GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-12-01 12:34:22 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST9120822A rev.3.ALC Running: triv81ir.exe; Driver: D:\DOCUME~1\JA\USTAWI~1\Temp\uxldypow.sys ---- System - GMER 1.0.15 ---- SSDT spvz.sys ZwCreateKey [0xF82820E0] SSDT spvz.sys ZwEnumerateKey [0xF829ADA4] SSDT spvz.sys ZwEnumerateValueKey [0xF829B132] SSDT spvz.sys ZwOpenKey [0xF82820C0] SSDT spvz.sys ZwQueryKey [0xF829B20A] SSDT spvz.sys ZwQueryValueKey [0xF829B08A] SSDT spvz.sys ZwSetValueKey [0xF829B29C] INT 0x62 ? 82175BF8 INT 0x63 ? 81FEABF8 INT 0x73 ? 81FEABF8 INT 0x94 ? 81FEABF8 INT 0xB4 ? 81FEABF8 ---- Kernel code sections - GMER 1.0.15 ---- ? spvz.sys Nie można odnaleźć określonego pliku. ! .text USBPORT.SYS!DllUnload F7A8262C 5 Bytes JMP 81FEA1D8 ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8283042] spvz.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F828313E] spvz.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F82830C0] spvz.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F8283800] spvz.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F82836D6] spvz.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8292B90] spvz.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 821741F8 Device \FileSystem\Fastfat \FatCdrom 8179F500 Device \Driver\usbuhci \Device\USBPDO-0 820251F8 Device \Driver\usbehci \Device\USBPDO-1 81F014D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 821E31F8 Device \Driver\dmio \Device\DmControl\DmConfig 821E31F8 Device \Driver\dmio \Device\DmControl\DmPnP 821E31F8 Device \Driver\dmio \Device\DmControl\DmInfo 821E31F8 Device \Driver\usbuhci \Device\USBPDO-2 820251F8 Device \Driver\usbuhci \Device\USBPDO-3 820251F8 Device \Driver\usbuhci \Device\USBPDO-4 820251F8 Device \Driver\Ftdisk \Device\HarddiskVolume1 821761F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 821761F8 Device \Driver\Cdrom \Device\CdRom0 821421F8 Device \Driver\Ftdisk \Device\HarddiskVolume3 821761F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 81ECE500 Device \Driver\NetBT \Device\NetBT_Tcpip_{EA3B92CF-3CA9-4886-AD9B-CAF902FD377B} 81ECE500 Device \Driver\usbuhci \Device\USBFDO-0 820251F8 Device \Driver\usbuhci \Device\USBFDO-1 820251F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 817A01F8 Device \Driver\usbuhci \Device\USBFDO-2 820251F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 817A01F8 Device \Driver\usbuhci \Device\USBFDO-3 820251F8 Device \Driver\usbehci \Device\USBFDO-4 81F014D8 Device \Driver\Ftdisk \Device\FtControl 821761F8 Device \FileSystem\Fastfat \Fat 8179F500 Device \FileSystem\Cdfs \Cdfs 815F3460 Device \FileSystem\Cdfs \Cdfs A9D40BCE ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5E 0x1E 0xAC 0xC1 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5E 0x1E 0xAC 0xC1 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION 