Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Tuesday 4.3.2025 / 12:12
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > rootkit
Show topics
 
Forums
Forums
rootkit
  Jump to:
 
Posted Message
xcmbm
Newbie
_ 		19. March 2009 @ 19:00 _ Link to this message    Send private message to this user   
hi all

i scaned my computer with Mcafee rootkit detective, first it found 6 infections, I deleted those infections and restarted my computer then scan again, and 20 infections were found. The number of infections just increase every time I scan for rootkit. here is the last Rootkit Detective Report


McAfee(R) Rootkit Detective 1.0 scan report
On 19-03-2009 at 16:19:03
OS-Version 5.1.2600
Service Pack 3.0
====================================

Object-Type: SSDT-hook
Object-Name: ZwClose
Object-Path: C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

Object-Type: SSDT-hook
Object-Name: ZwCreateFile
Object-Path: C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

Object-Type: SSDT-hook
Object-Name: ZwCreateKey
Object-Path: C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

Object-Type: SSDT-hook
Object-Name: ZwCreateSection
Object-Path: C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

Object-Type: SSDT-hook
Object-Name: ZwDeleteKey
Object-Path: C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

Object-Type: SSDT-hook
Object-Name: ZwDeleteValueKey
Object-Path: C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

Object-Type: SSDT-hook
Object-Name: ZwEnumerateKey
Object-Path: \SystemRoot\System32\drivers\spaj.sys

Object-Type: SSDT-hook
Object-Name: ZwEnumerateValueKey
Object-Path: \SystemRoot\System32\drivers\spaj.sys

Object-Type: SSDT-hook
Object-Name: ZwLoadDriver
Object-Path: C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

Object-Type: SSDT-hook
Object-Name: ZwOpenFile
Object-Path: C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

Object-Type: SSDT-hook
Object-Name: ZwOpenKey
Object-Path: \SystemRoot\System32\drivers\spaj.sys

Object-Type: SSDT-hook
Object-Name: ZwQueryKey
Object-Path: \SystemRoot\System32\drivers\spaj.sys

Object-Type: SSDT-hook
Object-Name: ZwQueryValueKey
Object-Path: \SystemRoot\System32\drivers\spaj.sys

Object-Type: SSDT-hook
Object-Name: ZwSetValueKey
Object-Path: C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

Object-Type: SSDT-hook
Object-Name: ZwTerminateProcess
Object-Path: C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

Object-Type: SSDT-hook
Object-Name: ZwWriteFile
Object-Path: C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_SYSTEM_CONTROL
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_POWER
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_CLEANUP
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_SHUTDOWN
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_INTERNAL_DEVICE_CONTROL
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_DEVICE_CONTROL
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_FLUSH_BUFFERS
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_WRITE
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_READ
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_CREATE
Object-Path:

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 19659239224E364682FA4BAF72C53EA4td\Cfg
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 00000001ontrolSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 0Jf40M\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 0Jf40.RENntrolSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 0Jf40.REN.RENlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 0Jf40.REN.REN.REN002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 0Jf40.REN.REN.REN.RENServices\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN.REN
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN.REN
Status: Unable to access registry key

Object-Type: Registry-value
Object-Name: khjeh
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN.REN
Status: Hidden

Object-Type: Registry-key
Object-Name: 0Jf40.REN.REN.REN.REN.RENices\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN.REN.REN
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN.REN.REN
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 0Jf40.REN.REN.REN.REN.REN.REN\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN.REN.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN.REN.REN.REN
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN.REN.REN.REN
Status: Unable to access registry key

Object-Type: Registry-value
Object-Name: khjeh
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN.REN.REN.REN
Status: Hidden

Object-Type: Registry-key
Object-Name: 00000001.RENolSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN.REN.REN.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 00000001.REN.RENt002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 00000001.REN.REN.REN\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 00000001.REN.REN.REN.RENvices\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN.REN
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN.REN
Status: Unable to access registry key

Object-Type: Registry-value
Object-Name: a0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN.REN
Status: Hidden

Object-Type: Registry-value
Object-Name: khjeh
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN.REN
Status: Hidden

Object-Type: Registry-key
Object-Name: 00000001.REN.REN.REN.REN.RENs\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN.REN.REN
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN.REN.REN
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 00000001.REN.REN.REN.REN.REN.RENtd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN.REN.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN.REN.REN.REN
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN.REN.REN.REN
Status: Unable to access registry key

Object-Type: Registry-value
Object-Name: a0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN.REN.REN.REN
Status: Hidden

