Windows API, but not on disk.

Path: E:\T
Status: Visible to the Windows API, but not on disk.

Path: E:\a
Status: Visible to the Windows API, but not on disk.

Path: E:\i
Status: Visible to the Windows API, but not on disk.

Path: E:\B
Status: Visible to the Windows API, but not on disk.

Path: E:\\
Status: Visible to the Windows API, but not on disk.

Path: E:\\
Status: Visible to the Windows API, but not on disk.

Path: E:\R
Status: Visible to the Windows API, but not on disk.

Path: E:\\
Status: Visible to the Windows API, but not on disk.

Path: E:\\
Status: Visible to the Windows API, but not on disk.

Path: E:\r
Status: Visible to the Windows API, but not on disk.

Path: E:\C
Status: Visible to the Windows API, but not on disk.

Path: E:\E
Status: Visible to the Windows API, but not on disk.

Path: E:\\
Status: Visible to the Windows API, but not on disk.

Path: E:\C
Status: Visible to the Windows API, but not on disk.

Path: E:\E
Status: Visible to the Windows API, but not on disk.

Path: E:\\
Status: Visible to the Windows API, but not on disk.

Path: E:\V
Status: Visible to the Windows API, but not on disk.

Path: E:\u
Status: Visible to the Windows API, but not on disk.

Path: E:\t
Status: Visible to the Windows API, but not on disk.

Path: E:\V
Status: Visible to the Windows API, but not on disk.

Path: E:\u
Status: Visible to the Windows API, but not on disk.

Path: E:\t
Status: Visible to the Windows API, but not on disk.

Path: E:\d
Status: Visible to the Windows API, but not on disk.

Path: E:\o
Status: Visible to the Windows API, but not on disk.

Path: E:\O
Status: Visible to the Windows API, but not on disk.

Stealth Objects
-------------------
Object: Hidden Module [Name: UACdvpryucbxc.dll]
Process: svchost.exe (PID: 848) Address: 0x00aa0000 Size: 77824

Object: Hidden Module [Name: UAC4bee.tmpeohifk.dll]
Process: svchost.exe (PID: 848) Address: 0x009b0000 Size: 217088

Object: Hidden Module [Name: UACylveavtsla.dll]
Process: svchost.exe (PID: 848) Address: 0x00cb0000 Size: 73728

Object: Hidden Module [Name: kbiwkmnmsfyxew.dll]
Process: svchost.exe (PID: 848) Address: 0x10000000 Size: 57344

Object: Hidden Module [Name: UACdvpryucbxc.dll]
Process: Explorer.EXE (PID: 1480) Address: 0x00bb0000 Size: 77824

Object: Hidden Module [Name: kbiwkmevxfaqpu.dll]
Process: Explorer.EXE (PID: 1480) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: kbiwkmevxfaqpu.dll]
Process: firefox.exe (PID: 2276) Address: 0x10000000 Size: 28672

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8a8521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x8a8521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8a8521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8a8521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a8521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a8521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a8521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x8a8521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a8521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a8521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a8521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a8521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a8521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a8521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a8521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x8a8521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a8521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a8521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a8521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a8521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x8a8521f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x88496500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x88496500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x88496500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x88496500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x88496500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x88496500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x88496500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x88496500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x88496500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x88496500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x88496500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x88496500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x88496500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x88496500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x88496500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x88496500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x88496500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x88496500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8a4a3500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8a4a3500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8a4a3500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8a4a3500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a4a3500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a4a3500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a4a3500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a4a3500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8a4a3500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a4a3500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8a4a3500 Size: 121

Object: Hidden Code [Driver: aik2urc7ȅచ灐†È, IRP_MJ_CREATE]
Process: System Address: 0x8a43c2f8 Size: 121

Object: Hidden Code [Driver: aik2urc7ȅచ灐†È, IRP_MJ_CLOSE]
Process: System Address: 0x8a43c2f8 Size: 121

Object: Hidden Code [Driver: aik2urc7ȅచ灐†È, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a43c2f8 Size: 121

Object: Hidden Code [Driver: aik2urc7ȅచ灐†È, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a43c2f8 Size: 121

Object: Hidden Code [Driver: aik2urc7ȅచ灐†È, IRP_MJ_POWER]
Process: System Address: 0x8a43c2f8 Size: 121

Object: Hidden Code [Driver: aik2urc7ȅచ灐†È, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a43c2f8 Size: 121

