GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-25 18:56:11 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e SAMSUNG_HM500JI rev.2AC101C4 465,76GB Running: ct6ehf5p.exe; Driver: C:\DOCUME~1\Borowicz\USTAWI~1\Temp\pxtdapod.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\PSINReg.sys ZwCreateKey [0xA83F96AE] SSDT \SystemRoot\system32\DRIVERS\PSINReg.sys ZwOpenKey [0xA83F9592] SSDT \SystemRoot\system32\DRIVERS\PSINProc.sys ZwTerminateProcess [0xA84157CC] INT 0x62 ? 8AA3ECB8 INT 0x73 ? 8AA3ECB8 INT 0x84 ? 8A9F9CB8 INT 0x94 ? 8A9F9CB8 INT 0x94 ? 8A9F9CB8 INT 0x94 ? 8A9F9CB8 INT 0xA4 ? 8A9F9CB8 INT 0xA4 ? 8A9F9CB8 INT 0xA4 ? 8A9F9CB8 INT 0xA4 ? 8A9F9CB8 ---- Kernel code sections - GMER 2.1 ---- ? 33333970.sys Nie można odnaleźć określonego pliku. ! .sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xB9F4AB2E] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[2092] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D5545 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2092] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9B99 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2092] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D1CD C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2092] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADC24 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2092] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 406146FC C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2092] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A7997 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2092] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A78C9 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2092] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A7934 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2092] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A779A C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2092] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A77FC C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2092] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A79FA C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2092] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A785E C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2092] ole32.dll!CoCreateInstance 774EF1D4 5 Bytes JMP 406ADC80 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2092] ole32.dll!OleLoadFromStream 7751988B 5 Bytes JMP 407A7CFF C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3316] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D5545 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3316] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADC24 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3316] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A7997 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3316] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A78C9 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3316] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A7934 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3316] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A779A C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3316] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A77FC C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3316] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A79FA C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3316] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A785E C:\WINDOWS\system32\IEFRAME.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 8A9F81E8 AttachedDevice \Driver\Tcpip \Device\Ip {b99c8534-7800-48fa-bd71-519a46cdc7e1}t.sys AttachedDevice \Driver\Tcpip \Device\Ip NNSPihs.sys Device \FileSystem\81548713 \Device\KLMD22012015_02100401_B 33333970.sys Device \Driver\usbuhci \Device\USBPDO-0 8A5FD430 Device \Driver\usbuhci \Device\USBPDO-1 8A5FD430 Device \Driver\usbehci \Device\USBPDO-2 8A5F3430 Device \Driver\usbehci \Device\USBPDO-3 8A5F3430 Device \Driver\usbuhci \Device\USBPDO-4 8A5FD430 AttachedDevice \Driver\Tcpip \Device\Tcp {b99c8534-7800-48fa-bd71-519a46cdc7e1}t.sys AttachedDevice \Driver\Tcpip \Device\Tcp NNSPihs.sys Device \Driver\usbuhci \Device\USBPDO-5 8A5FD430 Device \Driver\usbuhci \Device\USBPDO-6 8A5FD430 Device \Driver\Cdrom \Device\CdRom0 8A7D62C8 Device \Driver\atapi \Device\Ide\IdePort0 [B9DE5B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9DE5B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B9DE5B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B9DE5B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\00001744 \Device\KLMD22012015_02100401 33333970.sys Device \Driver\NetBT \Device\NetBt_Wins_Export 8A6B4430 Device \Driver\NetBT \Device\NetbiosSmb 8A6B4430 AttachedDevice \Driver\Tcpip \Device\Udp {b99c8534-7800-48fa-bd71-519a46cdc7e1}t.sys AttachedDevice \Driver\Tcpip \Device\Udp NNSPihs.sys AttachedDevice \Driver\Tcpip \Device\RawIp NNSPihs.sys AttachedDevice \Driver\Tcpip \Device\RawIp {b99c8534-7800-48fa-bd71-519a46cdc7e1}t.sys Device \Driver\usbuhci \Device\USBFDO-0 8A5FD430 Device \Driver\usbuhci \Device\USBFDO-1 8A5FD430 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A8A4430 Device \Driver\usbehci \Device\USBFDO-2 8A5F3430 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A8A4430 Device \Driver\usbuhci \Device\USBFDO-3 8A5FD430 Device \Driver\usbuhci \Device\USBFDO-4 8A5FD430 Device \Driver\usbuhci \Device\USBFDO-5 8A5FD430 Device \Driver\usbehci \Device\USBFDO-6 8A5F3430 Device \Driver\NetBT \Device\NetBT_Tcpip_{26DA6D8D-2735-43AA-9301-779D19FF1443} 8A6B4430 Device \FileSystem\Cdfs \Cdfs 8A660430 ---- EOF - GMER 2.1 ----