GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-04-10 11:46:05 Windows 5.1.2600 Dodatek Service Pack 2 Running: gmer.exe ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\System32\Drivers\e16c96353bcd6cb5.sys (*** hidden *** ) [BOOT] e16c96353bcd6cb5 <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\e16c96353bcd6cb5@ImagePath \SystemRoot\System32\Drivers\e16c96353bcd6cb5.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\e16c96353bcd6cb5@Group Boot Bus Extender Reg HKLM\SYSTEM\CurrentControlSet\Services\e16c96353bcd6cb5@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\e16c96353bcd6cb5@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\e16c96353bcd6cb5@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\e16c96353bcd6cb5@Tag 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\e16c96353bcd6cb5@DisplayName kcxkwtekw9.exe Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB9 0x38 0x75 0xD7 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBF 0x5D 0x09 0x51 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2F 0xEE 0x80 0x7C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAB 0x1B 0x4C 0x86 ... Reg HKLM\SYSTEM\ControlSet002\Services\e16c96353bcd6cb5@ImagePath \SystemRoot\System32\Drivers\e16c96353bcd6cb5.sys Reg HKLM\SYSTEM\ControlSet002\Services\e16c96353bcd6cb5@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet002\Services\e16c96353bcd6cb5@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\Services\e16c96353bcd6cb5@Type 1 Reg HKLM\SYSTEM\ControlSet002\Services\e16c96353bcd6cb5@Start 0 Reg HKLM\SYSTEM\ControlSet002\Services\e16c96353bcd6cb5@Tag 1 Reg HKLM\SYSTEM\ControlSet002\Services\e16c96353bcd6cb5@DisplayName kcxkwtekw9.exe Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB9 0x38 0x75 0xD7 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBF 0x5D 0x09 0x51 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2F 0xEE 0x80 0x7C ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAB 0x1B 0x4C 0x86 ... ---- EOF - GMER 1.0.15 ----