Object: Hidden Code [Driver: aik2urc7ȅచ灐†È, IRP_MJ_PNP]
Process: System Address: 0x8a43c2f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x8a482500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x8a482500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a482500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a482500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x8a482500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a482500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x8a482500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x8a4c11f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x8a4c11f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a4c11f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a4c11f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x8a4c11f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a4c11f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x8a4c11f8 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_CREATE]
Process: System Address: 0x8a19b500 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_CLOSE]
Process: System Address: 0x8a19b500 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_READ]
Process: System Address: 0x8a19b500 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_WRITE]
Process: System Address: 0x8a19b500 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a19b500 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a19b500 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_POWER]
Process: System Address: 0x8a19b500 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a19b500 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_PNP]
Process: System Address: 0x8a19b500 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x8a7e31f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x8a7e31f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x8a7e31f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a7e31f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a7e31f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a7e31f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a7e31f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x8a7e31f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x8a7e31f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a7e31f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x8a7e31f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x8a27d500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x8a27d500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a27d500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a27d500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x8a27d500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x8a27d500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x8a4411f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a4411f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x8a4411f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x8a4411f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x8a4411f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a4411f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a4411f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a4411f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x8a4411f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a4411f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a4411f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a4411f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a4411f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a4411f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a4411f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a4411f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a4411f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a4411f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x8a4411f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a4411f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a4411f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a4411f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x8a4411f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a4411f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a4411f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a4411f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a4411f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x8a4411f8 Size: 121

Object: Hidden Code [Driver: Vide, IRP_MJ_CREATE]
Process: System Address: 0x8a1a7500 Size: 121

Object: Hidden Code [Driver: Vide, IRP_MJ_CLOSE]
Process: System Address: 0x8a1a7500 Size: 121

Object: Hidden Code [Driver: Vide, IRP_MJ_READ]
Process: System Address: 0x8a1a7500 Size: 121

Object: Hidden Code [Driver: Vide, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a1a7500 Size: 121

Object: Hidden Code [Driver: Vide, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a1a7500 Size: 121

Object: Hidden Code [Driver: Vide, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a1a7500 Size: 121

Object: Hidden Code [Driver: Vide, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a1a7500 Size: 121

Object: Hidden Code [Driver: Vide, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a1a7500 Size: 121

Object: Hidden Code [Driver: Vide, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a1a7500 Size: 121

Object: Hidden Code [Driver: Vide, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a1a7500 Size: 121

Object: Hidden Code [Driver: Vide, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a1a7500 Size: 121

Object: Hidden Code [Driver: Vide, IRP_MJ_CLEANUP]
Process: System Address: 0x8a1a7500 Size: 121

Object: Hidden Code [Driver: Vide, IRP_MJ_PNP]
Process: System Address: 0x8a1a7500 Size: 121

==EOF==


And here the gmer one:

GMER 1.0.15.15077 [2yupu3i9.exe] - http://www.gmer.net
Rootkit scan 2009-08-30 17:41:46
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

