GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2010-12-09 02:42:33 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2060BH rev.00000028 Running: g_m_e_r.exe; Driver: C:\DOCUME~1\toshiba\USTAWI~1\Temp\pwrdipow.sys ---- System - GMER 1.0.15 ---- SSDT spqt.sys ZwCreateKey [0xF74530E0] SSDT spqt.sys ZwEnumerateKey [0xF7471CA2] SSDT spqt.sys ZwEnumerateValueKey [0xF7472030] SSDT spqt.sys ZwOpenKey [0xF74530C0] SSDT spqt.sys ZwQueryKey [0xF7472108] SSDT spqt.sys ZwQueryValueKey [0xF7471F88] SSDT spqt.sys ZwSetValueKey [0xF747219A] INT 0x82 ? 81B8BBF8 INT 0x83 ? 81B8BBF8 INT 0x83 ? 81B8BBF8 ---- Kernel code sections - GMER 1.0.15 ---- ? spqt.sys Nie można odnaleźć określonego pliku. ! ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 81B902D8 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7484C4C] spqt.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7484CA0] spqt.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7454040] spqt.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F745413C] spqt.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74540BE] spqt.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74547FC] spqt.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74546D2] spqt.sys IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] FFB5A5E0 IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7464048] spqt.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 81B891F8 AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \Driver\usbohci \Device\USBPDO-0 FFB59500 Device \Driver\usbohci \Device\USBPDO-1 FFB59500 Device \Driver\usbehci \Device\USBPDO-2 FFB58500 Device \Driver\NetBT \Device\NetBT_Tcpip_{E3E564DA-2CC7-44DC-A329-2383306085B0} FF9BB500 Device \Driver\Cdrom \Device\CdRom0 FFB54500 Device \Driver\atapi \Device\Ide\IdePort0 [F73AEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F73AEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F73AEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [F73AEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [F73AEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 [F73AEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBt_Wins_Export FF9BB500 Device \Driver\NetBT \Device\NetbiosSmb FF9BB500 Device \Driver\usbohci \Device\USBFDO-0 FFB59500 Device \Driver\usbohci \Device\USBFDO-1 FFB59500 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver FF9A3500 Device \Driver\usbehci \Device\USBFDO-2 FFB58500 Device \FileSystem\MRxSmb \Device\LanmanRedirector FF9A3500 Device \Driver\Ftdisk \Device\FtControl 81B8C1F8 Device \FileSystem\Cdfs \Cdfs FF99D500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001167c3fac8 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE6 0xCF 0xA2 0x47 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x67 0xCE 0xCE 0xF0 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE6 0xCF 0xA2 0x47 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x67 0xCE 0xCE 0xF0 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001167c3fac8 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE6 0xCF 0xA2 0x47 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x67 0xCE 0xCE 0xF0 ... ---- EOF - GMER 1.0.15 ----