GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-08-08 11:43:02 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 Hitachi_HTS541612J9SA00 rev.SBDOC7KP Running: v1djue9y.exe; Driver: C:\Users\Danuta\AppData\Local\Temp\pxddypog.sys ---- System - GMER 1.0.15 ---- INT 0x62 ? 85683F00 INT 0x72 ? 85683F00 INT 0x82 ? 84449BF8 INT 0x92 ? 84449BF8 INT 0xA2 ? 84449BF8 INT 0xA2 ? 84449BF8 INT 0xA2 ? 85683F00 INT 0xA2 ? 84449BF8 INT 0xB2 ? 85683F00 INT 0xB3 ? 85683F00 ---- Kernel code sections - GMER 1.0.15 ---- ? System32\Drivers\spqg.sys System nie może odnaleźć określonej ścieżki. ! .text USBPORT.SYS!DllUnload 8854441B 5 Bytes JMP 856834E0 .text a3m1usvb.SYS 883A4000 22 Bytes [82, 93, 9C, 82, 6C, 92, 9C, ...] .text a3m1usvb.SYS 883A4017 145 Bytes [00, 32, 07, 79, 80, 3D, 05, ...] .text a3m1usvb.SYS 883A40A9 35 Bytes [E2, 64, 82, A0, D9, 64, 82, ...] .text a3m1usvb.SYS 883A40CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, ...] .text a3m1usvb.SYS 883A40DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...] .text ... ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806866D6] \SystemRoot\System32\Drivers\spqg.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80686042] \SystemRoot\System32\Drivers\spqg.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80686800] \SystemRoot\System32\Drivers\spqg.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806860C0] \SystemRoot\System32\Drivers\spqg.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068613E] \SystemRoot\System32\Drivers\spqg.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [80695E9C] \SystemRoot\System32\Drivers\spqg.sys IAT \SystemRoot\System32\Drivers\a3m1usvb.SYS[ataport.SYS!AtaPortNotification] CC358B04 IAT \SystemRoot\System32\Drivers\a3m1usvb.SYS[ataport.SYS!AtaPortWritePortUchar] 83883C9F IAT \SystemRoot\System32\Drivers\a3m1usvb.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6 IAT \SystemRoot\System32\Drivers\a3m1usvb.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514 IAT \SystemRoot\System32\Drivers\a3m1usvb.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 100D8BA5 IAT \SystemRoot\System32\Drivers\a3m1usvb.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F883C70 IAT \SystemRoot\System32\Drivers\a3m1usvb.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889 IAT \SystemRoot\System32\Drivers\a3m1usvb.SYS[ataport.SYS!AtaPortStallExecution] 54771129 IAT \SystemRoot\System32\Drivers\a3m1usvb.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E IAT \SystemRoot\System32\Drivers\a3m1usvb.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00 IAT \SystemRoot\System32\Drivers\a3m1usvb.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC IAT \SystemRoot\System32\Drivers\a3m1usvb.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B IAT \SystemRoot\System32\Drivers\a3m1usvb.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000 IAT \SystemRoot\System32\Drivers\a3m1usvb.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910 IAT \SystemRoot\System32\Drivers\a3m1usvb.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491 IAT \SystemRoot\System32\Drivers\a3m1usvb.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900 IAT \SystemRoot\System32\Drivers\a3m1usvb.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980 IAT \SystemRoot\System32\Drivers\a3m1usvb.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B IAT \SystemRoot\System32\Drivers\a3m1usvb.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557 IAT \SystemRoot\System32\Drivers\a3m1usvb.SYS[ataport.SYS!AtaPortInitialize] B18D0502 IAT \SystemRoot\System32\Drivers\a3m1usvb.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8 IAT \SystemRoot\System32\Drivers\a3m1usvb.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1104] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [742F7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1104] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7433B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1104] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [742FBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1104] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [742EF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1104] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [742F75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1104] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [742EE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1104] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [743273F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1104] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [742FDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1104] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [742EFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1104] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [742EFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1104] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [742E71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1104] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7437CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1104] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7431C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1104] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [742ED968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1104] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [742E6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1104] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [742E687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1104] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [742F2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8520C1F8 Device \FileSystem\fastfat \FatCdrom 85BE71F8 Device \Driver\volmgr \Device\VolMgrControl 8444B1F8 Device \Driver\usbuhci \Device\USBPDO-0 854FA1F8 Device \Driver\usbuhci \Device\USBPDO-1 854FA1F8 Device \Driver\usbehci \Device\USBPDO-2 854F91F8 Device \Driver\usbuhci \Device\USBPDO-3 854FA1F8 Device \Driver\usbuhci \Device\USBPDO-4 854FA1F8 Device \Driver\usbuhci \Device\USBPDO-5 854FA1F8 Device \Driver\sptd \Device\2492231548 spqg.sys Device \Driver\usbehci \Device\USBPDO-6 854F91F8 Device \Driver\volmgr \Device\HarddiskVolume1 8444B1F8 Device \Driver\volmgr \Device\HarddiskVolume2 8444B1F8 Device \Driver\cdrom \Device\CdRom0 854F81F8 Device \Driver\PCI_PNP7534 \Device\00000059 spqg.sys Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8520B1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 8520B1F8 Device \Driver\atapi \Device\Ide\IdePort0 8520B1F8 Device \Driver\atapi \Device\Ide\IdePort1 8520B1F8 Device \Driver\atapi \Device\Ide\IdePort2 8520B1F8 Device \Driver\atapi \Device\Ide\IdePort3 8520B1F8 Device \Driver\volmgr \Device\HarddiskVolume3 8444B1F8 Device \Driver\cdrom \Device\CdRom1 854F81F8 Device \Driver\USBSTOR \Device\00000075 85BA01F8 Device \Driver\USBSTOR \Device\00000076 85BA01F8 Device \Driver\iScsiPrt \Device\RaidPort0 855591F8 Device \Driver\usbuhci \Device\USBFDO-0 854FA1F8 Device \Driver\usbuhci \Device\USBFDO-1 854FA1F8 Device \Driver\usbehci \Device\USBFDO-2 854F91F8 Device \Driver\usbuhci \Device\USBFDO-3 854FA1F8 Device \Driver\usbuhci \Device\USBFDO-4 854FA1F8 Device \Driver\usbuhci \Device\USBFDO-5 854FA1F8 Device \Driver\usbehci \Device\USBFDO-6 854F91F8 Device \Driver\a3m1usvb \Device\Scsi\a3m1usvb1Port5Path0Target0Lun0 854AA1F8 Device \Driver\a3m1usvb \Device\Scsi\a3m1usvb1 854AA1F8 Device \FileSystem\fastfat \Fat 85BE71F8 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat InCDRec.sys (InCD File System Recognizer/Nero AG) Device \FileSystem\cdfs \Cdfs 85875500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7D 0x60 0x00 0xF9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEA 0x65 0x25 0xBB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xED 0xC9 0x2E 0xE3 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7D 0x60 0x00 0xF9 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEA 0x65 0x25 0xBB ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xED 0xC9 0x2E 0xE3 ... ---- EOF - GMER 1.0.15 ----