INT 0x62 ? 8A853BF8
INT 0x63 ? 8A4CEBF8
INT 0x82 ? 8A853BF8
INT 0xA4 ? 8A4CEBF8
INT 0xB4 ? 8A4CEBF8

Code 8A241BA6 ZwEnumerateKey
Code 8A24C8B6 ZwFlushInstructionCache
Code 8A231CBE ZwSaveKey
Code 8A23141E ZwSaveKeyEx
Code 8A23F6F5 IofCallDriver
Code 8A23F31D IofCompleteRequest
Code 8A24D36D ZwSaveKey
Code 8A2586C5 ZwSaveKeyEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EE130 5 Bytes JMP 8A23F6FA
.text ntkrnlpa.exe!IofCompleteRequest 804EE1C0 5 Bytes JMP 8A23F322
.text ntkrnlpa.exe!ZwSaveKey 804FEDD4 5 Bytes JMP 8A24D372
.text ntkrnlpa.exe!ZwSaveKeyEx 804FEDE8 5 Bytes JMP 8A2586CA
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805ABEC4 5 Bytes JMP 8A24C8BA
PAGE ntkrnlpa.exe!ZwEnumerateKey 8061AB70 5 Bytes JMP 8A241BAA
PAGE ntkrnlpa.exe!ZwSaveKey 8061BDE4 5 Bytes JMP 8A231CC2
PAGE ntkrnlpa.exe!ZwSaveKeyEx 8061BECA 2 Bytes JMP 8A231422
PAGE ntkrnlpa.exe!ZwSaveKeyEx + 3 8061BECD 2 Bytes [C1, 09]
? spwf.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload B99A98AC 5 Bytes JMP 8A4CE1D8
.text tcpip.sys!IPTransmit + 10FC B6E5BD3A 6 Bytes CALL BA4E1CE0 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!IPTransmit + 2A52 B6E5D690 6 Bytes CALL BA4E1CE0 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!IPRegisterProtocol + 930 B6E73454 6 Bytes CALL BA4E1CE0 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text wanarp.sys BA96D3FD 4 Bytes CALL BA4E1E30 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text wanarp.sys BA96D402 2 Bytes [90, 90] {NOP ; NOP }
? C:\DOKUME~1\BENJAM~1\LOKALE~1\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[1480] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 00BA000A
.text C:\Programme\Mozilla Firefox\firefox.exe[2276] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 00D529A0 \\?\globalroot\systemroot\system32\UACcxlpeohifk.dll
.text C:\Programme\Mozilla Firefox\firefox.exe[2276] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00D527E0 \\?\globalroot\systemroot\system32\UACcxlpeohifk.dll
.text C:\Programme\Mozilla Firefox\firefox.exe[2276] WS2_32.dll!send 71A14C27 5 Bytes JMP 00D527C0 \\?\globalroot\systemroot\system32\UACcxlpeohifk.dll

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A8042] spwf.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A813E] spwf.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A80C0] spwf.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A8800] spwf.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A86D6] spwf.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6B7E9C] spwf.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [BA4E2AD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [BA4E2A30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [BA4E2970] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [BA4E2760] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [BA4E2760] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [BA4E2A30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [BA4E2AD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [BA4E2970] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [BA4E2970] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [BA4E2760] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [BA4E2A30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [BA4E2AD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [BA4E2760] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [BA4E2970] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [BA4E2AD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [BA4E2A30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [BA4E2AD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [BA4E2A30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [BA4E2760] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [BA4E2970] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [BA4E2760] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [BA4E2A30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [BA4E2AD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [BA4E2AD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [BA4E2A30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [BA4E2970] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [BA4E2760] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisOpenAdapter] [BA4E2A30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisRegisterProtocol] [BA4E2760] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisCloseAdapter] [BA4E2AD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisDeregisterProtocol] [BA4E2970] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [BA4E2760] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [BA4E2970] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [BA4E2AD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [BA4E2A30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisRegisterProtocol] [BA4E2760] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisOpenAdapter] [BA4E2A30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisDeregisterProtocol] [BA4E2970] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisCloseAdapter] [BA4E2AD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A8521F8
Device \FileSystem\Fastfat \FatCdrom 88496500

AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\usbuhci \Device\USBPDO-0 8A4C11F8
Device \Driver\usbuhci \Device\USBPDO-1 8A4C11F8
Device \Driver\sptd \Device\1391703024 spwf.sys
Device \Driver\usbuhci \Device\USBPDO-2 8A4C11F8
Device \Driver\usbehci \Device\USBPDO-3 8A482500

AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\AvgTdiX \Device\AvgTdi wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A7E31F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A7E31F8
Device \Driver\Cdrom \Device\CdRom0 8A4A3500
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A7E31F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A7E31F8
Device \Driver\usbstor \Device\000000a6 8A19B500
Device \Driver\usbstor \Device\000000a7 8A19B500
Device \Driver\NetBT \Device\NetBT_Tcpip_{9DE1B0FC-C721-4FF2-94EF-DCE53E4C7E4F} 8A27D500
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A27D500
Device \Driver\NetBT \Device\NetbiosSmb 8A27D500
Device \Driver\NetBT \Device\NetBT_Tcpip_{AE6BA02D-236F-4A87-8060-0E339BB2A391} 8A27D500
Device \Driver\PCI_PNP9274 \Device\0000005c spwf.sys

AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 8A4C11F8
Device \Driver\usbuhci \Device\USBFDO-1 8A4C11F8
Device \Driver\usbuhci \Device\USBFDO-2 8A4C11F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A4411F8
Device \Driver\usbehci \Device\USBFDO-3 8A482500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A4411F8
Device \Driver\Ftdisk \Device\FtControl 8A7E31F8
Device \Driver\aik2urc7 \Device\Scsi\aik2urc71Port2Path0Target0Lun0 8A43C2F8
Device \Driver\aik2urc7 \Device\Scsi\aik2urc71 8A43C2F8
Device \FileSystem\Fastfat \Fat 88496500

