GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-10-08 19:45:48 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-e FUJITSU_MHZ2320BH_G2 rev.8909 298,09GB Running: jkll9m9f.exe; Driver: C:\DOCUME~1\pdejko\USTAWI~1\Temp\kwlyraog.sys ---- System - GMER 2.1 ---- SSDT \??\C:\windows\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xA7D5E75C] INT 0x62 ? 8ABBCCC8 INT 0x74 ? 8A84FCC8 INT 0x82 ? 8ABBCCC8 INT 0x83 ? 8A84FCC8 INT 0x84 ? 8A84FCC8 INT 0x94 ? 8A84FCC8 INT 0xA4 ? 8A84FCC8 INT 0xB4 ? 8A84FCC8 ---- Kernel code sections - GMER 2.1 ---- .sptd1 C:\windows\system32\drivers\sptd.sys entry point in ".sptd1" section [0xF75BC346] .text C:\windows\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8EB2000, 0x273B67, 0xE8000020] ? C:\windows\System32\Drivers\arpuiqy4.SYS suspicious PE modification ? C:\windows\system32\Drivers\uphcleanhlp.sys Nie można odnaleźć określonego pliku. ! ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 8ABBB1F8 Device \Driver\usbuhci \Device\USBPDO-0 8A94C1F8 Device \Driver\PCI_PNP9612 \Device\00000051 sptd.sys Device \Driver\PCI_PNP9612 \Device\00000051 sptd.sys Device \Driver\usbuhci \Device\USBPDO-1 8A94C1F8 Device \Driver\usbuhci \Device\USBPDO-2 8A94C1F8 Device \Driver\usbehci \Device\USBPDO-3 8A93D430 Device \Driver\usbehci \Device\USBPDO-4 8A93D430 Device \Driver\usbuhci \Device\USBPDO-5 8A94C1F8 Device \Driver\usbuhci \Device\USBPDO-6 8A94C1F8 Device \Driver\usbuhci \Device\USBPDO-7 8A94C1F8 Device \Driver\Cdrom \Device\CdRom0 8A9731F8 Device \Driver\atapi \Device\Ide\IdePort0 [F7A40B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7A40B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F7A40B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F7A40B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBt_Wins_Export 8A072430 Device \Driver\NetBT \Device\NetbiosSmb 8A072430 Device \Driver\usbuhci \Device\USBFDO-0 8A94C1F8 Device \Driver\usbuhci \Device\USBFDO-1 8A94C1F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A1C71F8 Device \Driver\usbuhci \Device\USBFDO-2 8A94C1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{8BC35083-B55F-4044-B183-AA49DD6AB265} 8A072430 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A1C71F8 Device \Driver\usbehci \Device\USBFDO-3 8A93D430 Device \Driver\usbuhci \Device\USBFDO-4 8A94C1F8 Device \Driver\usbuhci \Device\USBFDO-5 8A94C1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{3D729D08-513C-4003-8D7B-73253E4F2731} 8A072430 Device \Driver\usbuhci \Device\USBFDO-6 8A94C1F8 Device \Driver\usbehci \Device\USBFDO-7 8A93D430 Device \Driver\arpuiqy4 \Device\Scsi\arpuiqy41Port2Path0Target0Lun0 8A970430 Device \Driver\arpuiqy4 \Device\Scsi\arpuiqy41 8A970430 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x70 0xE3 0x70 0x89 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x73 0xB6 0x62 0x99 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB6 0x4E 0x7F 0x18 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x70 0xE3 0x70 0x89 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x73 0xB6 0x62 0x99 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB6 0x4E 0x7F 0x18 ... ---- EOF - GMER 2.1 ----