GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-02-04 16:44:30 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD16 rev.11.0 Running: gmer.exe; Driver: C:\DOCUME~1\DG\USTAWI~1\Temp\pxtdqpow.sys ---- System - GMER 1.0.15 ---- SSDT spyb.sys ZwCreateKey [0xF74030E0] SSDT spyb.sys ZwEnumerateKey [0xF741BDA4] SSDT spyb.sys ZwEnumerateValueKey [0xF741C132] SSDT spyb.sys ZwOpenKey [0xF74030C0] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA6F516C0] SSDT spyb.sys ZwQueryKey [0xF741C20A] SSDT spyb.sys ZwQueryValueKey [0xF741C08A] SSDT spyb.sys ZwSetValueKey [0xF741C29C] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA6F51770] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA6F51810] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA6F518B0] INT 0x73 ? 85490BF8 INT 0x74 ? 85490BF8 INT 0x74 ? 85490BF8 INT 0x84 ? 85490BF8 INT 0xB4 ? 85FD8BF8 INT 0xB4 ? 85490BF8 INT 0xB4 ? 85490BF8 INT 0xB4 ? 85490BF8 INT 0xB4 ? 85FD8BF8 ---- Kernel code sections - GMER 1.0.15 ---- ? spyb.sys Nie można odnaleźć określonego pliku. ! .text USBPORT.SYS!DllUnload F5ECA8AC 5 Bytes JMP 854901D8 ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[1976] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4092] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 10402342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7413B90] spyb.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 85FD71F8 AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. ) AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\NetBT \Device\NetBT_Tcpip_{734A6553-2C9E-46F7-BFED-B28148211D43} 8542F1F8 AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \Driver\usbuhci \Device\USBPDO-0 853D41F8 Device \Driver\usbuhci \Device\USBPDO-1 853D41F8 Device \Driver\usbuhci \Device\USBPDO-2 853D41F8 Device \Driver\usbehci \Device\USBPDO-3 853C01F8 Device \Driver\usbuhci \Device\USBPDO-4 853D41F8 AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBPDO-5 853D41F8 Device \Driver\usbuhci \Device\USBPDO-6 853D41F8 Device \Driver\Ftdisk \Device\HarddiskVolume1 85F671F8 Device \Driver\usbehci \Device\USBPDO-7 853C01F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 85F671F8 Device \Driver\Cdrom \Device\CdRom0 853561F8 Device \Driver\iaStor \Device\Ide\iaStor0 [F72E45A0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [F72E45A0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [F72E45A0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBt_Wins_Export 8542F1F8 Device \Driver\NetBT \Device\NetbiosSmb 8542F1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{CD1DE087-C650-43EB-98ED-525D5BAF9DD4} 8542F1F8 AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 853D41F8 Device \Driver\usbuhci \Device\USBFDO-1 853D41F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 84D4B500 Device \Driver\usbuhci \Device\USBFDO-2 853D41F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 84D4B500 Device \Driver\usbehci \Device\USBFDO-3 853C01F8 Device \Driver\Ftdisk \Device\FtControl 85F671F8 Device \Driver\usbuhci \Device\USBFDO-4 853D41F8 Device \Driver\usbuhci \Device\USBFDO-5 853D41F8 Device \Driver\usbuhci \Device\USBFDO-6 853D41F8 Device \Driver\usbehci \Device\USBFDO-7 853C01F8 Device \FileSystem\Cdfs \Cdfs 8532E1F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDA 0xF1 0xF1 0x36 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDA 0xF1 0xF1 0x36 ... ---- EOF - GMER 1.0.15 ----