GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-07-18 13:31:30 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10 ST3500320AS rev.SD1A Running: c8utc956.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\uxliyuoc.sys ---- System - GMER 1.0.15 ---- SSDT sppn.sys ZwCreateKey [0xBA6B50E0] SSDT sppn.sys ZwEnumerateKey [0xBA6CDDA4] SSDT sppn.sys ZwEnumerateValueKey [0xBA6CE132] SSDT sppn.sys ZwOpenKey [0xBA6B50C0] SSDT sppn.sys ZwQueryKey [0xBA6CE20A] SSDT sppn.sys ZwQueryValueKey [0xBA6CE08A] SSDT sppn.sys ZwSetValueKey [0xBA6CE29C] INT 0x63 ? 89DE4BF8 INT 0x63 ? 89DE4BF8 INT 0x63 ? 89DE4BF8 INT 0x63 ? 89DE4BF8 INT 0x63 ? 89DE4BF8 INT 0x83 ? 89DE4BF8 INT 0x83 ? 89DE4BF8 INT 0x83 ? 89C39BF8 INT 0x84 ? 89C39BF8 INT 0x94 ? 89C39BF8 INT 0xA4 ? 89C39BF8 INT 0xA4 ? 89C39BF8 INT 0xA4 ? 89C39BF8 INT 0xA4 ? 89C39BF8 INT 0xB4 ? 89C39BF8 ---- Kernel code sections - GMER 1.0.15 ---- ? sppn.sys Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9EAC360, 0x32E00D, 0xE8000020] .text USBPORT.SYS!DllUnload B9E8D62C 5 Bytes JMP 89C391D8 ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\plugin-container.exe[444] USER32.dll!TrackPopupMenu 7E3B526E 5 Bytes JMP 104089D7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\WINDOWS\Explorer.EXE[1912] kernel32.dll!CreateProcessInternalW 7C819724 5 Bytes JMP 00B7859F .text C:\Program Files\Mozilla Firefox\firefox.exe[3900] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6B6042] sppn.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6B613E] sppn.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6B60C0] sppn.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6B6800] sppn.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6B66D6] sppn.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6C5B90] sppn.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 89DE31F8 Device \Driver\usbuhci \Device\USBPDO-0 89C38500 Device \Driver\dmio \Device\DmControl\DmIoDaemon 89E541F8 Device \Driver\dmio \Device\DmControl\DmConfig 89E541F8 Device \Driver\dmio \Device\DmControl\DmPnP 89E541F8 Device \Driver\dmio \Device\DmControl\DmInfo 89E541F8 Device \Driver\usbuhci \Device\USBPDO-1 89C38500 Device \Driver\usbuhci \Device\USBPDO-2 89C38500 Device \Driver\usbehci \Device\USBPDO-3 89C273D8 Device \Driver\usbuhci \Device\USBPDO-4 89C38500 Device \Driver\usbuhci \Device\USBPDO-5 89C38500 Device \Driver\usbuhci \Device\USBPDO-6 89C38500 Device \Driver\Ftdisk \Device\HarddiskVolume1 89DE51F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{99823368-26FB-454A-8A59-59CDB580A99C} 89AEC500 Device \Driver\usbehci \Device\USBPDO-7 89C273D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 89DE51F8 Device \Driver\Cdrom \Device\CdRom0 89B5B1F8 Device \Driver\atapi \Device\Ide\IdePort0 89DE41F8 Device \Driver\atapi \Device\Ide\IdePort1 89DE41F8 Device \Driver\atapi \Device\Ide\IdePort2 89DE41F8 Device \Driver\atapi \Device\Ide\IdePort3 89DE41F8 Device \Driver\atapi \Device\Ide\IdePort4 89DE41F8 Device \Driver\atapi \Device\Ide\IdePort5 89DE41F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 89DE41F8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-10 89DE41F8 Device \Driver\Ftdisk \Device\HarddiskVolume3 89DE51F8 Device \Driver\usbstor \Device\00000076 89B9D500 Device \Driver\NetBT \Device\NetBt_Wins_Export 89AEC500 Device \Driver\usbstor \Device\00000078 89B9D500 Device \Driver\usbstor \Device\00000079 89B9D500 Device \Driver\NetBT \Device\NetbiosSmb 89AEC500 Device \Driver\usbuhci \Device\USBFDO-0 89C38500 Device \Driver\usbstor \Device\0000007a 89B9D500 Device \Driver\usbuhci \Device\USBFDO-1 89C38500 Device \Driver\usbstor \Device\0000007b 89B9D500 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89AAE500 Device \Driver\usbuhci \Device\USBFDO-2 89C38500 Device \FileSystem\MRxSmb \Device\LanmanRedirector 89AAE500 Device \Driver\usbehci \Device\USBFDO-3 89C273D8 Device \Driver\usbuhci \Device\USBFDO-4 89C38500 Device \Driver\Ftdisk \Device\FtControl 89DE51F8 Device \Driver\usbuhci \Device\USBFDO-5 89C38500 Device \Driver\usbuhci \Device\USBFDO-6 89C38500 Device \Driver\usbehci \Device\USBFDO-7 89C273D8 Device \FileSystem\Cdfs \Cdfs 894841F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2F 0xFD 0x42 0x14 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2F 0xFD 0x42 0x14 ... ---- EOF - GMER 1.0.15 ----