GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-01-27 14:04:46 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3250410AS rev.3.AAF 232,89GB Running: ih7cup48.exe; Driver: C:\DOCUME~1\Klient\USTAWI~1\Temp\kgwyifog.sys ---- System - GMER 2.1 ---- SSDT d347bus.sys ZwClose [0xB7E83818] SSDT d347bus.sys ZwCreateKey [0xB7E837D0] SSDT d347bus.sys ZwCreatePagingFile [0xB7E77A20] SSDT d347bus.sys ZwEnumerateKey [0xB7E782A8] SSDT d347bus.sys ZwEnumerateValueKey [0xB7E83910] SSDT d347bus.sys ZwOpenKey [0xB7E83794] SSDT d347bus.sys ZwQueryKey [0xB7E782C8] SSDT d347bus.sys ZwQueryValueKey [0xB7E83866] SSDT d347bus.sys ZwSetSystemPowerState [0xB7E830B0] SSDT spig.sys ZwSetValueKey [0xB7ECE29C] INT 0x63 ? 89A84BF8 INT 0x73 ? 89DE4BF8 INT 0x73 ? 89DE4BF8 INT 0x73 ? 89DE4BF8 INT 0x73 ? 89DE4BF8 INT 0x73 ? 89A84BF8 INT 0x73 ? 89DE4BF8 INT 0x83 ? 89DE6F00 INT 0x83 ? 89A84BF8 INT 0x83 ? 89DE6F00 INT 0x94 ? 89A84BF8 INT 0xB4 ? 89A84BF8 ---- Kernel code sections - GMER 2.1 ---- ? spig.sys Nie można odnaleźć określonego pliku. ! ? System nie może odnaleźć określonej ścieżki. ! .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB69A9380, 0x566445, 0xE8000020] init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xB3ECCA00] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Winamp Remote\bin\OrbTray.exe[792] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 5 Bytes JMP 00413C70 C:\Program Files\Winamp Remote\bin\OrbTray.exe .text C:\WINDOWS\Explorer.EXE[1688] SHELL32.dll!StrStrW 7C9CEF18 8 Bytes [80, 11, 60, 19, C0, 11, 60, ...] {ADC BYTE [ECX], 0x60; SBB EAX, EAX; ADC [EAX+0x19], ESP} ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 89DE21F8 AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS AttachedDevice \FileSystem\Ntfs \Ntfs 8979A250 Device \FileSystem\Fastfat \FatCdrom 899B11F8 Device \FileSystem\Fastfat \FatCdrom 88308E78 Device \FileSystem\InCDfs \InCDFsDisk 89E46298 Device \Driver\sptd \Device\1556159006 spig.sys Device \Driver\usbuhci \Device\USBPDO-0 89A831F8 Device \Driver\usbuhci \Device\USBPDO-1 89A831F8 Device \Driver\usbehci \Device\USBPDO-2 89A821F8 Device \Driver\usbuhci \Device\USBPDO-3 89A831F8 Device \Driver\usbuhci \Device\USBPDO-4 89A831F8 Device \Driver\usbuhci \Device\USBPDO-5 89A831F8 Device \Driver\usbehci \Device\USBPDO-6 89A821F8 Device \Driver\Ftdisk \Device\HarddiskVolume1 89E561F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 89E561F8 Device \Driver\Cdrom \Device\CdRom0 899732C8 Device \FileSystem\Rdbss \Device\FsWrap 89D6C700 Device \Driver\Cdrom \Device\CdRom1 899732C8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 89969300 Device \Driver\atapi \Device\Ide\IdePort0 89969300 Device \Driver\atapi \Device\Ide\IdePort1 89969300 Device \Driver\atapi \Device\Ide\IdePort2 89969300 Device \Driver\atapi \Device\Ide\IdePort3 89969300 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 89969300 Device \Driver\Ftdisk \Device\HarddiskVolume3 89E561F8 Device \Driver\USBSTOR \Device\00000073 89A8F1F8 Device \Driver\Cdrom \Device\CdRom2 899732C8 Device \Driver\USBSTOR \Device\00000074 89A8F1F8 Device \Driver\USBSTOR \Device\00000075 89A8F1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{567D3F5B-67F1-406D-93A6-42CB417E3255} 899C2500 Device \Driver\USBSTOR \Device\00000076 89A8F1F8 Device \Driver\USBSTOR \Device\00000077 89A8F1F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 899C2500 Device \Driver\PCI_PNP2756 \Device\0000003f spig.sys Device \FileSystem\InCDfs \Device\InCDfsComm 89E46298 Device \Driver\NetBT \Device\NetbiosSmb 899C2500 Device \FileSystem\Srv \Device\LanmanServer 899BCAE0 Device \Driver\usbuhci \Device\USBFDO-0 89A831F8 Device \Driver\usbuhci \Device\USBFDO-1 89A831F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 899D2500 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 897AD778 Device \Driver\usbehci \Device\USBFDO-2 89A821F8 Device \Driver\usbuhci \Device\USBFDO-3 89A831F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 899D2500 Device \FileSystem\MRxSmb \Device\LanmanRedirector 897AD778 Device \FileSystem\Npfs \Device\NamedPipe 897EC718 Device \Driver\Ftdisk \Device\FtControl 89E561F8 Device \Driver\usbuhci \Device\USBFDO-4 89A831F8 Device \FileSystem\Msfs \Device\Mailslot 897A6030 Device \Driver\usbuhci \Device\USBFDO-5 89A831F8 Device \Driver\usbehci \Device\USBFDO-6 89A821F8 Device \Driver\d347prt \Device\Scsi\d347prt1Port5Path0Target0Lun0 89949820 Device \Driver\ahqh8nel \Device\Scsi\ahqh8nel1 897A4008 Device \Driver\ahqh8nel \Device\Scsi\ahqh8nel1Port6Path0Target0Lun0 897A4008 Device \Driver\JRAID \Device\Scsi\JRAID1 89E551F8 Device \Driver\d347prt \Device\Scsi\d347prt1 89949820 Device \FileSystem\Fastfat \Fat 899B11F8 Device \FileSystem\Fastfat \Fat 88308E78 AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS AttachedDevice \FileSystem\Fastfat \Fat 8979A250 Device \FileSystem\InCDfs \GLOBAL??\BsUDF 89E46298 Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 897A5BE8 Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 897A5BE8 Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 897A5BE8 Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 897A5BE8 Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 897A5BE8 Device \FileSystem\Cdfs \Cdfs 89AEF1F8 Device \FileSystem\Cdfs \Cdfs 89E41DC8 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89969300]<< 89969300 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89d7aab8] 89d7aab8 Trace 3 CLASSPNP.SYS[b80f8fd7] -> nt!IofCallDriver -> \Device\00000068[0x89e42f18] 89e42f18 Trace 5 ACPI.sys[b7e4d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89d82940] 89d82940 Trace \Driver\atapi[0x89e41f38] -> IRP_MJ_CREATE -> 0x89969300 89969300 ---- Modules - GMER 2.1 ---- Module _________ (FILE NOT FOUND) B7DFF000-B7E17000 (98304 bytes) ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x86 0x56 0x96 0x90 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDD 0xF6 0xD7 0x38 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAA 0xD2 0xB4 0x23 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x86 