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 8A1A7500
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\UACcxlpeohifk.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [584] 0x10000000
Library \\?\globalroot\systemroot\system32\UACdvpryucbxc.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [584] 0x009F0000
Library \\?\globalroot\systemroot\system32\UACcxlpeohifk.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [848] 0x03160000
Library \\?\globalroot\systemroot\system32\UACcxlpeohifk.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [936] 0x10000000
Library \\?\globalroot\systemroot\system32\UACdvpryucbxc.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [936] 0x009F0000
Library \\?\globalroot\systemroot\system32\UACcxlpeohifk.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1048] 0x10000000
Library \\?\globalroot\systemroot\system32\UACdvpryucbxc.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1048] 0x009F0000
Library \\?\globalroot\systemroot\system32\UACcxlpeohifk.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1224] 0x10000000
Library \\?\globalroot\systemroot\system32\UACdvpryucbxc.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1224] 0x00A00000
Library \\?\globalroot\systemroot\system32\UACcxlpeohifk.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1412] 0x10000000
Library \\?\globalroot\systemroot\system32\UACdvpryucbxc.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1412] 0x00A00000
Library \\?\globalroot\systemroot\system32\UACvkoolsinua.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1480] 0x00D70000
Library \\?\globalroot\systemroot\system32\UACcxlpeohifk.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1528] 0x10000000
Library \\?\globalroot\systemroot\system32\UACdvpryucbxc.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1528] 0x009F0000
Library \\?\globalroot\systemroot\system32\UACcxlpeohifk.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1628] 0x10000000
Library \\?\globalroot\systemroot\system32\UACdvpryucbxc.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1628] 0x009F0000
Library \\?\globalroot\systemroot\system32\UACcxlpeohifk.dll (*** hidden *** ) @ C:\Programme\Mozilla Firefox\firefox.exe [2276] 0x00D40000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\kbiwkmjskyevnm.sys (*** hidden *** ) [SYSTEM] kbiwkmjgebxnpx <-- ROOTKIT !!!
Service C:\WINDOWS\system32\drivers\UACdmesrvstjw.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0010c6750b23
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjgebxnpx
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjgebxnpx@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjgebxnpx@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjgebxnpx@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjgebxnpx@imagepath \systemroot\system32\drivers\kbiwkmjskyevnm.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjgebxnpx\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjgebxnpx\main@aid 10002
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjgebxnpx\main@sid 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjgebxnpx\main\connections
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjgebxnpx\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjgebxnpx\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjgebxnpx\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjgebxnpx\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjgebxnpx\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjgebxnpx\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmjskyevnm.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjgebxnpx\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmnmsfyxew.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjgebxnpx\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmydexlgux.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjgebxnpx\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmevxfaqpu.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjgebxnpx\modules@kbiwkm.dat \systemroot\system32\kbiwkmcjdqloet.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE4 0x8A 0x12 0x8C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x23 0x45 0x9A 0x82 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x40 0x52 0xCE 0x50 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x21 0xC5 0xB1 0xBC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x61 0x9D 0xA5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD5 0xB1 0xCE 0x22 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE4 0x04 0x4B 0x3F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x24 0xED 0x2E 0x6B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xDA 0x10 0x4F 0x71 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACdmesrvstjw.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACdmesrvstjw.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACylveavtsla.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACcxlpeohifk.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACgehelwodxa.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACcwowblnwyw.db
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACdvpryucbxc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACvkoolsinua.dll
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0xE2 0xBA 0x24 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE3 0x91 0x78 0x67 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x3B 0x74 0x9F 0x27 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC9 0x6D 0x68 0xC3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xDA 0x10 0x4F 0x71 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE4 0x8A 0x12 0x8C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x23 0x45 0x9A 0x82 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x40 0x52 0xCE 0x50 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x21 0xC5 0xB1 0xBC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x61 0x9D 0xA5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD5 0xB1 0xCE 0x22 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE4 0x04 0x4B 0x3F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x24 0xED 0x2E 0x6B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xDA 0x10 0x4F 0x71 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0010c6750b23 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmjgebxnpx (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmjgebxnpx@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmjgebxnpx@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmjgebxnpx@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmjgebxnpx@imagepath \systemroot\system32\drivers\kbiwkmjskyevnm.sys
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmjgebxnpx\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmjgebxnpx\main@aid 10002
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmjgebxnpx\main@sid 1
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmjgebxnpx\main\connections (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmjgebxnpx\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmjgebxnpx\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmjgebxnpx\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmjgebxnpx\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmjgebxnpx\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmjgebxnpx\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmjskyevnm.sys
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmjgebxnpx\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmnmsfyxew.dll
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmjgebxnpx\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmydexlgux.dat
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmjgebxnpx\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmevxfaqpu.dll
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmjgebxnpx\modules@kbiwkm.dat \systemroot\system32\kbiwkmcjdqloet.dat
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE4 0x8A 0x12 0x8C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x23 0x45 0x9A 0x82 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x40 0x52 0xCE 0x50 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x21 0xC5 0xB1 0xBC ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x61 0x9D 0xA5 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD5 0xB1 0xCE 0x22 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE4 0x04 0x4B 0x3F ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x24 0xED 0x2E 0x6B ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xDA 0x10 0x4F 0x71 ...
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACdmesrvstjw.sys
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACdmesrvstjw.sys
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACylveavtsla.dll
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACcxlpeohifk.dll
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACgehelwodxa.dat
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACcwowblnwyw.db
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACdvpryucbxc.dll
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACvkoolsinua.dll

