GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-01-16 00:12:23 Windows 5.1.2600 Dodatek Service Pack. 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541680J9SA00 rev.SB2OC70P Running: gmer.exe; Driver: C:\DOCUME~1\Deaf\USTAWI~1\Temp\kwayrfog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwConnectPort [0xEE27EE60] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xEE27B820] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateKey [0xEE286690] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreatePort [0xEE27F1F0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateWaitablePort [0xEE27F2D0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xEE27BEA0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteKey [0xEE2876A0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteValueKey [0xEE2872E0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0xEE2879E0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xEE27BCF0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0xEE287CD0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRequestWaitReplyPort [0xEE27EB00] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRestoreKey [0xEE287F80] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xEE27C010] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetValueKey [0xEE286E67] ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!_abnormal_termination + DB 804DE68D 3 Bytes [B8, 27, EE] ? srescan.sys Nie można odnaleźć określonego pliku. ! .text ntoskrnl.exe!_abnormal_termination + DB 804DE68D 3 Bytes [B8, 27, EE] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [EE283FD0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [EE283E70] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [EE283950] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [EE283AC0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [EE283AC0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [EE283950] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [EE283FD0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [EE283E70] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [EE283950] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [EE283FD0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [EE283E70] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [EE283AC0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [EE283FD0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [EE283E70] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [EE283950] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [EE283AC0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [EE283950] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [EE283E70] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [EE283FD0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [EE290FB0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [EE283950] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [EE283AC0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [EE283FD0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [EE283E70] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [EE27C570] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [EE27C4C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [EE27C670] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [EE27C1D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH) Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x61 0xB4 0x99 0x70 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x61 0xB4 0x99 0x70 ... ---- EOF - GMER 1.0.15 ----