GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-09-17 20:05:22 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST340015A rev.3.01 Running: 46clfcvl.exe; Driver: C:\DOCUME~1\Woliccy\USTAWI~1\Temp\kwadqfog.sys ---- System - GMER 1.0.15 ---- SSDT spzj.sys ZwCreateKey [0xF7D670E0] SSDT spzj.sys ZwEnumerateKey [0xF7D7FDA4] SSDT spzj.sys ZwEnumerateValueKey [0xF7D80132] SSDT spzj.sys ZwOpenKey [0xF7D670C0] SSDT spzj.sys ZwQueryKey [0xF7D8020A] SSDT spzj.sys ZwQueryValueKey [0xF7D8008A] SSDT spzj.sys ZwSetValueKey [0xF7D8029C] INT 0x62 ? 82BDDBF8 INT 0x63 ? 82A63BF8 INT 0x63 ? 82A63BF8 INT 0x63 ? 82A63BF8 INT 0x63 ? 82A63BF8 INT 0x63 ? 82A63BF8 INT 0x63 ? 82A63BF8 INT 0x82 ? 82BDDBF8 ---- Kernel code sections - GMER 1.0.15 ---- ? spzj.sys Nie można odnaleźć określonego pliku. ! .text USBPORT.SYS!DllUnload F735B8AC 5 Bytes JMP 82A631D8 ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[3772] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 011D0C00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3772] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01407B4C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3772] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01407B29 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3772] kernel32.dll!ValidateLocale + B130 7C844958 7 Bytes JMP 011D3FAC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3772] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 0132B77F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3772] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01407AAA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82B722D8 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7D92DDC] spzj.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7D92E30] spzj.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7D68042] spzj.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7D6813E] spzj.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7D680C0] spzj.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7D68800] spzj.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F7D686D6] spzj.sys IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82A632D8 IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7D77B90] spzj.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 82BDC1F8 Device \Driver\usbuhci \Device\USBPDO-0 82A231F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{D62A2794-30E4-42F3-A020-FF246AF3040E} 828791F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 82B701F8 Device \Driver\dmio \Device\DmControl\DmConfig 82B701F8 Device \Driver\dmio \Device\DmControl\DmPnP 82B701F8 Device \Driver\dmio \Device\DmControl\DmInfo 82B701F8 Device \Driver\usbuhci \Device\USBPDO-1 82A231F8 Device \Driver\usbuhci \Device\USBPDO-2 82A231F8 Device \Driver\usbuhci \Device\USBPDO-3 82A231F8 Device \Driver\usbehci \Device\USBPDO-4 829F61F8 Device \Driver\Ftdisk \Device\HarddiskVolume1 82BDE1F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 82BDE1F8 Device \Driver\Cdrom \Device\CdRom0 82A391F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7CBAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 [F7CBAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F7CBAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F7CBAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBt_Wins_Export 828791F8 Device \Driver\NetBT \Device\NetbiosSmb 828791F8 Device \Driver\usbuhci \Device\USBFDO-0 82A231F8 Device \Driver\usbuhci \Device\USBFDO-1 82A231F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 828591F8 Device \Driver\usbuhci \Device\USBFDO-2 82A231F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 828591F8 Device \Driver\usbuhci \Device\USBFDO-3 82A231F8 Device \Driver\usbehci \Device\USBFDO-4 829F61F8 Device \Driver\Ftdisk \Device\FtControl 82BDE1F8 Device \FileSystem\Cdfs \Cdfs 828301F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x99 0x9A 0xED 0x4F ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x99 0x9A 0xED 0x4F ... ---- EOF - GMER 1.0.15 ----