GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-04-09 21:11:25 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HM060HI rev.YD100-15 55,89GB Running: Gmer.exe; Driver: C:\DOCUME~1\Boss\USTAWI~1\Temp\kfxyypob.sys ---- System - GMER 2.2 ---- INT 0x62 ? 89E00CB8 INT 0x82 ? 89E00CB8 INT 0x84 ? 89E45CB8 INT 0x94 ? 89E45CB8 INT 0xA4 ? 89E45CB8 ---- Kernel code sections - GMER 2.2 ---- ? owssqr.sys Nie można odnaleźć określonego pliku. ! .sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xB9F55FEE] ---- Devices - GMER 2.2 ---- Device \FileSystem\Ntfs \Ntfs 89E441F8 Device \FileSystem\Udfs \UdfsCdRom 899FD440 Device \FileSystem\Udfs \UdfsDisk 899FD440 Device \Driver\NetBT \Device\NetBT_Tcpip_{C7544966-5F34-466B-8A20-4E8ACE4DBE20} 89DBA440 Device \Driver\usbehci \Device\USBPDO-0 89BBE1F8 Device \Driver\usbuhci \Device\USBPDO-1 89C8A1F8 Device \Driver\usbuhci \Device\USBPDO-2 89C8A1F8 Device \Driver\usbuhci \Device\USBPDO-3 89C8A1F8 Device \Driver\usbuhci \Device\USBPDO-4 89C8A1F8 Device \Driver\Cdrom \Device\CdRom0 89C521F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9E1BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 [B9E1BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B9E1BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B9E1BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBt_Wins_Export 89DBA440 Device \Driver\USBSTOR \Device\00000091 899EC440 Device \Driver\NetBT \Device\NetbiosSmb 89DBA440 Device \Driver\USBSTOR \Device\00000094 899EC440 Device \Driver\usbuhci \Device\USBFDO-0 89C8A1F8 Device \Driver\usbuhci \Device\USBFDO-1 89C8A1F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89A0E440 Device \Driver\usbuhci \Device\USBFDO-2 89C8A1F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 89A0E440 Device \Driver\usbuhci \Device\USBFDO-3 89C8A1F8 Device \Driver\usbehci \Device\USBFDO-4 89BBE1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{7D7CE945-011B-48E2-8FD4-4269837395DF} 89DBA440 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x22 0xBA 0xD1 0x51 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEE 0xA2 0x92 0x9E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE6 0x77 0xCF 0xF9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x29 0x03 0xEC 0xBD ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x22 0xBA 0xD1 0x51 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEE 0xA2 0x92 0x9E ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE6 0x77 0xCF 0xF9 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x29 0x03 0xEC 0xBD ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\DAEMON Tools Lite\ ---- Files - GMER 2.2 ---- File C:\Documents and Settings\Boss\Ustawienia lokalne\Apps\2.0\HTE3JBVG.9ZL\B2Y240BE.QY3\ic_k...exe_4ed39de943e945a1_0002.0005_none_07bf8ae52f2752d8\ICRemoteHelp.exe (size mismatch) 3489872/4608080 bytes executable File C:\Documents and Settings\Boss\Ustawienia lokalne\Apps\2.0\HTE3JBVG.9ZL\B2Y240BE.QY3\ic_k...exe_4ed39de943e945a1_0002.0005_none_07bf87df2f275839\ICRemoteHelp.exe (size mismatch) 3489872/4608080 bytes executable ---- EOF - GMER 2.2 ----