GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-11-17 14:28:48 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\SiSRaid21Port2Path0Target0Lun0 WDC_WD40 rev.1.00 Running: gmer.exe; Driver: C:\DOCUME~1\User\USTAWI~1\Temp\pgliqpoc.sys ---- System - GMER 1.0.15 ---- SSDT spns.sys ZwCreateKey [0xF741D0E0] SSDT spns.sys ZwEnumerateKey [0xF7435DA4] SSDT spns.sys ZwEnumerateValueKey [0xF7436132] SSDT spns.sys ZwOpenKey [0xF741D0C0] SSDT spns.sys ZwQueryKey [0xF743620A] SSDT spns.sys ZwQueryValueKey [0xF743608A] SSDT spns.sys ZwSetValueKey [0xF743629C] INT 0x63 ? 85E52BF8 INT 0x83 ? 867DCBF8 INT 0x84 ? 85E52BF8 INT 0x94 ? 85E52BF8 INT 0xB4 ? 85E52BF8 ---- Kernel code sections - GMER 1.0.15 ---- ? spns.sys Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6B4A000, 0x2ACED8, 0xE8000020] .text USBPORT.SYS!DllUnload F6B158AC 5 Bytes JMP 85E521D8 ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F741E042] spns.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F741E13E] spns.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F741E0C0] spns.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F741E800] spns.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F741E6D6] spns.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F742DB90] spns.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8676B1F8 AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider) Device \FileSystem\Fastfat \FatCdrom 8503E1F8 Device \Driver\usbohci \Device\USBPDO-0 85E511F8 Device \Driver\usbohci \Device\USBPDO-1 85E511F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 867DA1F8 Device \Driver\dmio \Device\DmControl\DmConfig 867DA1F8 Device \Driver\dmio \Device\DmControl\DmPnP 867DA1F8 Device \Driver\dmio \Device\DmControl\DmInfo 867DA1F8 Device \Driver\usbohci \Device\USBPDO-2 85E511F8 Device \Driver\usbehci \Device\USBPDO-3 85E2F1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{B2DF8D92-A933-47C3-A8DA-BCABF36ACE8B} 857C21F8 Device \Driver\Ftdisk \Device\HarddiskVolume1 8676E1F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 8676E1F8 Device \Driver\Ftdisk \Device\HarddiskVolume3 8676E1F8 Device \Driver\atapi \Device\Ide\IdePort0 [F7370B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F7370B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBt_Wins_Export 857C21F8 Device \Driver\NetBT \Device\NetbiosSmb 857C21F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{2F0E2BF4-8F21-4456-ACFA-EEDEAEFF7243} 857C21F8 Device \Driver\usbohci \Device\USBFDO-0 85E511F8 Device \Driver\usbohci \Device\USBFDO-1 85E511F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8577E1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{E5CC72D5-5D0A-452B-AE0F-F64EB5DE01AE} 857C21F8 Device \Driver\usbohci \Device\USBFDO-2 85E511F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8577E1F8 Device \Driver\usbehci \Device\USBFDO-3 85E2F1F8 Device \Driver\Ftdisk \Device\FtControl 8676E1F8 Device \Driver\SiSRaid2 \Device\Scsi\SiSRaid21Port2Path0Target1Lun0 867D91F8 Device \Driver\SiSRaid2 \Device\Scsi\SiSRaid21 867D91F8 Device \Driver\SiSRaid2 \Device\Scsi\SiSRaid21Port2Path0Target0Lun0 867D91F8 Device \FileSystem\Fastfat \Fat 8503E1F8 AttachedDevice \FileSystem\Fastfat \Fat sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 ---- EOF - GMER 1.0.15 ----