GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-09-02 17:03:50 Windows 6.0.6002 Service Pack 2 Running: bew6bp2v.exe; Driver: C:\Users\Marek\AppData\Local\Temp\uglcypow.sys ---- System - GMER 1.0.15 ---- INT 0x51 ? 913F7A50 INT 0x61 ? 913F7CD0 INT 0x62 ? 913C1A50 INT 0x82 ? 913C12D0 INT 0xA1 ? 913F7550 INT 0xB2 ? 913F77D0 ---- Kernel code sections - GMER 1.0.15 ---- ? System32\Drivers\scdsfzct.sys Urządzenie podłączone do komputera nie działa. ! .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x9000B320, 0x3E4E87, 0xE8000020] C:\Program Files\HP\QuickPlay\000.fcl entry point in "" section [0xA3E28000] .clc C:\Program Files\HP\QuickPlay\000.fcl unknown last section [0xA3E29000, 0x1000, 0x00000000] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[904] kernel32.dll!SetUnhandledExceptionFilter 772DA84F 4 Bytes [C2, 04, 00, 00] ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 888D5540 AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) ---- Threads - GMER 1.0.15 ---- Thread System [4:3288] A3ED28C8 Thread System [4:3192] A3ED28C8 ---- Services - GMER 1.0.15 ---- Service (*** hidden *** ) [BOOT] scdsfzct <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186bce9f9 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186bce9f9@001d4fa0a043 0x2F 0x41 0x3D 0xC9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186bce9f9@00bd3a07a4bb 0x2C 0xB6 0x3E 0x71 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\scdsfzct@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\scdsfzct@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\scdsfzct@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\scdsfzct@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet002\Services\scdsfzct@Type 1 Reg HKLM\SYSTEM\ControlSet002\Services\scdsfzct@Start 0 Reg HKLM\SYSTEM\ControlSet002\Services\scdsfzct@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\Services\scdsfzct@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet003\Services\scdsfzct@Type 1 Reg HKLM\SYSTEM\ControlSet003\Services\scdsfzct@Start 0 Reg HKLM\SYSTEM\ControlSet003\Services\scdsfzct@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet003\Services\scdsfzct@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet004\Services\scdsfzct@Type 1 Reg HKLM\SYSTEM\ControlSet004\Services\scdsfzct@Start 0 Reg HKLM\SYSTEM\ControlSet004\Services\scdsfzct@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet004\Services\scdsfzct@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet005\Services\scdsfzct@Type 1 Reg HKLM\SYSTEM\ControlSet005\Services\scdsfzct@Start 0 Reg HKLM\SYSTEM\ControlSet005\Services\scdsfzct@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet005\Services\scdsfzct@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet006\Services\scdsfzct@Type 1 Reg HKLM\SYSTEM\ControlSet006\Services\scdsfzct@Start 0 Reg HKLM\SYSTEM\ControlSet006\Services\scdsfzct@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet006\Services\scdsfzct@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet007\Services\scdsfzct@Type 1 Reg HKLM\SYSTEM\ControlSet007\Services\scdsfzct@Start 0 Reg HKLM\SYSTEM\ControlSet007\Services\scdsfzct@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet007\Services\scdsfzct@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet008\Services\scdsfzct@Type 1 Reg HKLM\SYSTEM\ControlSet008\Services\scdsfzct@Start 0 Reg HKLM\SYSTEM\ControlSet008\Services\scdsfzct@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet008\Services\scdsfzct@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet009\Services\scdsfzct@Type 1 Reg HKLM\SYSTEM\ControlSet009\Services\scdsfzct@Start 0 Reg HKLM\SYSTEM\ControlSet009\Services\scdsfzct@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet009\Services\scdsfzct@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet010\Services\scdsfzct@Type 1 Reg HKLM\SYSTEM\ControlSet010\Services\scdsfzct@Start 0 Reg HKLM\SYSTEM\ControlSet010\Services\scdsfzct@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet010\Services\scdsfzct@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet011\Services\scdsfzct@Type 1 Reg HKLM\SYSTEM\ControlSet011\Services\scdsfzct@Start 0 Reg HKLM\SYSTEM\ControlSet011\Services\scdsfzct@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet011\Services\scdsfzct@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet012\Services\scdsfzct@Type 1 Reg HKLM\SYSTEM\ControlSet012\Services\scdsfzct@Start 0 Reg HKLM\SYSTEM\ControlSet012\Services\scdsfzct@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet012\Services\scdsfzct@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet013\Services\scdsfzct@Type 1 Reg HKLM\SYSTEM\ControlSet013\Services\scdsfzct@Start 0 Reg HKLM\SYSTEM\ControlSet013\Services\scdsfzct@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet013\Services\scdsfzct@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet014\Services\scdsfzct@Type 