GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-03-13 23:59:57 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3 SAMSUNG_HD502HI rev.1AG01118 Running: tcmmmxvk.exe; Driver: C:\DOCUME~1\Piotrek\USTAWI~1\Temp\pgtdypow.sys ---- System - GMER 1.0.15 ---- INT 0x83 ? 8A913CB8 INT 0x83 ? 8A652F00 INT 0x83 ? 8A913CB8 INT 0x84 ? 8A652F00 INT 0x94 ? 8A652F00 INT 0xB4 ? 8A90FCB8 INT 0xB4 ? 8A90FCB8 INT 0xB4 ? 8A90FCB8 INT 0xB4 ? 8A90FCB8 INT 0xB4 ? 8A652F00 INT 0xB4 ? 8A90FCB8 ---- Kernel code sections - GMER 1.0.15 ---- ? sptd.sys Nie można odnaleźć określonego pliku. ! .text C:\windows\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6D813A0, 0x59FFE5, 0xE8000020] .text USBPORT.SYS!DllUnload B6CFC8AC 5 Bytes JMP 8A652410 init C:\windows\system32\drivers\Senfilt.sys entry point in "init" section [0xB3E02A00] ? C:\windows\system32\drivers\hqhorn.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla firefox\firefox.exe[504] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01265B60 C:\Program Files\Mozilla firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla firefox\plugin-container.exe[1636] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 10450924 C:\Program Files\Mozilla firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla firefox\plugin-container.exe[1636] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 10450ECF C:\Program Files\Mozilla firefox\xul.dll (Mozilla Foundation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \windows\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [B7E8F232] sptd.sys IAT \windows\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [B7E8E730] sptd.sys IAT \windows\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [B7E8EF12] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7E8E730] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7E8E914] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7E8E856] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7E8F0F0] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7E8EF12] sptd.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A9531E8 Device \Driver\usbuhci \Device\USBPDO-0 8A6511E8 Device \Driver\usbuhci \Device\USBPDO-1 8A6511E8 Device \Driver\usbuhci \Device\USBPDO-2 8A6511E8 Device \Driver\usbuhci \Device\USBPDO-3 8A6511E8 Device \Driver\usbehci \Device\USBPDO-4 8A63A1E8 Device \Driver\Cdrom \Device\CdRom0 8A71B1E8 Device \Driver\atapi \Device\Ide\IdePort0 [B7DF8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B7DF8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [B7DF8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [B7DF8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e [B7DF8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 [B7DF8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBT_Tcpip_{8629B015-F153-4C5F-B7F6-D5A38269E24B} 8A485430 Device \Driver\NetBT \Device\NetBt_Wins_Export 8A485430 Device \Driver\NetBT \Device\NetbiosSmb 8A485430 Device \Driver\NetBT \Device\NetBT_Tcpip_{8C1389F8-89A8-4FF2-A65F-0E0EC682E8E9} 8A485430 Device \Driver\usbuhci \Device\USBFDO-0 8A6511E8 Device \Driver\usbuhci \Device\USBFDO-1 8A6511E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A726430 Device \Driver\usbuhci \Device\USBFDO-2 8A6511E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A726430 Device \Driver\usbuhci \Device\USBFDO-3 8A6511E8 Device \Driver\usbehci \Device\USBFDO-4 8A63A1E8 Device \Driver\JRAID \Device\Scsi\JRAID1Port4Path0Target0Lun0 8A9541E8 Device \Driver\JRAID \Device\Scsi\JRAID1 8A9541E8 Device \FileSystem\Fastfat \Fat 8A489430 Device \FileSystem\Fastfat \Fat 8AB99297 Device \FileSystem\Cdfs \Cdfs 8A45F430 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA7 0xCF 0x58 0x36 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x65 0xA1 0x0B 0xF8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x7F 0xC8 0x13 0x5B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xE5 0x9C 0xA6 0x60 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0xE1 0xAD 0x05 0x4E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDF 0x12 0xAD 0xE9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x98 0x08 0xA0 0x9B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x01 0x82 0xBE 0x9D ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBB 0x89 0xE6 0x58 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xF0 0xB8 0x8C 0xFC ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA7 0xCF 0x58 0x36 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x65 0xA1 0x0B 0xF8 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x7F 0xC8 0x13 0x5B ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xE5 0x9C 0xA6 0x60 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0xE1 0xAD 0x05 0x4E ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDF 0x12 0xAD 0xE9 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InProcServer32@ %SystemRoot%\system32\msxml3.dll Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InProcServer32@ThreadingModel Both Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\ProgID@ Msxml2.XSLTemplate Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\TypeLib@ {F5078F18-C551-11D3-89B9-0000F81FE221} Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\Version@ 3.0 Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\VersionIndependentProgID@ Msxml2.XSLTemplate ---- EOF - GMER 1.0.15 ----