GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-03-04 13:04:20 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST31000528AS rev.CC35 Running: qyuwmesx.exe; Driver: C:\DOCUME~1\ANTO~1\USTAWI~1\Temp\agrdrpog.sys ---- System - GMER 1.0.15 ---- SSDT spim.sys ZwCreateKey [0xB7EA70E0] SSDT spim.sys ZwEnumerateKey [0xB7EC5CA4] SSDT spim.sys ZwEnumerateValueKey [0xB7EC6032] SSDT spim.sys ZwOpenKey [0xB7EA70C0] SSDT spim.sys ZwQueryKey [0xB7EC610A] SSDT spim.sys ZwQueryValueKey [0xB7EC5F8A] SSDT spim.sys ZwSetValueKey [0xB7EC619C] INT 0x62 ? 8A699BF8 INT 0x63 ? 8A50DBF8 INT 0x82 ? 8A699BF8 INT 0x83 ? 8A50DBF8 INT 0xB4 ? 8A50DBF8 ---- Kernel code sections - GMER 1.0.15 ---- ? spim.sys Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6C37360, 0x3D46A5, 0xE8000020] .text USBPORT.SYS!DllUnload B6BD58AC 5 Bytes JMP 8A50D1D8 ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[1732] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2540] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 326054C1 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation) .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2540] ole32.dll!OleLoadFromStream 7751981B 5 Bytes JMP 330BD62A C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3960] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 1040C35B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EA8042] spim.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EA813E] spim.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EA80C0] spim.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EA8800] spim.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EA86D6] spim.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EB7E9C] spim.sys ---- Devices - GMER 1.0.15 ---- Device 8A6981F8 Device Ntfs.sys (NT File System Driver/Microsoft Corporation) Device 8A2F6500 Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation) Device \Driver\usbuhci \Device\USBPDO-0 8A50C1F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A70A1F8 Device \Driver\dmio \Device\DmControl\DmConfig 8A70A1F8 Device \Driver\dmio \Device\DmControl\DmPnP 8A70A1F8 Device \Driver\dmio \Device\DmControl\DmInfo 8A70A1F8 Device \Driver\usbuhci \Device\USBPDO-1 8A50C1F8 Device \Driver\usbuhci \Device\USBPDO-2 8A50C1F8 Device \Driver\usbuhci \Device\USBPDO-3 8A50C1F8 Device \Driver\usbehci \Device\USBPDO-4 8A4D31F8 Device \Driver\Ftdisk \Device\HarddiskVolume1 8A69A1F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 8A69A1F8 Device \Driver\Cdrom \Device\CdRom0 8A4B51F8 Device \Driver\atapi \Device\Ide\IdePort0 [B7DFAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B7DFAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B7DFAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B7DFAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Ftdisk \Device\HarddiskVolume3 8A69A1F8 Device \Driver\Ftdisk \Device\HarddiskVolume4 8A69A1F8 Device \Driver\Ftdisk \Device\HarddiskVolume5 8A69A1F8 Device \Driver\USBSTOR \Device\00000069 89F38500 Device \Driver\NetBT \Device\NetBt_Wins_Export 89FAC500 Device \Driver\NetBT \Device\NetbiosSmb 89FAC500 Device \Driver\NetBT \Device\NetBT_Tcpip_{EFB84284-4821-4E87-A632-9CBE73AA059C} 89FAC500 Device \Driver\USBSTOR \Device\0000006b 89F38500 Device \Driver\USBSTOR \Device\0000006c 89F38500 Device \Driver\usbuhci \Device\USBFDO-0 8A50C1F8 Device \Driver\USBSTOR \Device\0000006d 89F38500 Device \Driver\usbuhci \Device\USBFDO-1 8A50C1F8 Device \Driver\USBSTOR \Device\0000006e 89F38500 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89FAE500 Device \Driver\usbuhci \Device\USBFDO-2 8A50C1F8 Device 89FAE500 Device \Driver\usbuhci \Device\USBFDO-3 8A50C1F8 Device \Driver\usbehci \Device\USBFDO-4 8A4D31F8 Device \Driver\Ftdisk \Device\FtControl 8A69A1F8 Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 ---- EOF - GMER 1.0.15 ----