GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-04-14 18:33:03 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-16 ST3250310AS rev.3.AAF 232,88GB Running: 8bft2y6w.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\kwtdypog.sys ---- System - GMER 2.1 ---- SSDT spkn.sys ZwCreateKey [0xF74E40E0] SSDT spkn.sys ZwEnumerateKey [0xF74FCDA4] SSDT spkn.sys ZwEnumerateValueKey [0xF74FD132] SSDT spkn.sys ZwOpenKey [0xF74E40C0] SSDT spkn.sys ZwQueryKey [0xF74FD20A] SSDT spkn.sys ZwQueryValueKey [0xF74FD08A] SSDT spkn.sys ZwSetValueKey [0xF74FD29C] INT 0x62 ? 8A660BF8 INT 0x63 ? 8A546BF8 INT 0x73 ? 8A660BF8 INT 0x73 ? 8A660BF8 INT 0x73 ? 8A660BF8 INT 0x73 ? 8A660BF8 INT 0x73 ? 8A546BF8 INT 0x73 ? 8A660BF8 INT 0x82 ? 8A660BF8 INT 0x83 ? 8A546BF8 INT 0xA4 ? 8A546BF8 INT 0xB4 ? 8A546BF8 INT 0xB4 ? 8A546BF8 INT 0xB4 ? 8A546BF8 INT 0xB4 ? 8A546BF8 ---- Kernel code sections - GMER 2.1 ---- ? spkn.sys Nie można odnaleźć określonego pliku. ! ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 8A65F1F8 Device \FileSystem\Fastfat \FatCdrom 89E1D500 AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys Device \Driver\PCI_PNP7216 \Device\00000050 spkn.sys Device \Driver\PCI_PNP7216 \Device\00000050 spkn.sys Device \Driver\usbuhci \Device\USBPDO-0 8A5BA1F8 Device \Driver\usbuhci \Device\USBPDO-1 8A5BA1F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A6CF1F8 Device \Driver\dmio \Device\DmControl\DmConfig 8A6CF1F8 Device \Driver\dmio \Device\DmControl\DmPnP 8A6CF1F8 Device \Driver\dmio \Device\DmControl\DmInfo 8A6CF1F8 Device \Driver\sptd \Device\2953150966 spkn.sys Device \Driver\usbuhci \Device\USBPDO-2 8A5BA1F8 Device \Driver\usbehci \Device\USBPDO-3 8A5AA1F8 Device \Driver\usbehci \Device\USBPDO-4 8A5AA1F8 AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys Device \Driver\usbuhci \Device\USBPDO-5 8A5BA1F8 Device \Driver\usbuhci \Device\USBPDO-6 8A5BA1F8 Device \Driver\Ftdisk \Device\HarddiskVolume1 8A6611F8 Device \Driver\usbuhci \Device\USBPDO-7 8A5BA1F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 8A6611F8 Device \Driver\Cdrom \Device\CdRom0 8A5A01F8 Device \Driver\atapi \Device\Ide\IdePort0 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort4 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort5 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-16 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-7 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Cdrom \Device\CdRom1 8A5A01F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{7942FC38-5073-4E75-BD1C-21664F964B68} 89E4F500 Device \Driver\NetBT \Device\NetBt_Wins_Export 89E4F500 Device \Driver\NetBT \Device\NetbiosSmb 89E4F500 Device \Driver\USBSTOR \Device\00000087 89C3F500 Device \Driver\USBSTOR \Device\00000088 89C3F500 AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys Device \Driver\usbuhci \Device\USBFDO-0 8A5BA1F8 Device \Driver\usbuhci \Device\USBFDO-1 8A5BA1F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89E451F8 Device \Driver\usbuhci \Device\USBFDO-2 8A5BA1F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 89E451F8 Device \Driver\usbehci \Device\USBFDO-3 8A5AA1F8 Device \Driver\usbuhci \Device\USBFDO-4 8A5BA1F8 Device \Driver\Ftdisk \Device\FtControl 8A6611F8 Device \Driver\usbuhci \Device\USBFDO-5 8A5BA1F8 Device \Driver\usbuhci \Device\USBFDO-6 8A5BA1F8 Device \Driver\usbehci \Device\USBFDO-7 8A5AA1F8 Device \Driver\a85weguw \Device\Scsi\a85weguw1Port6Path0Target0Lun0 8A4F81F8 Device \Driver\a85weguw \Device\Scsi\a85weguw1 8A4F81F8 Device \FileSystem\Fastfat \Fat 89E1D500 Device \FileSystem\Cdfs \Cdfs 89E14500 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spkn.sys >>UNKNOWN [0x8a680938]<< 8a680938 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5dcab8] 8a5dcab8 Trace 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000007c[0x8a5df9e8] 8a5df9e8 Trace 5 ACPI.sys[f74a2620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-16[0x8a587940] 8a587940 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\Obrazy p?yt\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD1 0x43 0x82 0x52 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x57 0x70 0xEF 0xF3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x15 0x78 0x81 0x3D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7A 0xCD 0xCD 0x9D ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\Obrazy p?yt\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD1 0x43 0x82 0x52 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x57 0x70 0xEF 0xF3 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x15 0x78 0x81 0x3D ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7A 0xCD 0xCD 0x9D ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG11.00.00.01WORKSTATION FD09C224B11E692E2197CAA8AB057583FD21B13205111B83B7848CE69171468227CD7D1C2B172B3EE9814516680D47EF497E285D24DAAC6062FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D8EDD5E5BE2F6E667A9C6AECB7A5D1407BDE2291C060217577809FCF8D954028CC12CE73057566CD49D07F8EB7A9B078570B9559BC0C19FA1E3AD917D1147BB8FCC548F74AAA34D13B21DEEB1B2315FA156D41532496DE905D4463BFC2C05A9C5D62F9245F32F89F0CA01F6CDD2DA1FA4B67E3122F12832741617CA2153BCDC98481E6CD14AD52E6B1053D311033F6ABD1EB1D883158756F53497F6652F8F0C0251B87B1C4968699272E42FA3ECFE8BB2DC1D9AC30E15D6A400F3DB9C6C161211634585F80EA9918AA4BC947F43276F5D07A4ECA0BE505BAD0F8D75E83EDAEE6AB3453013BBD11C8C1E1674F2B6BFA6AA745F2B2E0CA92D53B9F8A8C4D95D4543BD6687E6F80E27E31A5D23A10040651BC11A1055DC87B9EB1EFEB9FB78105B69BE11FA47F07DF171973859835B1785C54FD1BE501FC412E29C9A543158D99CB9395DDED951335FA8597A33E008A383D140BD3C31C2AEED355B7E86D63A161829F29868984D397813E630B15949BB00FDFCC17159BD07A676C20DC138641400BE7645B3D09C896 ---- EOF - GMER 2.1 ----