GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-07-20 23:39:40 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c SAMSUNG_HD502HI rev.1AG01118 465,76GB Running: gmer.exe; Driver: T:\TEMP\ugtdypow.sys ---- System - GMER 2.1 ---- SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys ZwCreateKey [0xB815B948] SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys ZwDeleteKey [0xB815BC9C] SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys ZwDeleteValueKey [0xB815BCDC] SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys ZwOpenKey [0xB815BAEE] SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys ZwOpenProcess [0xB815A55E] SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys ZwSetValueKey [0xB815BC40] ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB73063C0, 0x74AA7A, 0xE8000020] init C:\WINDOWS\system32\drivers\mpfilt.sys entry point in "init" section [0xB85CE2A0] ---- Devices - GMER 2.1 ---- Device \Driver\Tcpip \Device\Ip GDTdiIcpt.sys Device \Driver\Tcpip \Device\Tcp GDTdiIcpt.sys Device \Driver\Tcpip \Device\Udp GDTdiIcpt.sys Device \Driver\Tcpip \Device\RawIp GDTdiIcpt.sys Device \Driver\Tcpip \Device\IPMULTICAST GDTdiIcpt.sys AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\Control\Video\{234F9AB0-86E6-407A-8C70-72531012EB21}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet001\Control\Video\{6C1792B3-2FAA-4FD8-8DFE-4C279EC6F2F3}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{234F9AB0-86E6-407A-8C70-72531012EB21}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{6C1792B3-2FAA-4FD8-8DFE-4C279EC6F2F3}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{077ACEC7-979C-40AB-9835-435BA1511E0D}@FriendlyName Windows Media Files Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{077ACEC7-979C-40AB-9835-435BA1511E0D}@ComponentGUID {077ACEC7-979C-40AB-9835-435BA1511E0D} Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{077ACEC7-979C-40AB-9835-435BA1511E0D}@Version 655360 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{077ACEC7-979C-40AB-9835-435BA1511E0D}@Sub-Version 3802 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{077ACEC7-979C-40AB-9835-435BA1511E0D}@ExceptionInfName C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}\MPPRE10.inf Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{077ACEC7-979C-40AB-9835-435BA1511E0D}@ExceptionCatalogName C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}\mppre10.cat Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{30C7234B-6482-4A55-A11D-ECD9030313F2}@FriendlyName Windows Media Files Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{30C7234B-6482-4A55-A11D-ECD9030313F2}@ComponentGUID {30C7234B-6482-4A55-A11D-ECD9030313F2} Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{30C7234B-6482-4A55-A11D-ECD9030313F2}@Version 655360 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{30C7234B-6482-4A55-A11D-ECD9030313F2}@Sub-Version 3802 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{30C7234B-6482-4A55-A11D-ECD9030313F2}@ExceptionInfName C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDM10.inf Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{30C7234B-6482-4A55-A11D-ECD9030313F2}@ExceptionCatalogName C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\wmdm10.cat Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{981FB688-E76B-4246-987B-92083185B90A}@FriendlyName Windows Media Files Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{981FB688-E76B-4246-987B-92083185B90A}@ComponentGUID {981FB688-E76B-4246-987B-92083185B90A} Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{981FB688-E76B-4246-987B-92083185B90A}@Version 655360 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{981FB688-E76B-4246-987B-92083185B90A}@Sub-Version 3802 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{981FB688-E76B-4246-987B-92083185B90A}@ExceptionInfName C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\WPD10.inf Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{981FB688-E76B-4246-987B-92083185B90A}@ExceptionCatalogName C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpd10.cat Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{A47B3654-48EE-48A5-B629-97D70175E58F}@FriendlyName Windows Media Files Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{A47B3654-48EE-48A5-B629-97D70175E58F}@ComponentGUID {A47B3654-48EE-48A5-B629-97D70175E58F} Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{A47B3654-48EE-48A5-B629-97D70175E58F}@Version 655360 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{A47B3654-48EE-48A5-B629-97D70175E58F}@Sub-Version 3802 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{A47B3654-48EE-48A5-B629-97D70175E58F}@ExceptionInfName C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\codecs10.inf Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{A47B3654-48EE-48A5-B629-97D70175E58F}@ExceptionCatalogName C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\codecs10.cat Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}@FriendlyName Windows Media Files Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}@ComponentGUID {AAC1D942-0B38-4E37-9E4E-5B96A9DD2170} Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}@Version 655360 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}@Sub-Version 3802 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}@ExceptionInfName C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMFSDK10.inf Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}@ExceptionCatalogName C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmfsdk10.cat Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}@FriendlyName Windows Media Files Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}@ComponentGUID {C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77} Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}@Version 655360 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}@Sub-Version 3802 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}@ExceptionInfName C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\DRM10.inf Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}@ExceptionCatalogName C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drm10.cat Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Mass Storage Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Mass Storage@DeviceInterface {53F5630D-B6BF-11D0-94F2-00A0C91EFB8B} Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Portable Audio Players Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Portable Audio Players@DeviceInterface {F33FDC04-D1AC-4E8E-9A30-19BBD4B108AE} Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Portable Audio Players@FilterParameter UseExtendedWmdm Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Windows CE Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Windows CE@DeviceInterface {25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835} Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Windows CE RNDIS Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Windows CE RNDIS@DeviceInterface {ad498944-762f-11d0-8dcb-00c04fc3358c} Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Zune Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Zune@DeviceInterface {CA3D7387-F67B-11DA-BBEC-8000600FE800} Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Zune@FilterParameter UseExtendedWmdm Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\ZuneIp Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\ZuneIp@DeviceInterface {DF400EBC-C2FB-4cbb-9F59-BB1CD22BBEDF} Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\ZuneIp@FilterParameter UseExtendedWmdm Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDevices\WinCEDevice Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDevices\WinCEDevice@DeviceInterface {25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835} Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDevices\WinCEDevice@WMDMSPCLSID {067B4B81-B1EC-489f-B111-940EBDC44EBE} Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDevices\WinCEDeviceRNDIS Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDevices\WinCEDeviceRNDIS@DeviceInterface {ad498944-762f-11d0-8dcb-00c04fc3358c} Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDevices\WinCEDeviceRNDIS@WMDMSPCLSID {067B4B81-B1EC-489f-B111-940EBDC44EBE} Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDevices\ZuneDevice Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDevices\ZuneDevice@DeviceInterface {CA3D7387-F67B-11DA-BBEC-8000600FE800} Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDevices\ZuneDevice@WMDMSPCLSID {63DF72F9-C6BD-40B2-9590-6CD8D468C9D7} Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDevices\ZuneDeviceIp Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDevices\ZuneDeviceIp@DeviceInterface {DF400EBC-C2FB-4cbb-9F59-BB1CD22BBEDF} Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDevices\ZuneDeviceIp@WMDMSPCLSID {63DF72F9-C6BD-40B2-9590-6CD8D468C9D7} Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SCP\SCPTRANS@ProgID MsScp.SCPTRANS.1 ---- EOF - GMER 2.1 ----