GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-07-28 21:02:50 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.04.0 Running: to6i7c9r.exe; Driver: C:\Windows\Temp\kfldapoc.sys ---- System - GMER 1.0.15 ---- SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwClose [0xB9E75028] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwCreateKey [0xB9E74FE0] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwCreatePagingFile [0xB9E68B00] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xB9E695DC] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xB9E75120] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwOpenFile [0xB9E68B40] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwOpenKey [0xB9E74FA4] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwQueryKey [0xB9E695FC] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwQueryValueKey [0xB9E75076] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwSetSystemPowerState [0xB9E74550] SSDT spzu.sys ZwSetValueKey [0xB9EC719A] INT 0x62 ? 8A0CEBF8 INT 0x63 ? 894EFBF8 INT 0x74 ? 894EFBF8 INT 0x82 ? 8A0CEBF8 INT 0x84 ? 894EFBF8 INT 0x94 ? 894EFBF8 INT 0xA4 ? 8A05FBF8 ---- Kernel code sections - GMER 1.0.15 ---- ? spzu.sys El sistema no puede hallar el archivo especificado. ! .text USBPORT.SYS!DllUnload B8B668AC 5 Bytes JMP 894EF1D8 ---- User code sections - GMER 1.0.15 ---- .text C:\Archivos de programa\Mobile Partner\Mobile Partner.exe[360] USER32.dll!GetSysColor 7E398E78 5 Bytes JMP 00452440 C:\Archivos de programa\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Archivos de programa\Mobile Partner\Mobile Partner.exe[360] USER32.dll!GetSysColorBrush 7E398EAB 5 Bytes JMP 004524A0 C:\Archivos de programa\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Archivos de programa\Mobile Partner\Mobile Partner.exe[360] USER32.dll!SetScrollInfo 7E399056 7 Bytes JMP 00452330 C:\Archivos de programa\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Archivos de programa\Mobile Partner\Mobile Partner.exe[360] USER32.dll!GetScrollInfo 7E3ADFE2 7 Bytes JMP 00452280 C:\Archivos de programa\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Archivos de programa\Mobile Partner\Mobile Partner.exe[360] USER32.dll!ShowScrollBar 7E3AF2F2 5 Bytes JMP 00452400 C:\Archivos de programa\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Archivos de programa\Mobile Partner\Mobile Partner.exe[360] USER32.dll!GetScrollPos 7E3AF704 5 Bytes JMP 004522C0 C:\Archivos de programa\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Archivos de programa\Mobile Partner\Mobile Partner.exe[360] USER32.dll!SetScrollPos 7E3AF750 5 Bytes JMP 00452370 C:\Archivos de programa\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Archivos de programa\Mobile Partner\Mobile Partner.exe[360] USER32.dll!GetScrollRange 7E3AF787 5 Bytes JMP 004522F0 C:\Archivos de programa\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Archivos de programa\Mobile Partner\Mobile Partner.exe[360] USER32.dll!SetScrollRange 7E3AF99B 5 Bytes JMP 004523B0 C:\Archivos de programa\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Archivos de programa\Mobile Partner\Mobile Partner.exe[360] USER32.dll!EnableScrollBar 7E3E8005 7 Bytes JMP 00452240 C:\Archivos de programa\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe[1208] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00] .text C:\Archivos de programa\Mozilla Firefox\firefox.exe[2436] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 00401410 C:\Archivos de programa\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EB9048] spzu.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A05D1F8 AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \Driver\usbuhci \Device\USBPDO-0 894DE1F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A0601F8 Device \Driver\dmio \Device\DmControl\DmConfig 8A0601F8 Device \Driver\dmio \Device\DmControl\DmPnP 8A0601F8 Device \Driver\dmio \Device\DmControl\DmInfo 8A0601F8 Device \Driver\usbuhci \Device\USBPDO-1 894DE1F8 Device \Driver\usbehci \Device\USBPDO-2 894C61F8 Device \Driver\usbehci \Device\USBPDO-3 894C61F8 Device \Driver\usbuhci \Device\USBPDO-4 894DE1F8 AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys Device \Driver\usbuhci \Device\USBPDO-5 894DE1F8 Device \Driver\usbuhci \Device\USBPDO-6 894DE1F8 Device \Driver\Ftdisk \Device\HarddiskVolume1 8A0D01F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 8A0D01F8 Device \Driver\CDRom \Device\CdRom0 895019E0 Device \FileSystem\Rdbss \Device\FsWrap 893317E0 Device \Driver\iastor \Device\Ide\iaStor0 [B9D416D0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 893FFB88 Device \Driver\atapi \Device\Ide\IdePort0 893FFB88 Device \Driver\atapi \Device\Ide\IdePort1 893FFB88 Device \Driver\iastor \Device\Ide\IAAStorageDevice-0 [B9D416D0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Ftdisk \Device\HarddiskVolume3 8A0D01F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 890C9408 Device \Driver\NetBT \Device\NetbiosSmb 890C9408 Device \Driver\NetBT \Device\NetBT_Tcpip_{475CF6C2-BA02-4F29-B4D2-EF02CB9F7294} 890C9408 Device \FileSystem\Srv \Device\LanmanServer 8929C138 Device \Driver\usbuhci \Device\USBFDO-0 894DE1F8 Device \Driver\usbuhci \Device\USBFDO-1 894DE1F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88B981F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89233AE8 Device \Driver\usbehci \Device\USBFDO-2 894C61F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 88B981F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 89233AE8 Device \Driver\usbuhci \Device\USBFDO-3 894DE1F8 Device \FileSystem\Npfs \Device\NamedPipe 89377E58 Device \Driver\usbuhci \Device\USBFDO-4 894DE1F8 Device \Driver\Ftdisk \Device\FtControl 8A0D01F8 Device \FileSystem\Msfs \Device\Mailslot 89122190 Device \Driver\usbuhci \Device\USBFDO-5 894DE1F8 Device \Driver\usbehci \Device\USBFDO-6 894C61F8 Device \Driver\VClone \Device\Scsi\VClone1 8A0CF1F8 Device \Driver\a347scsi \Device\Scsi\a347scsi1 8A05E1F8 Device \FileSystem\Fastfat \Fat 890D1500 Device \FileSystem\Fastfat \Fat 85A5C3C8 Device \FileSystem\Fastfat \Fat 987A4297 AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET) Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 89F95470 Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 89F95470 Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 89F95470 Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 89F95470 Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 89F95470 Device \FileSystem\Cdfs \Cdfs 891BE500 Device \FileSystem\Cdfs \Cdfs 893B3528 ---- Modules - GMER 1.0.15 ---- Module _________ B9CE5000-B9CFD000 (98304 bytes) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}@DisplayName Alcohol 120% ---- EOF - GMER 1.0.15 ----