0x56 0x96 0x90 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDD 0xF6 0xD7 0x38 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAA 0xD2 0xB4 0x23 ... ---- Files - GMER 2.1 ---- File C:\Program Files\Maxis\The Sims\UserData\Web Templates\English UK\LotTemplates\familyhome.html 21223 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\English UK\LotTemplates\familyhomepagetxt.jpg 9640 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\English UK\LotTemplates\familyhometxt.jpg 9490 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\English UK\LotTemplates\familymemberstxt.jpg 8600 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\English UK\LotTemplates\familymembertxt.jpg 9273 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\English UK\LotTemplates\familymemberX.html 12392 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\English UK\LotTemplates\familyphotoalbumtxt.jpg 9780 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\English UK\LotTemplates\house.html 12995 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\English UK\LotTemplates\logo.jpg 24817 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\English UK\LotTemplates\personalstatstxt.jpg 8543 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\English UK\LotTemplates\scrapbookX.html 17045 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\English UK\LotTemplates\scrapbook_popupX.html 5735 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\English UK\NeighborhoodGFX\addressback.jpg 14154 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\English UK\NeighborhoodGFX\addressback_next_a.jpg 5514 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\English UK\NeighborhoodGFX\addressback_next_b.jpg 5527 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\English UK\NeighborhoodGFX\addressback_prev_a.jpg 5538 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\English UK\NeighborhoodGFX\addressback_prev_b.jpg 5520 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\English UK\NeighborhoodGFX\addressbottom.jpg 5986 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\English UK\NeighborhoodGFX\addressside.jpg 4939 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\English UK\NeighborhoodGFX\bar.jpg 0 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\English UK\NeighborhoodGFX\border.gif 807 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\English UK\NeighborhoodGFX\border.jpg 4753 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\English UK\NeighborhoodGFX\border54.gif 821 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\English UK\NeighborhoodGFX\divider.jpg 5251 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\English UK\NeighborhoodGFX\family_b.jpg 6384 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\English UK\NeighborhoodGFX\house_b.jpg 6387 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\English UK\NeighborhoodGFX\photo_b.jpg 6493 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\English UK\NeighborhoodGFX\sbbottom.jpg 7146 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\English UK\NeighborhoodGFX\yellowback.jpg 5393 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\addressbooktxt.jpg 9818 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane 0 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane\addressbooktxt.jpg 9818 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane\bar.jpg 5152 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane\bar2.jpg 5111 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane\border.bmp 60 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane\border.gif 807 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane\border39.bmp 212 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane\border39.gif 819 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane\bottom.gif 869 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane\familyhome.html 21223 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane\familyhomepagetxt.jpg 9640 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane\familyhometxt.jpg 9295 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane\familymemberstxt.jpg 8406 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane\familymembertxt.jpg 9111 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane\familymemberX.html 12392 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane\familyphotoalbumtxt.jpg 9656 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane\family_b.jpg 6384 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane\family_c.jpg 6986 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane\house.html 12995 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane\housefloor1off.jpg 5948 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane\housefloor1on.jpg 5941 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane\housefloor2dis.jpg 5689 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane\housefloor2off.jpg 6130 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane\housefloor2on.jpg 6066 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane\houseroofoff.jpg 6595 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane\houseroofon.jpg 6597 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane\house_a.jpg 7011 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane\house_b.jpg 6387 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane\house_c.jpg 6904 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane\leftarrowdown.gif 920 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane\leftarrowup.gif 927 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane\logo.jpg 24815 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane\nh5.jpg 14617 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane\onepixel.gif 43 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane\personalstatstxt.jpg 8397 bytes File C:\Program Files\Maxis\The Sims\UserData\Web Templates\Finnish\0_Sim_Lane\photo_a.jpg 0 bytes ---- EOF - GMER 2.1 ----