Object-Type: Registry-value
Object-Name: khjeh
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN.REN.REN.REN
Status: Hidden

Object-Type: Registry-value
Object-Name: p0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: h0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: khjeh
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: s1
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: s2
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: g0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: h0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-key
Object-Name: 19659239224E364682FA4BAF72C53EA4td\Cfg
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-key
Object-Name: 00000001ontrolSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Hidden

Object-Type: Registry-key
Object-Name: 0Jf40M\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Status: Hidden

Object-Type: Registry-key
Object-Name: 0Jf40.RENntrolSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN
Status: Hidden

Object-Type: Registry-key
Object-Name: 0Jf40.REN.RENlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN
Status: Hidden

Object-Type: Registry-key
Object-Name: 0Jf40.REN.REN.REN004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN
Status: Hidden

Object-Type: Registry-key
Object-Name: 0Jf40.REN.REN.REN.RENServices\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN.REN
Status: Hidden

Object-Type: Registry-key
Object-Name: 0Jf40.REN.REN.REN.REN.RENices\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN.REN.REN
Status: Hidden

Object-Type: Registry-key
Object-Name: 0Jf40.REN.REN.REN.REN.REN.REN\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN.REN.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN.REN.REN.REN
Status: Hidden

Object-Type: Registry-key
Object-Name: 00000001.RENolSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN.REN.REN.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN
Status: Hidden

Object-Type: Registry-key
Object-Name: 00000001.REN.RENt004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN
Status: Hidden

Object-Type: Registry-key
Object-Name: 00000001.REN.REN.REN\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN
Status: Hidden

Object-Type: Registry-key
Object-Name: 00000001.REN.REN.REN.RENvices\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN.REN
Status: Hidden

Object-Type: Registry-key
Object-Name: 00000001.REN.REN.REN.REN.RENs\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN.REN.REN
Status: Hidden

Object-Type: Registry-key
Object-Name: 00000001.REN.REN.REN.REN.REN.RENtd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN.REN.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN.REN.REN.REN
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 19659239224E364682FA4BAF72C53EA4td\Cfg
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 00000001ontrolSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 0Jf40M\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 0Jf40.RENntrolSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 0Jf40.REN.RENlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 0Jf40.REN.REN.REN002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 0Jf40.REN.REN.REN.RENServices\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN.REN
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN.REN
Status: Unable to access registry key

Object-Type: Registry-value
Object-Name: khjeh
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN.REN
Status: Hidden

Object-Type: Registry-key
Object-Name: 0Jf40.REN.REN.REN.REN.RENices\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN.REN.REN
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN.REN.REN
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 0Jf40.REN.REN.REN.REN.REN.REN\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN.REN.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN.REN.REN.REN
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN.REN.REN.REN
Status: Unable to access registry key

Object-Type: Registry-value
Object-Name: khjeh
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN.REN.REN.REN
Status: Hidden

Object-Type: Registry-key
Object-Name: 00000001.RENolSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40.REN.REN.REN.REN.REN.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 00000001.REN.RENt002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 00000001.REN.REN.REN\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 00000001.REN.REN.REN.RENvices\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN.REN
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN.REN
Status: Unable to access registry key

Object-Type: Registry-value
Object-Name: a0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN.REN
Status: Hidden

Object-Type: Registry-value
Object-Name: khjeh
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN.REN
Status: Hidden

Object-Type: Registry-key
Object-Name: 00000001.REN.REN.REN.REN.RENs\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN.REN.REN
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN.REN.REN
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 00000001.REN.REN.REN.REN.REN.RENtd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN.REN.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN.REN.REN.REN
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN.REN.REN.REN
Status: Unable to access registry key

Object-Type: Registry-value
Object-Name: a0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN.REN.REN.REN
Status: Hidden

Object-Type: Registry-value
Object-Name: khjeh
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN.REN.REN.REN.REN.REN
Status: Hidden

Object-Type: Registry-value
Object-Name: p0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: h0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: khjeh
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: s1
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: s2
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: g0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: h0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg
Status: Hidden

Object-Type: Process
Object-Name: avgtray.exe
Pid: 2448
Object-Path: C:\PROGRA~1\AVG\AVG8\avgtray.exe
Status: Visible

Object-Type: Process
Object-Name: System Idle Process
Pid: 0
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: ati2evxx.exe
Pid: 1240
Object-Path: C:\WINDOWS\system32\ati2evxx.exe
Status: Visible

