GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-02-20 23:10:38 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST325082 rev.3.AA Running: f2wnsldn.exe; Driver: C:\DOCUME~1\lukasz\USTAWI~1\Temp\uwxoyfoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\drivers\dwprot.sys ZwAllocateVirtualMemory [0xA0723D90] SSDT spfb.sys ZwCreateKey [0xF74D60E0] SSDT \SystemRoot\system32\drivers\dwprot.sys ZwCreateThread [0xA07251E4] SSDT spfb.sys ZwEnumerateKey [0xF74F4CA4] SSDT spfb.sys ZwEnumerateValueKey [0xF74F5032] SSDT \SystemRoot\system32\drivers\dwprot.sys ZwFreeVirtualMemory [0xA072400E] SSDT spfb.sys ZwOpenKey [0xF74D60C0] SSDT \SystemRoot\system32\drivers\dwprot.sys ZwOpenSection [0xA0723BAE] SSDT spfb.sys ZwQueryKey [0xF74F510A] SSDT spfb.sys ZwQueryValueKey [0xF74F4F8A] SSDT \SystemRoot\system32\drivers\dwprot.sys ZwQueueApcThread [0xA07252E6] SSDT \SystemRoot\system32\drivers\dwprot.sys ZwSetContextThread [0xA0725332] SSDT spfb.sys ZwSetValueKey [0xF74F519C] SSDT \SystemRoot\system32\drivers\dwprot.sys ZwSystemDebugControl [0xA0723AC4] SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xB6BD36D0] SSDT \SystemRoot\system32\drivers\dwprot.sys ZwWriteVirtualMemory [0xA072411E] INT 0x62 ? 8A9CEBF8 INT 0x94 ? 89EE7F00 INT 0xA4 ? 89EE7F00 INT 0xA4 ? 89EE7F00 INT 0xA4 ? 89EE7F00 INT 0xB4 ? 8A95DBF8 ---- Kernel code sections - GMER 1.0.15 ---- ? spfb.sys Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9F10360, 0x3535DF, 0xE8000020] .text USBPORT.SYS!DllUnload B9EF08AC 5 Bytes JMP 89EE74E0 ? System32\Drivers\akf3kaml.SYS System nie może odnaleźć określonej ścieżki. ! .text C:\windows\system32\drivers\ACEDRV07.sys section is writeable [0xB70B6000, 0x328BA, 0xE8000020] .pklstb C:\windows\system32\drivers\ACEDRV07.sys entry point in ".pklstb" section [0xB70FA000] .relo2 C:\windows\system32\drivers\ACEDRV07.sys unknown last section [0xB7116000, 0x8E, 0x42000040] .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB6DAF300, 0x3AF78, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF7797300, 0x1BCE, 0xE8000020] ? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys Nie można odnaleźć określonego pliku. ! ? system32\drivers\dwprot.sys System nie może odnaleźć określonej ścieżki. ! ? C:\DOCUME~1\lukasz\USTAWI~1\Temp\7IWB6k46.sys Nie można odnaleźć określonego pliku. ! .reloc C:\WINDOWS\system32\drivers\PnkBstrK.sys section is executable [0x9B002000, 0x18E38, 0xE0000060] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[2528] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 89360A48 Device \FileSystem\Ntfs \Ntfs 87830008 Device \FileSystem\Ntfs \Ntfs 88D9DFB0 Device \FileSystem\Ntfs \Ntfs 8A95C1F8 Device \FileSystem\Ntfs \Ntfs 88C6EAC8 Device \FileSystem\Ntfs \Ntfs 889AD008 AttachedDevice \FileSystem\Ntfs \Ntfs dwprot.sys Device \FileSystem\Fastfat \FatCdrom 88436120 Device \FileSystem\Fastfat \FatCdrom 886D3730 Device \FileSystem\Fastfat \FatCdrom 88D3D008 Device \FileSystem\Fastfat \FatCdrom 893520A8 Device \FileSystem\Fastfat \FatCdrom 88A15738 Device \FileSystem\Fastfat \FatCdrom 88EAA8E0 AttachedDevice \Driver\Tcpip \Device\Ip dwprot.sys Device \Driver\sptd \Device\4059029404 spfb.sys Device \Driver\usbuhci \Device\USBPDO-0 89EE61F8 Device \Driver\usbuhci \Device\USBPDO-1 89EE61F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A9CF1F8 Device \Driver\dmio \Device\DmControl\DmConfig 8A9CF1F8 Device \Driver\dmio \Device\DmControl\DmPnP 8A9CF1F8 Device \Driver\dmio \Device\DmControl\DmInfo 8A9CF1F8 Device \Driver\usbuhci \Device\USBPDO-2 89EE61F8 Device \Driver\usbuhci \Device\USBPDO-3 89EE61F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{64995ABA-9881-4E1E-ACE7-9C182D1EAF87} 8940C1F8 Device \Driver\usbehci \Device\USBPDO-4 89EE51F8 AttachedDevice \Driver\Tcpip \Device\Tcp dwprot.sys Device \Driver\prodrv06 \Device\ProDrv06 E1BCD4E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 8A95F1F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 8A95F1F8 Device \Driver\Cdrom \Device\CdRom0 