at first gmer didn't work then I renamed it and it worked here is the log:
GMER 1.0.15.14972 -
http://www.gmer.netRootkit scan 2009-06-15 22:29:08
Windows 5.1.2600 Service Pack 3
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0019db0a6716
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm\main
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm\main\delete
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm\main\injector
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm\main\tasks
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm\modules
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0019db0a6716
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm\main@sid 0
---- Processes - GMER 1.0.15 ----
Library \\?\globalroot\systemroot\system32\UACqgrqulxsiefnngy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1224] 0x008F0000
Library \\?\globalroot\systemroot\system32\UACqgrqulxsiefnngy.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1232] 0x008F0000
Library \\?\globalroot\systemroot\system32\UACqgrqulxsiefnngy.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1292] 0x008F0000
Library \\?\globalroot\systemroot\system32\UACqgrqulxsiefnngy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1576] 0x008F0000
Library \\?\globalroot\systemroot\system32\UACqgrqulxsiefnngy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1688] 0x008F0000
Library \\?\globalroot\systemroot\system32\UACqgrqulxsiefnngy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [188] 0x008F0000
Library \\?\globalroot\systemroot\system32\UACqgrqulxsiefnngy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1964] 0x008F0000
Library \\?\globalroot\systemroot\system32\UACqgrqulxsiefnngy.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [812] 0x008F0000
Library \\?\globalroot\systemroot\system32\UACqgrqulxsiefnngy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1516] 0x00900000
Library \\?\globalroot\systemroot\system32\UACqgrqulxsiefnngy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [612] 0x00900000
Library \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1224] 0x009A0000
Library \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1232] 0x009A0000
Library \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1292] 0x009A0000
Library \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1576] 0x009A0000
Library \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1688] 0x009A0000
Library \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [188] 0x009A0000
Library \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [812] 0x009A0000
Library \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1516] 0x009B0000
Library \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [612] 0x009B0000
Library \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1964] 0x009C0000
Library \\?\globalroot\systemroot\system32\UACqgrqulxsiefnngy.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1788] 0x00BD0000
Library \\?\globalroot\systemroot\system32\UACqgrqulxsiefnngy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1116] 0x03180000
Library \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [2928] 0x08D90000
Library \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [3812] 0x08DA0000
Library \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [3888] 0x08DA0000
Library \\?\globalroot\systemroot\system32\kungsforcfqfjt.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1116] 0x10000000
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm\main@aid 10002
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm\main@aid 10002
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\system32\UACbgujfipmvblhfog.db 1110399 bytes
File C:\WINDOWS\system32\UACxxltxpsjkdlxrqu.dll 17408 bytes executable
File C:\WINDOWS\system32\UACmquqqyoxfxrkipq.dll 19456 bytes executable
File C:\WINDOWS\system32\UACosrqrdyubrxenqo.dll 19968 bytes executable
File C:\WINDOWS\system32\kungsffttstdkt.dll 20992 bytes executable
File C:\WINDOWS\system32\kungsforcfqfjt.dll 20992 bytes executable
File C:\WINDOWS\system32\UACvymouqjecwgjrww.dat 224 bytes
File C:\WINDOWS\system32\UACyxwswlmpklsyniu.dll 25088 bytes executable
File C:\WINDOWS\system32\UACqgrqulxsiefnngy.dll 30208 bytes executable
File C:\Documents and Settings\Owner\Local Settings\temp\UACa063.tmp 343040 bytes executable
File C:\WINDOWS\system32\kungsforbdyely.dat 349669 bytes
File C:\WINDOWS\system32\uactmp.db 3976714 bytes
File C:\WINDOWS\system32\drivers\UACtuwupfvkipfaiqk.sys 53248 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\uacinit.dll 6117 bytes
File C:\WINDOWS\system32\UAChwxqbmaokjmqjvw.dll 66560 bytes
File C:\WINDOWS\temp\UACa60e.tmp 66560 bytes
File C:\WINDOWS\system32\drivers\kungsfrarjcgrp.sys 67072 bytes executable <-- ROOTKIT !!!
