GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-02-13 22:55:24 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0 ST325041 rev.3.AA Running: npb308tl.exe; Driver: C:\DOCUME~1\User\USTAWI~1\Temp\pgldqpoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\drivers\dwprot.sys ZwAllocateVirtualMemory [0xA5540D90] SSDT \SystemRoot\system32\drivers\dwprot.sys ZwCreateThread [0xA55421E4] SSDT \SystemRoot\system32\drivers\dwprot.sys ZwFreeVirtualMemory [0xA554100E] SSDT \SystemRoot\system32\drivers\dwprot.sys ZwOpenSection [0xA5540BAE] SSDT \SystemRoot\system32\drivers\dwprot.sys ZwQueueApcThread [0xA55422E6] SSDT \SystemRoot\system32\drivers\dwprot.sys ZwSetContextThread [0xA5542332] SSDT \SystemRoot\system32\drivers\dwprot.sys ZwSystemDebugControl [0xA5540AC4] SSDT \SystemRoot\system32\drivers\dwprot.sys ZwWriteVirtualMemory [0xA554111E] ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB58D83A0, 0x59FFE5, 0xE8000020] ? system32\drivers\dwprot.sys System nie może odnaleźć określonej ścieżki. ! ? C:\DOCUME~1\User\USTAWI~1\Temp\e2EVRCGD.sys Nie można odnaleźć określonego pliku. ! ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 88C62B68 Device \FileSystem\Ntfs \Ntfs 889B5730 Device \FileSystem\Ntfs \Ntfs 89CB9F08 Device \FileSystem\Ntfs \Ntfs 88B14200 Device \FileSystem\Ntfs \Ntfs 88AD0EF8 AttachedDevice \FileSystem\Ntfs \Ntfs dwprot.sys Device \FileSystem\Fastfat \FatCdrom 88BC6880 Device \FileSystem\Fastfat \FatCdrom 889F0BF8 Device \FileSystem\Fastfat \FatCdrom 88C2FE38 Device \FileSystem\Fastfat \FatCdrom 88AF62B0 AttachedDevice \Driver\Tcpip \Device\Ip dwprot.sys AttachedDevice \Driver\Tcpip \Device\Tcp dwprot.sys AttachedDevice \Driver\Tcpip \Device\Udp dwprot.sys AttachedDevice \Driver\Tcpip \Device\RawIp dwprot.sys Device \FileSystem\Fastfat \Fat 88BC6880 Device \FileSystem\Fastfat \Fat 889F0BF8 Device \FileSystem\Fastfat \Fat 88C2FE38 Device \FileSystem\Fastfat \Fat 88AF62B0 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat dwprot.sys ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE0 0x3D 0xD5 0x61 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6F 0xD2 0x82 0x06 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8D 0x96 0xFB 0xA0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE9 0x7C 0x2B 0x28 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xF9 0xF7 0xA8 0x62 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE0 0x3D 0xD5 0x61 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6F 0xD2 0x82 0x06 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8D 0x96 0xFB 0xA0 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE9 0x7C 0x2B 0x28 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xF9 0xF7 0xA8 0x62 ... ---- EOF - GMER 1.0.15 ----