89E991F8 Device \Driver\iaStor \Device\Ide\iaStor0 [F7B57DC0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iaStor \Device\Ide\iaStor0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort0 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort1 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [F7B57DC0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\Cdrom \Device\CdRom1 89E991F8 Device \Driver\prohlp02 \Device\ProHlp02 E1A7F850 Device \Driver\NetBT \Device\NetBt_Wins_Export 8940C1F8 Device \Driver\PCI_PNP5654 \Device\0000005c spfb.sys Device \Driver\PCI_PNP5654 \Device\0000005c spfb.sys AttachedDevice \Driver\Tcpip \Device\Udp dwprot.sys AttachedDevice \Driver\Tcpip \Device\RawIp dwprot.sys Device \Driver\usbuhci \Device\USBFDO-0 89EE61F8 Device \Driver\usbuhci \Device\USBFDO-1 89EE61F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8955E450 Device \Driver\usbuhci \Device\USBFDO-2 89EE61F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8955E450 Device \Driver\usbuhci \Device\USBFDO-3 89EE61F8 Device \Driver\usbehci \Device\USBFDO-4 89EE51F8 Device \Driver\Ftdisk \Device\FtControl 8A95F1F8 Device \Driver\akf3kaml \Device\Scsi\akf3kaml1 89E8D1F8 Device \Driver\akf3kaml \Device\Scsi\akf3kaml1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\akf3kaml \Device\Scsi\akf3kaml1Port3Path0Target0Lun0 89E8D1F8 Device \Driver\akf3kaml \Device\Scsi\akf3kaml1Port3Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \FileSystem\Fastfat \Fat 88436120 Device \FileSystem\Fastfat \Fat 886D3730 Device \FileSystem\Fastfat \Fat 88D3D008 Device \FileSystem\Fastfat \Fat 893520A8 Device \FileSystem\Fastfat \Fat 88A15738 Device \FileSystem\Fastfat \Fat 88EAA8E0 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat dwprot.sys Device \FileSystem\Cdfs \Cdfs 8940A338 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 374362774 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 301691543 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5F 0x9E 0xB1 0xEE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7D 0x4A 0x0A 0x0D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x37 0xC5 0xB4 0x54 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFE 0x7E 0x23 0xE7 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x3D 0x2A 0xF3 0x8B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xE8 0x3A 0x00 0x5B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x39 0x88 0x07 0x1B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6A 0x33 0xBB 0xA9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xFD 0x90 0x27 0x39 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5F 0x9E 0xB1 0xEE ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7D 0x4A 0x0A 0x0D ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x37 0xC5 0xB4 0x54 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4D 0x6F 0xCA 0xD4 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x3D 0x2A 0xF3 0x8B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xE8 0x3A 0x00 0x5B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x39 0x88 0x07 0x1B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6A 0x33 0xBB 0xA9 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xFD 0x90 0x27 0x39 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5F 0x9E 0xB1 0xEE ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7D 0x4A 0x0A 0x0D ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x37 0xC5 0xB4 0x54 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4D 0x6F 0xCA 0xD4 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x3D 0x2A 0xF3 0x8B ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xE8 0x3A 0x00 0x5B ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x39 0x88 0x07 0x1B ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6A 0x33 0xBB 0xA9 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xFD 0x90 0x27 0x39 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5F 0x9E 0xB1 0xEE ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7D 0x4A 