GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-06-17 13:46:04 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250410AS rev.0006HPM1 Running: 68eqjqii.exe; Driver: C:\Users\aspazja\AppData\Local\Temp\pwliapod.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 824893C9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 824C2D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ? System32\Drivers\spyc.sys System nie może odnaleźć określonej ścieżki. ! .text USBPORT.SYS!DllUnload 8B31EDB9 5 Bytes JMP 84F914E0 PAGE peauth.sys A2760B9B 72 Bytes [67, E8, 87, A3, B3, A5, BB, ...] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [86CA6042] \SystemRoot\System32\Drivers\spyc.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [86CA66D6] \SystemRoot\System32\Drivers\spyc.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [86CA6800] \SystemRoot\System32\Drivers\spyc.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [86CA613E] \SystemRoot\System32\Drivers\spyc.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 848091F8 Device \Driver\volmgr \Device\VolMgrControl 83F2D1F8 Device \Driver\usbuhci \Device\USBPDO-0 85015500 Device \Driver\ACPI_HAL \Device\00000045 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) Device \Driver\usbuhci \Device\USBPDO-1 85015500 Device \Driver\usbuhci \Device\USBPDO-2 85015500 Device \Driver\usbuhci \Device\USBPDO-3 85015500 Device \Driver\usbehci \Device\USBPDO-4 85070500 Device \Driver\volmgr \Device\HarddiskVolume1 83F2D1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume2 83F2D1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 83F2F1F8 Device \Driver\atapi \Device\Ide\IdePort0 83F2F1F8 Device \Driver\atapi \Device\Ide\IdePort1 83F2F1F8 Device \Driver\msahci \Device\Ide\PciIde0Channel0 83F301F8 Device \Driver\msahci \Device\Ide\PciIde0Channel1 83F301F8 Device \Driver\volmgr \Device\HarddiskVolume3 83F2D1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\NetBT \Device\NetBt_Wins_Export 850B31F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{1FFEC035-1FED-44F0-AAD2-511704ABE95F} 850B31F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{8A66785E-9836-48AB-9746-9722749F95C3} 850B31F8 Device \Driver\usbuhci \Device\USBFDO-0 85015500 Device \Driver\usbuhci \Device\USBFDO-1 85015500 Device \Driver\usbuhci \Device\USBFDO-2 85015500 Device \Driver\usbuhci \Device\USBFDO-3 85015500 Device \Driver\usbehci \Device\USBFDO-4 85070500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 ---- EOF - GMER 1.0.15 ----