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\Iexplore.exe[2928] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 08D9F9F0 \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[3812] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 08DAF9F0 \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[3888] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 08DAF9F0 \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[2928] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 08DA0A60 \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[3812] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 08DB0A60 \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[3888] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 08DB0A60 \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[2928] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 08DA08A0 \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[3812] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 08DB08A0 \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[3888] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 08DB08A0 \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[2928] WS2_32.dll!send 71AB4C27 5 Bytes JMP 08DA0780 \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[3812] WS2_32.dll!send 71AB4C27 5 Bytes JMP 08DB0780 \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[3888] WS2_32.dll!send 71AB4C27 5 Bytes JMP 08DB0780 \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[2928] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 08D9FDA0 \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[3812] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 08DAFDA0 \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[3888] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 08DAFDA0 \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm\main@cmddelay 7200
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm\main@cmddelay 7200
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\Iexplore.exe[2928] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 08C2000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[3812] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 08C3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[3888] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 08C3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[2928] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 08CD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3812] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 08CE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3888] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 08CE000A
.text C:\WINDOWS\system32\services.exe[940] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0066000A
.text C:\WINDOWS\system32\winlogon.exe[896] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 006A000A
.text C:\Program Files\O2Micro\o2flash.exe[1196] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 006E000A
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[2008] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0072000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1996] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0073000A
.text C:\WINDOWS\system32\lsass.exe[952] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0073000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[684] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0074000A
.text C:\Program Files\iPod\bin\iPodService.exe[2988] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0075000A
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[160] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0075000A
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1000] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0076000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2032] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0077000A
.text C:\WINDOWS\System32\alg.exe[2184] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0077000A
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[444] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0078000A
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[176] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 007B000A
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[520] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0081000A
.text C:\WINDOWS\system32\ctfmon.exe[2752] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\spoolsv.exe[1888] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3268] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0099000A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2948] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009B000A
.text C:\Program Files\iTunes\iTunesHelper.exe[2696] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009B000A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2648] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009B000A
.text C:\WINDOWS\AGRSMMSG.exe[2240] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A1000A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1504] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A4000A
.text C:\Program Files\Secunia\PSI\psi.exe[3144] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A5000A
.text C:\WINDOWS\system32\rundll32.exe[2352] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A9000A
.text C:\WINDOWS\Explorer.EXE[1788] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00AD000A
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2536] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00BF000A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[568] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00CC000A
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1360] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D4000A
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3896] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00DA000A
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2208] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00E8000A
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2196] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00F6000A
.text C:\WINDOWS\RTHDCPL.EXE[2228] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01A5000A
.text C:\Documents and Settings\Owner\Desktop\gmer(2)\rename.exe[3536] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 08AD000A
.text C:\WINDOWS\system32\services.exe[940] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0067000A
.text C:\WINDOWS\system32\winlogon.exe[896] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 006B000A
.text C:\Program Files\O2Micro\o2flash.exe[1196] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 006F000A
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[2008] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0073000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1996] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0074000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[684] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0075000A
.text C:\Program Files\iPod\bin\iPodService.exe[2988] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0076000A
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[160] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0076000A
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1000] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0077000A
.text C:\WINDOWS\system32\lsass.exe[952] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0077000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2032] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0078000A
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[444] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0079000A
.text C:\WINDOWS\System32\alg.exe[2184] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0079000A
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[176] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 007C000A
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[520] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0082000A
.text C:\WINDOWS\system32\ctfmon.exe[2752] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009A000A
.text C:\WINDOWS\system32\spoolsv.exe[1888] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009A000A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2948] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009C000A
.text C:\Program Files\iTunes\iTunesHelper.exe[2696] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009C000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3268] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009C000A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2648] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009D000A
.text C:\WINDOWS\AGRSMMSG.exe[2240] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A2000A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1504] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A5000A
.text C:\Program Files\Secunia\PSI\psi.exe[3144] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A6000A
.text C:\WINDOWS\system32\rundll32.exe[2352] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00AA000A
.text C:\WINDOWS\Explorer.EXE[1788] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00AE000A
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2536] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00C0000A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[568] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00CD000A
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1360] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00D5000A
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3896] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00DB000A
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2208] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00E9000A
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2196] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00F7000A
.text C:\WINDOWS\RTHDCPL.EXE[2228] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 01A6000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[2928] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 08B7000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3812] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 08B7000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3888] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 08B8000A
.text C:\Documents and Settings\Owner\Desktop\gmer(2)\rename.exe[3536] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 08BF000A
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 8A2719E2
.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 8A2F751A
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP 8A2FA32A
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF0 5 Bytes JMP 8A2FA77A
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\system32\UACidperfilkivvspk.log 84315 bytes
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\drivers\kungsfrarjcgrp.sys (*** hidden *** ) [SYSTEM] kungsfevwdmnlm <-- ROOTKIT !!!
Service C:\WINDOWS\system32\drivers\UACtuwupfvkipfaiqk.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACtuwupfvkipfaiqk.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACtuwupfvkipfaiqk.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACbgujfipmvblhfog.db
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACbgujfipmvblhfog.db
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACidperfilkivvspk.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACidperfilkivvspk.log
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACmquqqyoxfxrkipq.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACmquqqyoxfxrkipq.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACosrqrdyubrxenqo.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACosrqrdyubrxenqo.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACqgrqulxsiefnngy.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACqgrqulxsiefnngy.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACvpcscpunvmkttru.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACvpcscpunvmkttru.log
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACvymouqjecwgjrww.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACvymouqjecwgjrww.dat
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACxxltxpsjkdlxrqu.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACxxltxpsjkdlxrqu.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACylnqelwwbrvfnme.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACylnqelwwbrvfnme.log
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACyxwswlmpklsyniu.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACyxwswlmpklsyniu.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm@imagepath \systemroot\system32\drivers\kungsfrarjcgrp.sys
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm\modules@kungsfrk.sys \systemroot\system32\drivers\kungsfrarjcgrp.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm@imagepath \systemroot\system32\drivers\kungsfrarjcgrp.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm\modules@kungsfrk.sys \systemroot\system32\drivers\kungsfrarjcgrp.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACtuwupfvkipfaiqk.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACtuwupfvkipfaiqk.sys
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm\modules@kungsfwsp.dll \systemroot\system32\kungsffttstdkt.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm\modules@kungsfwsp.dll \systemroot\system32\kungsffttstdkt.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm\modules@kungsflog.dat \systemroot\system32\kungsforbdyely.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm\modules@kungsflog.dat \systemroot\system32\kungsforbdyely.dat
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm\modules@kungsfcmd.dll \systemroot\system32\kungsforcfqfjt.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm\modules@kungsfcmd.dll \systemroot\system32\kungsforcfqfjt.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm\modules@kungsf.dat \systemroot\system32\kungsfrphvcwak.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm\modules@kungsf.dat \systemroot\system32\kungsfrphvcwak.dat
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\BTHUSB \Device\00000089 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000008b bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
---- System - GMER 1.0.15 ----
Code 8A2719DD IofCallDriver
Code 8A2F7515 IofCompleteRequest
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm\main\injector@* SKYNETwsp.dll
Code 8A2FA776 ZwEnumerateKey
Code 8A2FA326 ZwFlushInstructionCache
---- EOF - GMER 1.0.15 ----