GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-01-25 11:37:20 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD321KJ rev.CP100-12 Running: poc5h6cj.exe; Driver: C:\Users\Damian\AppData\Local\Temp\uxryrpod.sys ---- System - GMER 1.0.15 ---- INT 0x52 ? 86E41F00 INT 0x62 ? 8538EBF8 INT 0x72 ? 8538EBF8 INT 0x82 ? 8538EBF8 INT 0x82 ? 8538EBF8 INT 0x82 ? 86E41F00 INT 0x82 ? 8538EBF8 INT 0xB3 ? 86E41F00 ---- Kernel code sections - GMER 1.0.15 ---- ? System32\Drivers\spll.sys System nie może odnaleźć określonej ścieżki. ! .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8EA10000, 0x1F4234, 0xE8000020] .text USBPORT.SYS!DllUnload 8EFCB41B 5 Bytes JMP 86E414E0 ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8069A6D2] \SystemRoot\System32\Drivers\spll.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8069A040] \SystemRoot\System32\Drivers\spll.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8069A7FC] \SystemRoot\System32\Drivers\spll.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8069A0BE] \SystemRoot\System32\Drivers\spll.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069A13C] \SystemRoot\System32\Drivers\spll.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806AA048] \SystemRoot\System32\Drivers\spll.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 85D211F8 Device \Driver\volmgr \Device\VolMgrControl 853901F8 Device \Driver\usbuhci \Device\USBPDO-0 86DF41F8 Device \Driver\usbuhci \Device\USBPDO-1 86DF41F8 Device \Driver\usbuhci \Device\USBPDO-2 86DF41F8 Device \Driver\USBSTOR \Device\00000060 873DC1F8 Device \Driver\usbuhci \Device\USBPDO-3 86DF41F8 Device \Driver\USBSTOR \Device\00000061 873DC1F8 Device \Driver\usbehci \Device\USBPDO-4 86DEA1F8 Device \Driver\USBSTOR \Device\00000062 873DC1F8 Device \Driver\USBSTOR \Device\00000063 873DC1F8 Device \Driver\volmgr \Device\HarddiskVolume1 853901F8 Device \Driver\cdrom \Device\CdRom0 8702F1F8 Device \Driver\volmgr \Device\HarddiskVolume2 853901F8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 85D201F8 Device \Driver\atapi \Device\Ide\IdePort0 85D201F8 Device \Driver\atapi \Device\Ide\IdePort1 85D201F8 Device \Driver\atapi \Device\Ide\IdePort2 85D201F8 Device \Driver\atapi \Device\Ide\IdePort3 85D201F8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-4 85D201F8 Device \Driver\volmgr \Device\HarddiskVolume3 853901F8 Device \Driver\volmgr \Device\HarddiskVolume4 853901F8 Device \Driver\netbt \Device\NetBt_Wins_Export 871FA500 Device \Driver\Smb \Device\NetbiosSmb 871F51F8 Device \Driver\netbt \Device\NetBT_Tcpip_{AF0A8EC2-D966-42E7-912D-15B9B5A1A004} 871FA500 Device \Driver\iScsiPrt \Device\RaidPort0 86DEF1F8 Device \Driver\usbuhci \Device\USBFDO-0 86DF41F8 Device \Driver\usbuhci \Device\USBFDO-1 86DF41F8 Device \Driver\usbuhci \Device\USBFDO-2 86DF41F8 Device \Driver\usbuhci \Device\USBFDO-3 86DF41F8 Device \Driver\usbehci \Device\USBFDO-4 86DEA1F8 Device \FileSystem\cdfs \Cdfs 87B081F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\111111111111 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\111111111111@001e7d226942 0x3B 0x35 0xDA 0x24 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\111111111111@0018135fe7e6 0x06 0x15 0xF6 0xAB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\111111111111@0025cf8d86de 0xF8 0x8D 0x01 0xE3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\111111111111@00265f96e15a 0x9E 0x57 0x5E 0x0D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0x0D 0xBC 0x04 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\111111111111 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\111111111111@001e7d226942 0x3B 0x35 0xDA 0x24 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\111111111111@0018135fe7e6 0x06 0x15 0xF6 0xAB ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\111111111111@0025cf8d86de 0xF8 0x8D 0x01 0xE3 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\111111111111@00265f96e15a 0x9E 0x57 0x5E 0x0D ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0x0D 0xBC 0x04 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{299CD18E-06B4-0D4C-90CF-F3EA2EB53D75} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{299CD18E-06B4-0D4C-90CF-F3EA2EB53D75}@dafodnec 0x64 0x62 0x65 0x6D ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{299CD18E-06B4-0D4C-90CF-F3EA2EB53D75}@iaamdcpnecgneibokp 0x6B 0x61 0x6D 0x6B ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{299CD18E-06B4-0D4C-90CF-F3EA2EB53D75}@hakmmfhpapklioij 0x6B 0x61 0x6D 0x6B ... ---- EOF - GMER 1.0.15 ----