1 Reg HKLM\SYSTEM\ControlSet014\Services\scdsfzct@Start 0 Reg HKLM\SYSTEM\ControlSet014\Services\scdsfzct@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet014\Services\scdsfzct@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet015\Services\scdsfzct@Type 1 Reg HKLM\SYSTEM\ControlSet015\Services\scdsfzct@Start 0 Reg HKLM\SYSTEM\ControlSet015\Services\scdsfzct@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet015\Services\scdsfzct@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet016\Services\scdsfzct@Type 1 Reg HKLM\SYSTEM\ControlSet016\Services\scdsfzct@Start 0 Reg HKLM\SYSTEM\ControlSet016\Services\scdsfzct@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet016\Services\scdsfzct@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet017\Services\scdsfzct@Type 1 Reg HKLM\SYSTEM\ControlSet017\Services\scdsfzct@Start 0 Reg HKLM\SYSTEM\ControlSet017\Services\scdsfzct@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet017\Services\scdsfzct@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet018\Services\scdsfzct@Type 1 Reg HKLM\SYSTEM\ControlSet018\Services\scdsfzct@Start 0 Reg HKLM\SYSTEM\ControlSet018\Services\scdsfzct@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet018\Services\scdsfzct@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet019\Services\scdsfzct@Type 1 Reg HKLM\SYSTEM\ControlSet019\Services\scdsfzct@Start 0 Reg HKLM\SYSTEM\ControlSet019\Services\scdsfzct@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet019\Services\scdsfzct@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet020\Services\scdsfzct@Type 1 Reg HKLM\SYSTEM\ControlSet020\Services\scdsfzct@Start 0 Reg HKLM\SYSTEM\ControlSet020\Services\scdsfzct@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet020\Services\scdsfzct@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet021\Services\scdsfzct@Type 1 Reg HKLM\SYSTEM\ControlSet021\Services\scdsfzct@Start 0 Reg HKLM\SYSTEM\ControlSet021\Services\scdsfzct@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet021\Services\scdsfzct@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet022\Services\scdsfzct@Type 1 Reg HKLM\SYSTEM\ControlSet022\Services\scdsfzct@Start 0 Reg HKLM\SYSTEM\ControlSet022\Services\scdsfzct@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet022\Services\scdsfzct@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet023\Services\scdsfzct@Type 1 Reg HKLM\SYSTEM\ControlSet023\Services\scdsfzct@Start 0 Reg HKLM\SYSTEM\ControlSet023\Services\scdsfzct@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet023\Services\scdsfzct@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet024\Services\scdsfzct@Type 1 Reg HKLM\SYSTEM\ControlSet024\Services\scdsfzct@Start 0 Reg HKLM\SYSTEM\ControlSet024\Services\scdsfzct@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet024\Services\scdsfzct@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet025\Services\scdsfzct@Type 1 Reg HKLM\SYSTEM\ControlSet025\Services\scdsfzct@Start 0 Reg HKLM\SYSTEM\ControlSet025\Services\scdsfzct@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet025\Services\scdsfzct@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet026\Services\scdsfzct@Type 1 Reg HKLM\SYSTEM\ControlSet026\Services\scdsfzct@Start 0 Reg HKLM\SYSTEM\ControlSet026\Services\scdsfzct@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet026\Services\scdsfzct@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet027\Services\scdsfzct@Type 1 Reg HKLM\SYSTEM\ControlSet027\Services\scdsfzct@Start 0 Reg HKLM\SYSTEM\ControlSet027\Services\scdsfzct@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet027\Services\scdsfzct@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet028\Services\scdsfzct@Type 1 Reg HKLM\SYSTEM\ControlSet028\Services\scdsfzct@Start 0 Reg HKLM\SYSTEM\ControlSet028\Services\scdsfzct@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet028\Services\scdsfzct@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet029\Services\scdsfzct@Type 1 Reg HKLM\SYSTEM\ControlSet029\Services\scdsfzct@Start 0 Reg HKLM\SYSTEM\ControlSet029\Services\scdsfzct@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet029\Services\scdsfzct@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet030\Services\BTHPORT\Parameters\Keys\002186bce9f9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet030\Services\BTHPORT\Parameters\Keys\002186bce9f9@001d4fa0a043 0x2F 0x41 0x3D 0xC9 ... Reg HKLM\SYSTEM\ControlSet030\Services\BTHPORT\Parameters\Keys\002186bce9f9@00bd3a07a4bb 0x2C 0xB6 0x3E 0x71 ... Reg HKLM\SYSTEM\ControlSet030\Services\scdsfzct@Type 1 Reg HKLM\SYSTEM\ControlSet030\Services\scdsfzct@Start 0 Reg HKLM\SYSTEM\ControlSet030\Services\scdsfzct@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet030\Services\scdsfzct@Group Boot Bus Extender ---- EOF - GMER 1.0.15 ----