Hi, thanks for the hint. here is the log
GMER 1.0.14.14536 -
http://www.gmer.netRootkit scan 2009-01-29 09:38:56
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
SSDT spun.sys ZwCreateKey [0xB9EAA0E0]
SSDT AECE6054 ZwCreateThread
SSDT spun.sys ZwEnumerateKey [0xB9EC7CA2]
SSDT spun.sys ZwEnumerateValueKey [0xB9EC8030]
SSDT spun.sys ZwOpenKey [0xB9EAA0C0]
SSDT AECE6040 ZwOpenProcess
SSDT AECE6045 ZwOpenThread
SSDT spun.sys ZwQueryKey [0xB9EC8108]
SSDT spun.sys ZwQueryValueKey [0xB9EC7F88]
SSDT spun.sys ZwSetValueKey [0xB9EC819A]
SSDT \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA513CF20]
SSDT AECE604A ZwWriteVirtualMemory
INT 0x62 ? 8A911BF8
INT 0x63 ? 8A605BF8
INT 0x63 ? 8A605BF8
INT 0x63 ? 8A605BF8
INT 0x82 ? 8A911BF8
INT 0x83 ? 8A914BF8
INT 0x83 ? 8A605BF8
INT 0x83 ? 8A914BF8
INT 0x84 ? 8A605BF8
INT 0xA4 ? 8A605BF8
INT 0xB4 ? 8A911BF8
INT 0xB4 ? 8A911BF8
INT 0xB4 ? 8A605BF8
INT 0xB4 ? 8A911BF8
---- Kernel code sections - GMER 1.0.14 ----
? spun.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload B8FFF62C 5 Bytes JMP 8A6051D8
.text a0rv5fe5.SYS B8EFE384 1 Byte [ 20 ]
.text a0rv5fe5.SYS B8EFE386 35 Bytes [ 00, 68, 00, 00, 00, 00, 00, ... ]
.text a0rv5fe5.SYS B8EFE3AA 24 Bytes [ 00, 00, 20, 00, 00, E0, 00, ... ]
.text a0rv5fe5.SYS B8EFE3C4 3 Bytes [ 00, 00, 00 ]
.text a0rv5fe5.SYS B8EFE3C9 1 Byte [ 00 ]
.text ...
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EAB046] spun.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EAB142] spun.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EAB0C4] spun.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EAB7CE] spun.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EAB6A4] spun.sys
IAT \SystemRoot\System32\Drivers\a0rv5fe5.SYS[HAL.dll!KfAcquireSpinLock] 0A64D90F
IAT \SystemRoot\System32\Drivers\a0rv5fe5.SYS[HAL.dll!READ_PORT_UCHAR] 046FD406
IAT \SystemRoot\System32\Drivers\a0rv5fe5.SYS[HAL.dll!KeGetCurrentIrql] 1672C31D
IAT \SystemRoot\System32\Drivers\a0rv5fe5.SYS[HAL.dll!KfRaiseIrql] 1879CE14
IAT \SystemRoot\System32\Drivers\a0rv5fe5.SYS[HAL.dll!KfLowerIrql] 3248ED2B
IAT \SystemRoot\System32\Drivers\a0rv5fe5.SYS[HAL.dll!HalGetInterruptVector] 3C43E022
IAT \SystemRoot\System32\Drivers\a0rv5fe5.SYS[HAL.dll!HalTranslateBusAddress] 2E5EF739
IAT \SystemRoot\System32\Drivers\a0rv5fe5.SYS[HAL.dll!KeStallExecutionProcessor] 2055FA30
IAT \SystemRoot\System32\Drivers\a0rv5fe5.SYS[HAL.dll!KfReleaseSpinLock] EC01B79A
IAT \SystemRoot\System32\Drivers\a0rv5fe5.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] E20ABA93
IAT \SystemRoot\System32\Drivers\a0rv5fe5.SYS[HAL.dll!READ_PORT_USHORT] F017AD88
IAT \SystemRoot\System32\Drivers\a0rv5fe5.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] FE1CA081
IAT \SystemRoot\System32\Drivers\a0rv5fe5.SYS[HAL.dll!WRITE_PORT_UCHAR] D42D83BE
IAT \SystemRoot\System32\Drivers\a0rv5fe5.SYS[WMILIB.SYS!WmiSystemControl] C83B99AC
IAT \SystemRoot\System32\Drivers\a0rv5fe5.SYS[WMILIB.SYS!WmiCompleteRequest] C63094A5
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD6 0x0E 0x11 0x88 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x8D 0xC0 0x62 0x78 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x13 0xA3 0x52 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x13 0xF5 0x6A 0xFF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x51 0x28 0x19 0xC5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x06 0x16 0xBC 0xFF ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD6 0x0E 0x11 0x88 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x8D 0xC0 0x62 0x78 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF5 0xF6 0x5B 0xE9 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x13 0xF5 0x6A 0xFF ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x51 0x28 0x19 0xC5 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x06 0x16 0xBC 0xFF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x40 0xE2 0xE4 0x07 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x72 0x7D 0xC2 0x9F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7B 0x5D 0xAB 0x61 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x40 0xE2 0xE4 0x07 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x72 0x7D 0xC2 0x9F ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7B 0x5D 0xAB 0x61 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION B0A37BE125709858BA9218F611DD20AA02255BC1EB9DE18A74006A81796443BDEBA040F93D34915B1D7B3A6137AD169D1EF72A1AADAA2E8CF43C00430738FEEA3BC07C9035CDB1824FBB7AFA2FE340329DD6473CFCD359D6683C8396508449FB32E99D78316E79642F5F596635EB035BC390E1344F57C8DB9BB37516A37EA600C85517FA78E0324C7A45D837ABC187C139C9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B5555D575E7D6A3B9808BA7FD869164D6794CA38809CC21AC92181AC8D2AA3F379BC16F5DB866495B35EC2D1F0662F2CDC1BEF0295B553911C52FAF8D8AD8BE420E68ED11330626EEA41052483FE1BD0BA3166997AB5B48F7A8BE45E949D79E5C1AD7C5D054E17E86C3D154AED1C52FB39473800CE5CC5947BA2592D79EFACD2E0ADAD5224AA44DF43D30F89FB7DB92789E5F427D5FCA8D91B447AA564ADA841E1D7F25F85A26EE55D57169E9B76760245E32FF8770145C8BB6D68FAD4F237F78F6E2025632A5FBD8D724FB7DE6DF1EC6770FCD1C0664600A0714D5871F1647215890EBA1BC6A4E0892263787E5E5B7B4E8D7A7FDF391B527277D4DA0370FE6185169A2B30130E7B6BB501775458A4F93E11C4C72B217645BD7A2D11F4479C27D6522471463C32ED335259BF5F7F846
---- EOF - GMER 1.0.14 ----