GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-02-04 12:18:44 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-e Hitachi_HTS543225L9A300 rev.FBEOC40C 232,89GB Running: 1zsthmjn.exe; Driver: C:\DOCUME~1\kUlka\USTAWI~1\Temp\uxddqpog.sys ---- System - GMER 2.1 ---- SSDT sptd.sys ZwCreateKey [0xF72B3FA0] SSDT sptd.sys ZwEnumerateKey [0xF72E7698] SSDT sptd.sys ZwEnumerateValueKey [0xF72E7A26] SSDT sptd.sys ZwOpenKey [0xF72B3F80] SSDT sptd.sys ZwQueryKey [0xF72E7AFE] SSDT sptd.sys ZwQueryValueKey [0xF72E797E] SSDT sptd.sys ZwSetValueKey [0xF72E7B90] INT 0x62 ? 8AFF3CB8 INT 0x63 ? 8A4A6CB8 INT 0x83 ? 8AFF3CB8 INT 0x94 ? 8A4A6CB8 INT 0xA4 ? 8A4A6CB8 ---- Kernel code sections - GMER 2.1 ---- ? sptd.sys Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6630000, 0x218FD7, 0xE8000020] ? \Program Files\DAEMON Tools Lite\Engine.dll System nie może odnaleźć określonej ścieżki. ! ---- User code sections - GMER 2.1 ---- .text C:\program files\real\realplayer\update\realsched.exe[1144] kernel32.dll!SetUnhandledExceptionFilter 7C844935 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\Mozilla Firefox\firefox.exe[3404] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0172B780 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3404] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01F66EFD C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3404] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01F66EDA C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3404] kernel32.dll!ValidateLocale + B138 7C844930 7 Bytes JMP 01730836 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3404] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01F66E5B C:\Program Files\Mozilla Firefox\xul.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 8B0211E8 AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys Device \Driver\Tcpip \Device\Ip GDTdiIcpt.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys Device \Driver\usbohci \Device\USBPDO-0 8A52A1E8 Device \Driver\usbohci \Device\USBPDO-1 8A52A1E8 Device \Driver\usbehci \Device\USBPDO-2 8A49A1E8 Device \Driver\Tcpip \Device\Tcp GDTdiIcpt.sys Device \Driver\Cdrom \Device\CdRom0 8A4AF1E8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 [F71E2B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 [F71E2B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F71E2B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [F71E2B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [F71E2B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-e [F71E2B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBT_Tcpip_{13BA1503-9107-4BFF-B955-28B862C2DFAA} 8A1C5430 Device \Driver\NetBT \Device\NetBt_Wins_Export 8A1C5430 Device \Driver\NetBT \Device\NetbiosSmb 8A1C5430 Device \Driver\Tcpip \Device\Udp GDTdiIcpt.sys Device \Driver\Tcpip \Device\RawIp GDTdiIcpt.sys Device \Driver\usbohci \Device\USBFDO-0 8A52A1E8 Device \Driver\usbohci \Device\USBFDO-1 8A52A1E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A4041E8 Device \Driver\Tcpip \Device\IPMULTICAST GDTdiIcpt.sys Device \Driver\usbehci \Device\USBFDO-2 8A49A1E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A4041E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{5A36330D-4D5C-4A96-BC74-6F9A50349E76} 8A1C5430 Device \FileSystem\Cdfs \Cdfs 8A2ED430 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0xE7 0x3F 0x9B ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x27 0x26 0xDE 0x93 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA8 0xB1 0x67 0xBE ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) ---- EOF - GMER 2.1 ----