0x0A 0x0D ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x37 0xC5 0xB4 0x54 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4D 0x6F 0xCA 0xD4 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x3D 0x2A 0xF3 0x8B ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xE8 0x3A 0x00 0x5B ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x39 0x88 0x07 0x1B ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6A 0x33 0xBB 0xA9 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xFD 0x90 0x27 0x39 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5F 0x9E 0xB1 0xEE ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7D 0x4A 0x0A 0x0D ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x37 0xC5 0xB4 0x54 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4D 0x6F 0xCA 0xD4 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x3D 0x2A 0xF3 0x8B ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xE8 0x3A 0x00 0x5B ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x39 0x88 0x07 0x1B ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6A 0x33 0xBB 0xA9 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xFD 0x90 0x27 0x39 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5F 0x9E 0xB1 0xEE ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7D 0x4A 0x0A 0x0D ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x37 0xC5 0xB4 0x54 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFE 0x7E 0x23 0xE7 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x3D 0x2A 0xF3 0x8B ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xE8 0x3A 0x00 0x5B ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x39 0x88 0x07 0x1B ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6A 0x33 0xBB 0xA9 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xFD 0x90 0x27 0x39 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 095B648FC2CBBC16DC5762DEA70ED780BE4482F18D7D2D8E144AC36C31E4D6F4B01C156D72F1DA74D6E88011456DFE638E5D248BE987E2D44D3AF84C7A2F773BE26F6DB5C8FDBAB245D84CE30C35C9C521777405574641D33F4966BB6E6BEEF93A2A921559D44F937F448F18DAE162CA28978550256EC6329C087FFBE6A8AFF683817FBFAC7C222110AA69EE0A15855A0DA639DF14DA855748670ED3B499C13DC112806C3EA3CDA2B4EFCB325F1205A26970C7AEDB882373DA3EAE8C9915BF9AA85BB7D3FD99842B60DD7F2C1AC2C4110EA9BDB7A4995AF3A0C6D2F3CC1758A0A2411CB5CF50090B3AA09CAD6935405CFD65F9FB8EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3DA9C6AECB7A5D1407C038D530D6EB3452A34377657AEE3390A9F86740DE80F081D38498D816C980D5DA3D8A265F947B7D3ABC47869B533CB0EE2A7A11CEA4F9A6BE62063AAF14E9A717E039CA50B7F964F0050CA1CA14162850A1694A87D9FC4ECD5C94DE0DE92795AF5F93BF65ADBF3A16592F160D462ADE34CE80A7F7F914CD9CB711FE2607A28499F385DABDB8278D188AE0F54A4CE0322337511A72AD5AEEEE4F0D87D2FECAC9F06E4124DDEE0E648B7C93074E64ADF24A742FC3AAF672712A115C1853B3103073323 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG11.00.00.01WORKSTATION 6A3919A1AA962BE400F5202CA754AB0F68E36AF32D4D5F0FCD6429E84E8CB7C18A25B8D42AD39CEBCF0D4F39420C0F61AE4007C1A34F8E42E5AB2D4EDAF9D6467FA1EA7DC4D8F393C58BB7CEA05A92ACFD261FDDF9D5B5E981D1519B6363328216708D247A42F5A8A0D2D3A2C7CB29B52BB7E743DC819AE0AA5B27B3D69BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A2D97226D213B555A6171C11EC38DE3DBB0154529664DFDC7F5FFC76AC99FE75D8E4BAC547AF72B3A302B94357042AB6BBF5CEC5569C2CA969064688A2290DD92049094D1F98B95D88060505AA388FC86016789062E7C4F521687810385DA15B830558C1D47385F1C82C56EF4E12452BD37F1CED2C9BCE781D3C14283BF024E168848041B18522AAD4BBF7C4A7801B8938711B5E546FBEEDCC5A2C30A9874F5BA9D86BABB37A3045171FC982CFD7B89021CF69A4B20060160EBE6CCDB6A5B5B694B917A608DFA503E6653FF1944F977596228F474FCED2B3B80B91E84AB338E8EA80169C1628C9AA9641609B7681046D949429126B3E088F16846C2D01818FECE32B0EB8F4A83A84678A47CDACEDA1330AF666937997C7F3E014620B29BE48BC27DABA6D721E675F10BAA29BA0796506DBBD0C9F9D882CB14B456D36470141D956D ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x1d1c4581 size 0x1b6 Disk \Device\Harddisk0\DR0 sector 62: copy of MBR ---- EOF - GMER 1.0.15 ----