---- Files - GMER 1.0.15 ----

File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 7.4.3.1\B. Fleischmann - 0200.mp3 5670907 bytes
File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 7.4.3.1\B. Fleischmann - Pass By.mp3 5807272 bytes
File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 7.4.3.1\B. Fleischmann - The Blessed.mp3 4370302 bytes
File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 7.4.3.1\B. Fleischmann - Until The Real Thing Comes Along.mp3 2773669 bytes
File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 7.4.3.1\CoverArt.jpg 4275 bytes
File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer\iTunes\SC Info\Black Moth Super Rainbow - Hazy Field People.mp3 2765519 bytes
File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer\iTunes\SC Info\Black Moth Super Rainbow - Trees And Colors And Wizards.mp3 2387299 bytes
File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer\iTunes\SC Info\Black Moth Super Rainbow - Vietcaterpillar.mp3 2049128 bytes
File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer\iTunes\SC Info\cover.jpg 6212 bytes
File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer\iTunes\SC Info\CoverArt.jpg 6212 bytes
File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer\iTunes\SC Info\Vietcaterpillar.mp3 2164281 bytes
File C:\Dokumente und Einstellungen\All Users\Startmenü\CoverArt.jpg 7587 bytes
File C:\Dokumente und Einstellungen\All Users\Startmenü\Dosh - Bring the Happiness.mp3 2700821 bytes
File C:\Dokumente und Einstellungen\All Users\Startmenü\Dosh - Building a Strange Child.mp3 3136350 bytes
File C:\Dokumente und Einstellungen\All Users\Startmenü\Dosh - Bye Rhodsy.mp3 3249175 bytes
File C:\Dokumente und Einstellungen\All Users\Startmenü\Dosh - Dark Lord of Rhodes.mp3 3057341 bytes
File C:\Dokumente und Einstellungen\All Users\Startmenü\Dosh - Geye.mp3 3514961 bytes
File C:\Dokumente und Einstellungen\All Users\Startmenü\Dosh - I Think I'm Getting Married.mp3 5219065 bytes
File C:\Dokumente und Einstellungen\All Users\Startmenü\Dosh - Naoise.mp3 3388325 bytes
File C:\Dokumente und Einstellungen\All Users\Startmenü\Dosh - Pure Trash.mp3 4904275 bytes
File C:\Dokumente und Einstellungen\All Users\Startmenü\Dosh - Rock It to the Next Episode.mp3 3685139 bytes
File C:\Dokumente und Einstellungen\All Users\Startmenü\Dosh - Simple Exercises.mp3 3248757 bytes
File C:\Dokumente und Einstellungen\All Users\Startmenü\Dosh - The Last Plan.mp3 5640310 bytes
File C:\Dokumente und Einstellungen\All Users\Startmenü\Dosh - This Is When Things Were Looking Up.mp3 3128442 bytes

---- EOF - GMER 1.0.15 ----




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users