GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-08-27 19:44:44 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST96812AS rev.3.03 Running: 1qsfzhp0.exe; Driver: C:\DOCUME~1\Aga\USTAWI~1\Temp\uxlorpod.sys ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a7d0ab94f Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a7d0ab94f@001df615aa0c 0xB4 0xFB 0x22 0x7F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x2A 0x76 0xB3 0xDD ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001a7d0ab94f (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001a7d0ab94f@001df615aa0c 0xB4 0xFB 0x22 0x7F ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3E 0x9C 0x21 0xB0 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x06 0xF6 0x60 0x71 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xF1 0x59 0xDF 0x56 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3E 0x9C 0x21 0xB0 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x06 0xF6 0x60 0x71 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x9C 0xF7 0x30 0x0B ... ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\$NtUninstallKB21595$\2051734231 0 bytes File C:\WINDOWS\$NtUninstallKB21595$\3214545982 0 bytes File C:\WINDOWS\$NtUninstallKB21595$\3214545982\click.tlb 2144 bytes File C:\WINDOWS\$NtUninstallKB21595$\3214545982\L 0 bytes File C:\WINDOWS\$NtUninstallKB21595$\3214545982\L\xsuyoiev 455936 bytes File C:\WINDOWS\$NtUninstallKB21595$\3214545982\loader.tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB21595$\3214545982\U 0 bytes File C:\WINDOWS\$NtUninstallKB21595$\3214545982\U\@00000001 41360 bytes File C:\WINDOWS\$NtUninstallKB21595$\3214545982\U\@000000c0 2560 bytes File C:\WINDOWS\$NtUninstallKB21595$\3214545982\U\@000000cb 2048 bytes File C:\WINDOWS\$NtUninstallKB21595$\3214545982\U\@000000cf 1536 bytes File C:\WINDOWS\$NtUninstallKB21595$\3214545982\U\@80000000 24576 bytes File C:\WINDOWS\$NtUninstallKB21595$\3214545982\U\@800000c0 33280 bytes File C:\WINDOWS\$NtUninstallKB21595$\3214545982\U\@800000cb 27648 bytes File C:\WINDOWS\$NtUninstallKB21595$\3214545982\U\@800000cf 27648 bytes File C:\WINDOWS\$NtUninstallKB21595$\3214545982\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} 2048 bytes ADS C:\WINDOWS\1041537727:1080421313.exe 816 bytes executable <-- ROOTKIT !!! ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\1041537727:1080421313.exe [MANUAL] bf9a143e <-- ROOTKIT !!! ---- EOF - GMER 1.0.15 ----