GMER 1.0.15.15570 - http://www.gmer.net Rootkit scan 2011-03-22 20:27:23 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS543225L9A300 rev.FBEOC40C Running: 2dvnv6o2.exe; Driver: C:\DOCUME~1\R\USTAWI~1\Temp\afxiyfod.sys ---- System - GMER 1.0.15 ---- SSDT BA6EFD7E ZwCreateKey SSDT BA6EFD74 ZwCreateThread SSDT BA6EFD83 ZwDeleteKey SSDT BA6EFD8D ZwDeleteValueKey SSDT spzx.sys ZwEnumerateKey [0xB9EC5CA4] SSDT spzx.sys ZwEnumerateValueKey [0xB9EC6032] SSDT BA6EFD92 ZwLoadKey SSDT spzx.sys ZwOpenKey [0xB9EA70C0] SSDT BA6EFD60 ZwOpenProcess SSDT BA6EFD65 ZwOpenThread SSDT spzx.sys ZwQueryKey [0xB9EC610A] SSDT spzx.sys ZwQueryValueKey [0xB9EC5F8A] SSDT BA6EFD9C ZwReplaceKey SSDT BA6EFD97 ZwRestoreKey SSDT BA6EFD88 ZwSetValueKey INT 0x63 ? 8A25EBF8 INT 0x73 ? 8A25EBF8 INT 0xA4 ? 8A25EBF8 INT 0xA4 ? 8A25EBF8 INT 0xA4 ? 8A25EBF8 INT 0xB4 ? 8A513BF8 ---- Kernel code sections - GMER 1.0.15 ---- ? spzx.sys Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB95C1000, 0x19D612, 0xE8000020] .text USBPORT.SYS!DllUnload B940F62C 5 Bytes JMP 8A25E1D8 ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3184] USER32.dll!TrackPopupMenu 77D84F16 5 Bytes JMP 10406373 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3376] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA8042] spzx.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA813E] spzx.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA80C0] spzx.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA8800] spzx.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA86D6] spzx.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EB7E9C] spzx.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A5121F8 Device \Driver\usbohci \Device\USBPDO-0 8A2E81F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A4A21F8 Device \Driver\dmio \Device\DmControl\DmConfig 8A4A21F8 Device \Driver\dmio \Device\DmControl\DmPnP 8A4A21F8 Device \Driver\dmio \Device\DmControl\DmInfo 8A4A21F8 Device \Driver\usbohci \Device\USBPDO-1 8A2E81F8 Device \Driver\usbehci \Device\USBPDO-2 8A2541F8 Device \Driver\usbehci \Device\USBPDO-3 8A2541F8 Device \Driver\usbohci \Device\USBPDO-4 8A2E81F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{6E4A6C94-9E48-4DA4-A4DD-E676CAB39729} 893AA1F8 Device \Driver\Ftdisk \Device\HarddiskVolume1 8A5141F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 8A5141F8 Device \Driver\Cdrom \Device\CdRom0 8A2EB1F8 Device \Driver\usbstor \Device\00000072 8A171500 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A5131F8 Device \Driver\atapi \Device\Ide\IdePort0 8A5131F8 Device \Driver\atapi \Device\Ide\IdePort1 8A5131F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 8A5131F8 Device \Driver\Ftdisk \Device\HarddiskVolume3 8A5141F8 Device \Driver\usbstor \Device\00000075 8A171500 Device \Driver\NetBT \Device\NetBt_Wins_Export 893AA1F8 Device \Driver\NetBT \Device\NetbiosSmb 893AA1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{C36CC828-BF07-431F-BD79-8D3C39787E00} 893AA1F8 Device \Driver\usbohci \Device\USBFDO-0 8A2E81F8 Device \Driver\usbohci \Device\USBFDO-1 8A2E81F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 893A51F8 Device \Driver\usbehci \Device\USBFDO-2 8A2541F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 893A51F8 Device \Driver\usbohci \Device\USBFDO-3 8A2E81F8 Device \Driver\usbehci \Device\USBFDO-4 8A2541F8 Device \Driver\Ftdisk \Device\FtControl 8A5141F8 Device \FileSystem\Cdfs \Cdfs 89B25500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x7D 0x94 0xD3 0xED ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x7D 0x94 0xD3 0xED ... ---- EOF - GMER 1.0.15 ----