Object-Type: Process
Object-Name: PDVDServ.exe
Pid: 2232
Object-Path: C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
Status: Visible

Object-Type: Process
Object-Name: smss.exe
Pid: 436
Object-Path: C:\WINDOWS\system32\smss.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 932
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: spoolsv.exe
Pid: 1120
Object-Path: C:\WINDOWS\system32\spoolsv.exe
Status: Visible

Object-Type: Process
Object-Name: avgwdsvc.exe
Pid: 1368
Object-Path: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
Status: Visible

Object-Type: Process
Object-Name: PRISMXL.SYS
Pid: 1492
Object-Path: C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
Status: Visible

Object-Type: Process
Object-Name: avgnsx.exe
Pid: 1740
Object-Path: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
Status: Visible

Object-Type: Process
Object-Name: System
Pid: 4
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: rundll32.exe
Pid: 2888
Object-Path: C:\WINDOWS\system32\rundll32.exe
Status: Visible

Object-Type: Process
Object-Name: SpywareTerminat
Pid: 3136
Object-Path: C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
Status: Visible

Object-Type: Process
Object-Name: services.exe
Pid: 564
Object-Path: C:\WINDOWS\system32\services.exe
Status: Visible

Object-Type: Process
Object-Name: wdfmgr.exe
Pid: 1652
Object-Path: C:\WINDOWS\system32\wdfmgr.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 816
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: GoogleUpdate.ex
Pid: 1468
Object-Path: C:\Program Files\Google\Update\GoogleUpdate.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 756
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: iexplore.exe
Pid: 3516
Object-Path: C:\Program Files\Internet Explorer\iexplore.exe
Status: Visible

Object-Type: Process
Object-Name: avgcsrvx.exe
Pid: 200
Object-Path: C:\Program Files\AVG\AVG8\avgcsrvx.exe
Status: Visible

Object-Type: Process
Object-Name: CToolbar.exe
Pid: 3456
Object-Path: C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 884
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: lsass.exe
Pid: 576
Object-Path: C:\WINDOWS\system32\lsass.exe
Status: Visible

Object-Type: Process
Object-Name: explorer.exe
Pid: 1196
Object-Path: C:\WINDOWS\explorer.exe
Status: Visible

Object-Type: Process
Object-Name: sp_rsser.exe
Pid: 1600
Object-Path: C:\Program Files\Spyware Terminator\sp_rsser.exe
Status: Visible

Object-Type: Process
Object-Name: Rootkit_Detecti
Pid: 704
Object-Path: C:\Documents and Settings\Luan\Desktop\Rootkit_Detective.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 952
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: avgemc.exe
Pid: 1696
Object-Path: C:\PROGRA~1\AVG\AVG8\avgemc.exe
Status: Visible

Object-Type: Process
Object-Name: 2PortalMon.exe
Pid: 2440
Object-Path: C:\Program Files\2Wire\2PortalMon.exe
Status: Visible

Object-Type: Process
Object-Name: firefox.exe
Pid: 2316
Object-Path: C:\Program Files\Mozilla Firefox\firefox.exe
Status: Visible

Object-Type: Process
Object-Name: avgrsx.exe
Pid: 1728
Object-Path: C:\Program Files\AVG\AVG8\avgrsx.exe
Status: Visible

Object-Type: Process
Object-Name: alg.exe
Pid: 860
Object-Path: C:\WINDOWS\system32\alg.exe
Status: Visible

Object-Type: Process
Object-Name: winlogon.exe
Pid: 520
Object-Path: C:\WINDOWS\system32\winlogon.exe
Status: Visible

Object-Type: Process
Object-Name: RTHDCPL.EXE
Pid: 2412
Object-Path: C:\WINDOWS\RTHDCPL.EXE
Status: Visible

Object-Type: Process
Object-Name: bigfix.exe
Pid: 3156
Object-Path: C:\Program Files\BigFix\bigfix.exe
Status: Visible

Object-Type: Process
Object-Name: csrss.exe
Pid: 492
Object-Path: C:\WINDOWS\system32\csrss.exe
Status: Visible

Object-Type: Process
Object-Name: ati2evxx.exe
Pid: 740
Object-Path: C:\WINDOWS\system32\ati2evxx.exe
Status: Visible

Scan complete. Hidden registry keys/values: 71

I already scaned my computer with AVG anti-virus,and Malwarebytes' Anti-Malware and nothing was found . Could someone help me with this problem ? thank you in advance and sorry for my English
[ + quote]
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > rootkit
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork