GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-04-29 12:03:19 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD2500BEVT-22A23T0 rev.01.01A01 232,89GB Running: gmer.exe; Driver: C:\DOCUME~1\dalewa\USTAWI~1\Temp\fwayrpog.sys ---- System - GMER 2.1 ---- SSDT spir.sys ZwCreateKey [0xB9EB50E0] SSDT spir.sys ZwEnumerateKey [0xB9ECDDA4] SSDT spir.sys ZwEnumerateValueKey [0xB9ECE132] SSDT spir.sys ZwOpenKey [0xB9EB50C0] SSDT spir.sys ZwQueryKey [0xB9ECE20A] SSDT spir.sys ZwQueryValueKey [0xB9ECE08A] SSDT spir.sys ZwSetValueKey [0xB9ECE29C] INT 0x62 ? 8AD13BF8 INT 0x63 ? 8AB02BF8 INT 0x73 ? 8AD13BF8 INT 0x73 ? 8AD13BF8 INT 0x73 ? 8AB02BF8 INT 0x73 ? 8AD13BF8 INT 0x82 ? 8AD13BF8 INT 0x94 ? 8AB02BF8 INT 0xA4 ? 8AB02BF8 INT 0xB4 ? 8AB02BF8 ---- Kernel code sections - GMER 2.1 ---- ? spir.sys Nie można odnaleźć określonego pliku. ! ---- Devices - GMER 2.1 ---- Device 8AD111F8 Device Ntfs.sys Device 897CC1F8 Device Fastfat.SYS Device \Driver\usbstor \Device\0000009b 897F6500 AttachedDevice \Driver\Tcpip \Device\Ip netfilter.sys Device \Driver\usbehci \Device\USBPDO-0 8AAE61F8 Device \Driver\usbuhci \Device\USBPDO-1 8AB011F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8ADBE1F8 Device \Driver\dmio \Device\DmControl\DmConfig 8ADBE1F8 Device \Driver\dmio \Device\DmControl\DmPnP 8ADBE1F8 Device \Driver\dmio \Device\DmControl\DmInfo 8ADBE1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{5BFFBC88-B700-4183-87D5-D4A6DA85C80C} 898DE1F8 Device \Driver\usbuhci \Device\USBPDO-2 8AB011F8 Device \Driver\usbuhci \Device\USBPDO-3 8AB011F8 Device \Driver\usbuhci \Device\USBPDO-4 8AB011F8 AttachedDevice \Driver\Tcpip \Device\Tcp netfilter.sys Device \Driver\usbehci \Device\USBPDO-5 8AAE61F8 Device \Driver\usbuhci \Device\USBPDO-6 8AB011F8 Device \Driver\Ftdisk \Device\HarddiskVolume1 8ADBF1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{E2F92B2C-ECB1-4414-BAF0-8C84B4BAAEB7} 898DE1F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 8ADBF1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBt_Wins_Export 898DE1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{617439A6-D24D-4C97-9830-E95182471908} 898DE1F8 Device \Driver\NetBT \Device\NetbiosSmb 898DE1F8 AttachedDevice \Driver\Tcpip \Device\Udp netfilter.sys AttachedDevice \Driver\Tcpip \Device\RawIp netfilter.sys Device \Driver\usbuhci \Device\USBFDO-0 8AB011F8 Device \Driver\usbuhci \Device\USBFDO-1 8AB011F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 898BE1F8 Device \Driver\usbehci \Device\USBFDO-2 8AAE61F8 Device 898BE1F8 Device \Driver\usbuhci \Device\USBFDO-3 8AB011F8 Device \Driver\usbuhci \Device\USBFDO-4 8AB011F8 Device \Driver\Ftdisk \Device\FtControl 8ADBF1F8 Device \Driver\usbuhci \Device\USBFDO-5 8AB011F8 Device \Driver\usbehci \Device\USBFDO-6 8AAE61F8 Device \Driver\usbstor \Device\0000009a 897F6500 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spir.sys >>UNKNOWN [0x8ad51938]<< 8ad51938 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aca6030] 8aca6030 Trace 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000073[0x8acb5178] 8acb5178 Trace 5 ACPI.sys[b9e73620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ac7e940] 8ac7e940 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6F 0xF9 0x16 0x1F ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6F 0xF9 0x16 0x1F ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x28 0x9E 0xBA 0x1D ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x52 0x0A 0x92 0x55 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6F 0xF9 0x16 0x1F ... ---- EOF - GMER 2.1 ----