GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-06-05 23:20:20 Windows 5.1.2600 Dodatek Service Pack 2 Running: 1vugicks.exe; Driver: C:\DOCUME~1\X\USTAWI~1\Temp\ffpyyfoc.sys ---- System - GMER 1.0.15 ---- SSDT d347bus.sys (PnP BIOS Extension/ ) ZwClose [0xF84BD818] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreateKey [0xF84BD7D0] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xF84B1A20] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF84B22A8] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF84BD910] SSDT d346bus.sys (PnP BIOS Extension/ ) ZwOpenFile [0xF8517A60] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xF84BD794] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xF84B22C8] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xF84BD866] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xF84BD0B0] ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF707F000, 0x1B85E6, 0xE8000020] pnidata C:\WINDOWS\system32\DRIVERS\secdrv.sys unknown last section [0xAEAD9F00, 0x24000, 0x48000000] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[2820] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) .text C:\WINDOWS\system32\svchost.exe[3240] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00402453 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 82571A90 Device \FileSystem\Fastfat \FatCdrom 8254FA70 AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\prodrv06 \Device\ProDrv06 E19FDC30 Device \Driver\Cdrom \Device\CdRom0 82059008 Device \FileSystem\Rdbss \Device\FsWrap 82064E78 Device \Driver\Cdrom \Device\CdRom1 82059008 Device \Driver\Cdrom \Device\CdRom2 82059008 Device \Driver\Cdrom \Device\CdRom3 82059008 Device \Driver\nvatabus \Device\00000069 820EAC70 Device \Driver\prohlp02 \Device\ProHlp02 E1452710 Device \FileSystem\Srv \Device\LanmanServer 81940868 AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\nvatabus \Device\0000006b 820EAC70 Device \Driver\nvatabus \Device\NvAta0 820EAC70 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 821FC150 Device \Driver\nvatabus \Device\NvAta1 820EAC70 Device \FileSystem\MRxSmb \Device\LanmanRedirector 821FC150 Device \FileSystem\Npfs \Device\NamedPipe 820C22A0 Device \FileSystem\Msfs \Device\Mailslot 82033030 Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 822D6788 Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 821BCF00 Device \Driver\d346prt \Device\Scsi\d346prt1 822D6788 Device \Driver\vax347s \Device\Scsi\vax347s1 8218D810 Device \Driver\vax347s \Device\Scsi\vax347s1Port4Path0Target0Lun0 8218D810 Device \Driver\d347prt \Device\Scsi\d347prt1 821BCF00 Device \FileSystem\Fastfat \Fat 8254FA70 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 82077FB0 Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 82077FB0 Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 82077FB0 Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 82077FB0 Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 82077FB0 Device \FileSystem\Cdfs \Cdfs 821CC7E8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\d346prt\Cfg\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x23 0x18 0x05 0xBA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg40 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x23 0x18 0x05 0xBA ... ---- EOF - GMER 1.0.15 ----