215A0FF2860733C1C6A2113B2044AFBBEFB0E30182B95B65E888C42AAB5B99F4E189B0E3914219D0D8C6E0C14CB8D30C86AA4C284E849C43E0F6BF0A3089BDBAB20585F38CB8A55737669A6BE753295ED3C675152B774D9052A95BB832852C083C6DCA0C62CB5CEFB4A8ECCB5688F10A74CF1F27163D927FC2B10A0567CD8A8B8CB6C287226C81E70A860B6B20DF38FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A6A0AC4980AC79338EDD5E5BE2F6E667D319D8A7210FD2C9209674E1E38B34B209A3065AE4FA820E370CD2CBCAD8FC942A68C84A44DB3E3CADBF93F9E16178FD9C3E0C5243E98BA172F1E9781520E21A36234D24DC78A4F72AB19B9513D5B465D28AA39D92478236492B17AFD4522E83DF30540F7D4DF1DC1BF97E0237C8E80870626396DF8D9DCBDA78B77C832069CFC5599F67AE63A40C3B0E808C043F2AC76980359E2BD725267B7FFA70105FB1C436CCC0106AEB4F6C76C33E079F5F9F4DEA075A19EA69F5CDB1CA6520D90C3B6CB71E246E9FB71B276ED52349A676060251F8626D06A5031039C5CD243A414B9380C384EBB1BDC1ABF9E5712E2AF22E17B0BF36075C15CF7B02C2DF19F9C23CCAFE167275F79A13ABA1F5BF93ACEAFB7E4E278FD53C6676E4AFF79B9F5576FB675 ---- Files - GMER 1.0.15 ---- File D:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Xenocode\Sandbox\LdR_Alcohol_r.exe\2.0.1.2033\2010.09.18T21.28\Virtual\SXS\Alcohol Soft Development Team@1.0.0.\Alcohol Soft Development Team.manifest 588 bytes File D:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Xenocode\Sandbox\LdR_Alcohol_r.exe\2.0.1.2033\2010.09.18T21.28\Virtual\SXS\Alcohol Soft Development Team@1.0.0.\Alcohol Soft Development Team@1.0.0..manifest 588 bytes File D:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Xenocode\Sandbox\LdR_Alcohol_r.exe\2.0.1.2033\2010.09.18T21.28\Virtual\SXS\Alcohol Soft Development Team@1.9.7.\Alcohol Soft Development Team.manifest 588 bytes File D:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Xenocode\Sandbox\LdR_Alcohol_r.exe\2.0.1.2033\2010.09.18T21.28\Virtual\SXS\Alcohol Soft Development Team@1.9.7.\Alcohol Soft Development Team@1.9.7..manifest 588 bytes File D:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Xenocode\Sandbox\LdR_Alcohol_r.exe\2.0.1.2033\2010.09.18T21.28\Virtual\SXS\Alcohol Soft Development Team@1.9.9.\Alcohol Soft Development Team.manifest 588 bytes File D:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Xenocode\Sandbox\LdR_Alcohol_r.exe\2.0.1.2033\2010.09.18T21.28\Virtual\SXS\Alcohol Soft Development Team@1.9.9.\Alcohol Soft Development Team@1.9.9..manifest 588 bytes File D:\WINDOWS\$NtUninstallKB12347$\1070067715 0 bytes File D:\WINDOWS\$NtUninstallKB12347$\1070067715\@ 2048 bytes File D:\WINDOWS\$NtUninstallKB12347$\1070067715\L 0 bytes File D:\WINDOWS\$NtUninstallKB12347$\1070067715\L\omhtowln 49536 bytes File D:\WINDOWS\$NtUninstallKB12347$\1070067715\loader.tlb 2632 bytes File D:\WINDOWS\$NtUninstallKB12347$\1070067715\U 0 bytes File D:\WINDOWS\$NtUninstallKB12347$\1070067715\U\@00000001 45968 bytes File D:\WINDOWS\$NtUninstallKB12347$\1070067715\U\@000000c0 3072 bytes File D:\WINDOWS\$NtUninstallKB12347$\1070067715\U\@000000cb 3072 bytes File D:\WINDOWS\$NtUninstallKB12347$\1070067715\U\@000000cf 1536 bytes File D:\WINDOWS\$NtUninstallKB12347$\1070067715\U\@80000000 73728 bytes File D:\WINDOWS\$NtUninstallKB12347$\1070067715\U\@800000c0 41984 bytes File D:\WINDOWS\$NtUninstallKB12347$\1070067715\U\@800000cb 24576 bytes File D:\WINDOWS\$NtUninstallKB12347$\1070067715\U\@800000cf 31232 bytes File D:\WINDOWS\$NtUninstallKB12347$\3621901035 0 bytes ---- EOF - GMER 1.0.15 ----