GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-02-25 06:49:37 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10 SAMSUNG_HD250HJ rev.FH100-06 Running: b4i44moc.exe; Driver: C:\DOCUME~1\Pc\USTAWI~1\Temp\fxldqpob.sys ---- System - GMER 1.0.15 ---- SSDT spyt.sys ZwCreateKey [0xB9EAB0E0] SSDT spyt.sys ZwEnumerateKey [0xB9EC8CA2] SSDT spyt.sys ZwEnumerateValueKey [0xB9EC9030] SSDT spyt.sys ZwOpenKey [0xB9EAB0C0] SSDT spyt.sys ZwQueryKey [0xB9EC9108] SSDT spyt.sys ZwQueryValueKey [0xB9EC8F88] SSDT spyt.sys ZwSetValueKey [0xB9EC919A] INT 0x73 ? 89B7BBF8 INT 0x83 ? 89DBBBF8 INT 0x83 ? 89DBBBF8 INT 0x83 ? 89B7BBF8 INT 0x83 ? 89DBBBF8 INT 0x84 ? 89B7BBF8 INT 0xA4 ? 89B7BBF8 INT 0xB4 ? 89DBBBF8 INT 0xB4 ? 89DBBBF8 INT 0xB4 ? 89DBBBF8 INT 0xB4 ? 89DBBBF8 INT 0xB4 ? 89B7BBF8 INT 0xB4 ? 89DBBBF8 ---- Kernel code sections - GMER 1.0.15 ---- ? spyt.sys Nie można odnaleźć określonego pliku. ! .text USBPORT.SYS!DllUnload B93D68AC 5 Bytes JMP 89B7B1D8 init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xA8E74A00] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EAC040] spyt.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EAC13C] spyt.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EAC0BE] spyt.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EAC7FC] spyt.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EAC6D2] spyt.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EBBD92] spyt.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 89DBA1F8 Device \FileSystem\Fastfat \FatCdrom 89B16500 Device \Driver\usbuhci \Device\USBPDO-0 89B761F8 Device \Driver\usbuhci \Device\USBPDO-1 89B761F8 Device \Driver\usbehci \Device\USBPDO-2 89C211F8 Device \Driver\usbuhci \Device\USBPDO-3 89B761F8 Device \Driver\usbuhci \Device\USBPDO-4 89B761F8 Device \Driver\usbuhci \Device\USBPDO-5 89B761F8 Device \Driver\usbehci \Device\USBPDO-6 89C211F8 Device \Driver\Ftdisk \Device\HarddiskVolume1 89E2A1F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 89E2A1F8 Device \Driver\Cdrom \Device\CdRom0 89B5B1F8 Device \Driver\atapi \Device\Ide\IdePort0 [B9E24B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B9E24B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [B9E24B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [B9E24B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort4 [B9E24B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort5 [B9E24B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 [B9E24B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-10 [B9E24B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Ftdisk \Device\HarddiskVolume3 89E2A1F8 Device \Driver\Ftdisk \Device\HarddiskVolume4 89E2A1F8 Device \Driver\usbuhci \Device\USBFDO-0 89B761F8 Device \Driver\usbuhci \Device\USBFDO-1 89B761F8 Device \Driver\usbehci \Device\USBFDO-2 89C211F8 Device \Driver\usbuhci \Device\USBFDO-3 89B761F8 Device \Driver\Ftdisk \Device\FtControl 89E2A1F8 Device \Driver\usbuhci \Device\USBFDO-4 89B761F8 Device \Driver\usbuhci \Device\USBFDO-5 89B761F8 Device \Driver\usbehci \Device\USBFDO-6 89C211F8 Device \FileSystem\Fastfat \Fat 89B16500 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 898C9500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x25 0x5C 0x6A 0x40 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x25 0x5C 0x6A 0x40 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x25 0x5C 0x6A 0x40 ... ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\$NtUninstallKB29167$\1720522594 0 bytes File C:\WINDOWS\$NtUninstallKB29167$\1720522594\L 0 bytes File C:\WINDOWS\$NtUninstallKB29167$\1720522594\U 0 bytes File C:\WINDOWS\$NtUninstallKB29167$\1856541435 0 bytes ---- EOF - GMER 1.0.15 ----