GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2010-12-31 11:35:58 Windows 5.1.2600 Dodatek Service Pack. 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_SP2504C rev.VT100-50 Running: jlep3xxv.exe; Driver: C:\DOCUME~1\Misiek\USTAWI~1\Temp\pxtdrpow.sys ---- System - GMER 1.0.15 ---- SSDT sphl.sys ZwCreateKey [0xF77500E0] SSDT sphl.sys ZwEnumerateKey [0xF7768DA4] SSDT sphl.sys ZwEnumerateValueKey [0xF7769132] SSDT sphl.sys ZwOpenKey [0xF77500C0] SSDT sphl.sys ZwQueryKey [0xF776920A] SSDT sphl.sys ZwQueryValueKey [0xF776908A] SSDT sphl.sys ZwSetValueKey [0xF776929C] INT 0x62 ? 86771BF8 INT 0x73 ? 86771BF8 INT 0x73 ? 86771BF8 INT 0x73 ? 86771BF8 INT 0x82 ? 86771BF8 INT 0xB4 ? 86568BF8 INT 0xB4 ? 86568BF8 INT 0xB4 ? 86568BF8 INT 0xB4 ? 86568BF8 INT 0xB4 ? 86568BF8 INT 0xB4 ? 86568BF8 ---- Kernel code sections - GMER 1.0.15 ---- ? sphl.sys Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF64F03A0, 0x5A0025, 0xE8000020] .text USBPORT.SYS!DllUnload F64B2F88 5 Bytes JMP 865681D8 pnidata C:\WINDOWS\System32\DRIVERS\secdrv.sys unknown last section [0xB8010F00, 0x24000, 0x48000000] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[208] ntdll.dll!LdrLoadDll 77F55669 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 867E32D8 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F777BDDC] sphl.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F777BE30] sphl.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7751042] sphl.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F775113E] sphl.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F77510C0] sphl.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7751800] sphl.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F77516D6] sphl.sys IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[NTOSKRNL.EXE!DbgBreakPoint] 865682D8 IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7760B90] sphl.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 867701F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{286E543E-5B53-4C9E-AA09-C18CA55A25AC} 85FAF1F8 Device \Driver\usbuhci \Device\USBPDO-0 864A71F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 867E11F8 Device \Driver\dmio \Device\DmControl\DmConfig 867E11F8 Device \Driver\dmio \Device\DmControl\DmPnP 867E11F8 Device \Driver\dmio \Device\DmControl\DmInfo 867E11F8 Device \Driver\usbuhci \Device\USBPDO-1 864A71F8 Device \Driver\usbuhci \Device\USBPDO-2 864A71F8 Device \Driver\usbuhci \Device\USBPDO-3 864A71F8 Device \Driver\usbehci \Device\USBPDO-4 865501F8 Device \Driver\Ftdisk \Device\HarddiskVolume1 867721F8 Device \Driver\Cdrom \Device\CdRom0 8656A318 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F76BD510] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 [F76BD510] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F76BD510] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [F76BD510] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [F76BD510] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 [F76BD510] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\usbstor \Device\00000069 861FF500 Device \Driver\NetBT \Device\NetBt_Wins_Export 85FAF1F8 Device \Driver\NetBT \Device\NetbiosSmb 85FAF1F8 Device \Driver\usbstor \Device\0000006a 861FF500 Device \Driver\usbstor \Device\0000006b 861FF500 Device \Driver\usbstor \Device\0000006c 861FF500 Device \Driver\usbuhci \Device\USBFDO-0 864A71F8 Device \Driver\usbstor \Device\0000006d 861FF500 Device \Driver\usbuhci \Device\USBFDO-1 864A71F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85FA91F8 Device \Driver\usbuhci \Device\USBFDO-2 864A71F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 85FA91F8 Device \Driver\usbuhci \Device\USBFDO-3 864A71F8 Device \Driver\usbehci \Device\USBFDO-4 865501F8 Device \Driver\Ftdisk \Device\FtControl 867721F8 Device \FileSystem\Cdfs \Cdfs 8641F1F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x90 0x11 0x83 0xF8 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4F 0xC3 0x95 0xB6 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... ---- EOF - GMER 1.0.15 ----